Cyberwarfare by Russia
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov,[1] some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb (informatsionnoye protivoborstvo) as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."[2]
Online presence
US journalist Pete Earley described his interviews with former senior Russian intelligence officer Sergei Tretyakov, who defected to the United States in 2000:
Sergei would send an officer to a branch of New York Public Library where he could get access to the Internet without anyone knowing his identity. The officer would post the propaganda on various websites and send it in emails to US publications and broadcasters. Some propaganda would be disguised as educational or scientific reports. ... The studies had been generated at the Center by Russian experts. The reports would be 100% accurate [3]
Tretyakov did not specify the targeted web sites, but made clear they selected the sites which are most convenient for distributing the specific information. According to him, during his work in New York City in the end of the 1990s, one of the most frequent subjects was the War in Chechnya.[3]
According to a publication in Russian computer weekly Computerra, "just because it became known that anonymous editors are editing articles in English Wikipedia in the interests of UK and US intelligence and security services, it is also likely that Russian security services are involved in editing Russian Wikipedia, but this is not even interesting to prove it — because everyone knows that security bodies have a special place in structure of our [Russian] state"[4]
Cyberattacks
It has been claimed that Russian security services organized a number of denial of service attacks as a part of their cyber-warfare against other countries,[5] such as the 2007 cyberattacks on Estonia and the 2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan.[6] One identified young Russian hacker said that he was paid by Russian state security services to lead hacking attacks on NATO computers. He was studying computer sciences at the Department of the Defense of Information. His tuition was paid for by the FSB.[7]
Estonia
In April 2007, following a diplomatic row with Russia over a Soviet war memorial, Estonia was targeted by a series of cyberattacks on financial, media, and government websites which were taken down by an enormous volume of spam being transmitted by botnets in what is called a distributed denial-of-service attack. Online banking was made inaccessible, government employees were suddenly unable to communicate via e-mail, and media outlets could not distribute news. The attacks reportedly came from Russian IP addresses, online instructions were in Russian, and Estonian officials traced the systems controlling the cyberattacks back to Russia.[8][9] However, some experts held doubts that the attacks were carried out by the Russian government itself.[10] A year after the attack NATO founded the Cooperative Cyber Defence Centre of Excellence in Tallinn as a direct consequence of the attacks.[11]
France
In 2015, the Paris-based French broadcasting service TV5Monde was attacked by hackers who used malicious software to attack and destroy the network's systems and take all twelve of its channels off the air. The attack was initially claimed by a group calling themselves the "Cyber Caliphate" however a more in-depth investigation by French authorities revealed the attack on the network had links to APT28, a GRU-affiliated hacker group.[12][13] In May 2017, on the eve of the French presidential election, more than 20,000 e-mails belonging to the campaign of Emmanuel Macron were dumped on an anonymous file-sharing website, shortly after the campaign announced they had been hacked. Word of the leak spread rapidly through the Internet, facilitated by bots and spam accounts. An analysis by Flashpoint, an American cybersecurity firm, determined with "moderate confidence" that APT28 was the group behind the hacking and subsequent leak.[14]
Georgia
On 20 July 2008, the website of the Georgian president, Mikheil Saakashvili, was rendered inoperable for twenty-four hours by a series of denial of service attacks. Shortly after, the website of the National Bank of Georgia and the parliament were attacked by hackers who plastered images of Mikheil Saakashvili and former Nazi leader Adolf Hitler. During the war, many Georgian government servers were attacked and brought down, reportedly hindering communication and the dissemination of crucial information. According to technical experts, this is the first recorded instance in history of cyberattacks coinciding with an armed conflict.[15][16]
An independent US-based research institute US Cyber Consequences Unit report stated the attacks had "little or no direct involvement from the Russian government or military". According to the institute's conclusions, some several attacks originated from the PCs of multiple users located in Russia, Ukraine and Latvia. These users were willingly participating in cyberwarfare, being supporters of Russia during the 2008 South Ossetia war, while some other attacks also used botnets.[17][18]
Germany
In 2015, a high-ranking security official stated that it was "highly plausible" that a cybertheft of files from the German Parliamentary Committee investigating the NSA spying scandal, later published by WikiLeaks, was conducted by Russian hackers.[19][20] In late 2016, Bruno Kahl, president of the Bundesnachrichtendienst warned of data breaches and misinformation-campaigns steered by Russia.[21] According to Kahl, there are insights that cyberattacks occur with no other purpose than to create political uncertainty.[22][23] Süddeutsche Zeitung reported in February 2017 that a year-long probe by German intelligence "found no concrete proof of [Russian] disinformation campaigns targeting the government".[24] By 2020 however German investigators had collected enough evidence to identify one suspect.[25]
Hans-Georg Maaßen, head of the country's Federal Office for the Protection of the Constitution, noted "growing evidence of attempts to influence the [next] federal election" in September 2017 and "increasingly aggressive cyber espionage" against political entities in Germany.[26] The New York Times reported on September 21, 2017, three days before the German federal election, that there was little to suggest any Russian interference in the election.[27]
Kyrgyzstan
Beginning in mid-January 2009, Kyrgyzstan's two main ISPs came under a large-scale DDoS attack, shutting down websites and e-mail within the country, effectively taking the nation offline. The attacks came at a time when the country's president, Kurmanbek Bakiyev, was being pressured by both domestic actors and Russia to close a U.S. air base in Kyrgyzstan.[28] The Wall Street Journal reported the attacks had been carried out by a Russian "cyber-militia".[29]
Poland
A three-year pro-Russian disinformation campaign on Facebook with an audience of 4.5 million Poles was discovered in early 2019 by OKO.press and Avaaz. The campaign published fake news and supported three Polish pro-Russian politicians and their websites: Adam Andruszkiewicz, former leader of the ultra-nationalist and neo-fascist All-Polish Youth and, as of 2019, Secretary of State in the Polish Ministry of Digitisation; Janusz Korwin-Mikke; and Leszek Miller, an active member of the Polish United Workers' Party during the communist epoch and a prime minister of Poland during the post-communist epoch. Facebook responded to the analysis by removing some of the web pages.[30]
Ukraine
In March 2014, a Russian cyber weapon called Snake or "Ouroboros" was reported to have created havoc on Ukrainian government systems.[31] The Snake tool kit began spreading into Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE), as well as highly sophisticated Computer Network Attacks (CNA).[32]
From 2014 to 2016, according to CrowdStrike, the Russian APT Fancy Bear used Android malware to target the Ukrainian Army's Rocket Forces and Artillery. They distributed an infected version of an Android app whose original purpose was to control targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the X-Agent spyware and posted online on military forums. CrowdStrike claims the attack was successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the Ukrainian Armed Forces.[33]).[34] According to the Ukrainian army, this number is incorrect and that losses in artillery weapons "were way below those reported" and that these losses "have nothing to do with the stated cause".[35]
The U.S. government concluded after a study that a cyber attack caused a power outage in Ukraine which left more than 200,000 people temporarily without power. The Russian hacking group Sandworm or the Russian government were possibly behind the malware attack on the Ukrainian power grid as well as a mining company and a large railway operator in December 2015.[36][37][38][39][40][41]
2014 Ukrainian presidential election
Pro-Russian hackers launched a series of cyberattacks over several days to disrupt the May 2014 Ukrainian presidential election, releasing hacked emails, attempting to alter vote tallies, and delaying the final result with distributed denial-of-service (DDOS) attacks.[42][43] Malware that would have displayed a graphic declaring far-right candidate Dmytro Yarosh the electoral winner was removed from Ukraine's Central Election Commission less than an hour before polls closed. Despite this, Channel One Russia "reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission's website, even though it had never appeared there."[42][44] According to Peter Ordeshook: "These faked results were geared for a specific audience in order to feed the Russian narrative that has claimed from the start that ultra-nationalists and Nazis were behind the revolution in Ukraine."[42]
United Kingdom "Brexit" referendum
In the run up to the referendum on the United Kingdom exiting the European Union ("Brexit"), Prime Minister David Cameron suggested that Russia "might be happy" with a positive Brexit vote, while the Remain campaign accused the Kremlin of secretly backing a positive Brexit vote.[45] In December 2016, Ben Bradshaw MP claimed in Parliament that Russia had interfered in the Brexit referendum campaign.[46] In February 2017, Bradshaw called on the British intelligence service, Government Communications Headquarters, currently under Boris Johnson as Foreign Secretary, to reveal the information it had on Russian interference.[47] In April 2017, the House of Commons Public Administration and Constitutional Affairs Select Committee issued a report stating, in regard to the June 2016 collapse of the government's voter registration website less than two hours prior to the originally scheduled registration deadline (which was then extended), that "the crash had indications of being a DDOS 'attack.'" The report also stated that there was "no direct evidence" supporting "these allegations about foreign interference." A Cabinet Office spokeswoman responded to the report: "We have been very clear about the cause of the website outage in June 2016. It was due to a spike in users just before the registration deadline. There is no evidence to suggest malign intervention."[48][49]
In June 2017, it was reported by The Guardian that "Leave" campaigner Nigel Farage was a "person of interest" in the United States Federal Bureau of Investigation into Russian interference in the United States 2016 Presidential election.[50] In October 2017, Members of Parliament in the Culture, Media and Sport Committee demanded that Facebook, Twitter, Google and other social media corporations, to disclose all adverts and details of payments by Russia in the Brexit campaign.[51]
United States
In April 2015, CNN reported that "Russian hackers" had "penetrated sensitive parts of the White House" computers in "recent months." It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks as "among the most sophisticated attacks ever launched against U.S. government systems."[52]
In 2015, CNN reported that Russian hackers, likely working for the Russian government, are suspected in the State Department hack. Federal law enforcement, intelligence and congressional officials briefed on the investigation say the hack of the State Department email system is the "worst ever" cyberattack intrusion against a federal agency.[53]
In February 2016, senior Kremlin advisor and top Russian cyber official Andrey Krutskikh told the Russian national security conference in Moscow that Russia was working on new strategies for the "information arena" that was equivalent to testing a nuclear bomb and would "allow us to talk to the Americans as equals".[54]
In 2016, the release of hacked emails belonging to the Democratic National Committee, John Podesta, and Colin Powell, among others, through DCLeaks and WikiLeaks was said by private sector analysts[55] and US intelligence services[56] to have been of Russian origin.[57][58] Also, in December 2016, Republicans and Democrats on the Senate Committee on Armed Services called for "a special select committee to investigate Russian attempts to influence the presidential election".[59][60]
In 2018, the United States Computer Emergency Response Team released an alert warning that the Russian government was executing "a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks." It further noted that "[a]fter obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems."[61] The hacks targeted at least a dozen U.S. power plants, in addition to water processing, aviation, and government facilities.[62]
Venezuela
After the news website Runrun.es published a report on extrajudicial killings by the Bolivarian National Police, on 25 May 2019, the Venezuelan chapter of the Instituto de Prensa y Sociedad (IPYS), pointed out that the website was out of service due to an uncached request attack, denouncing that it originated from Russia.[63]
False alarms
On December 30, 2016, Burlington Electric Department, a Vermont utility company, announced that a code associated with the Russian hacking operation dubbed Grizzly Steppe had been found in their computers. Officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence warned executives of the financial, utility and transportation industries about the malware code.[64] The first report by The Washington Post left the impression that the grid had been penetrated, but the hacked computer was not attached to the grid. A later version attached this disclaimer to the top of its report correcting that impression: "Editor's Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid."[65]
See also
- Cyberwarfare by China
- Cyberwarfare in the United States
- List of cyber warfare forces
- Mueller Report
- Timeline of Russian interference in the 2016 United States elections
- Timeline of Russian interference in the 2016 United States elections (July 2016 – election day)
- Web brigades and Internet Research Agency (aka trolls from Olgino)
- Vaccine hesitancy
References
- State control over the internet, a talk show by Yevgenia Albats at the Echo of Moscow, January 22, 2006; interview with Andrei Soldatov and others
- "Military Power Publications". www.dia.mil. Retrieved 2017-09-25.
- Pete Earley, "Comrade J: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War", Penguin Books, 2007, ISBN 978-0-399-15439-3, pages 194-195
- Is there only one truth? Archived 2009-04-14 at the Wayback Machine by Kivy Bird, Computerra, 26 November 2008
- Cyberspace and the changing nature of warfare Archived 2008-12-03 at the Wayback Machine. Strategists must be aware that part of every political and military conflict will take place on the internet, says Kenneth Geers.
- "www.axisglobe.com". Archived from the original on 2016-08-17. Retrieved 1 August 2016.
- Andrew Meier, Black Earth. W. W. Norton & Company, 2003, ISBN 0-393-05178-1, pages 15-16.
- McGuinness, Damien (2017-04-27). "How a cyber attack transformed Estonia". BBC News. Retrieved 2018-02-24.
- "10 Years After the Landmark Attack on Estonia, Is the World Better Prepared for Cyber Threats?". Foreign Policy. 2017-04-27. Retrieved 2018-02-24.
- "Experts doubt Russian government launched DDoS attacks". SearchSecurity. 2018-02-23. Retrieved 2018-02-24.
- "NATO launches cyber defence centre in Estonia". Military Space News, Nuclear Weapons, Missile Defense. 2008-05-14. Retrieved 2018-02-24.
- Corera, Gordon (2016-10-10). "How France's TV5 was almost destroyed". BBC News. Retrieved 2018-03-10.
- "'Russian hackers' behind TV attack". BBC News. 2015-06-09. Retrieved 2018-03-10.
- "Researchers link Macron hack to APT28 with 'moderate confidence'". Cyberscoop. 2017-05-11. Retrieved 2018-03-10.
- Hart, Kim (2008-08-14). "Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar". Washington Post. Retrieved 2018-03-12.
- Markoff, John (2008-08-13). "Before the Gunfire, Cyberattacks". The New York Times. Retrieved 2018-03-12.
- Siobhan Gorman (18 August 2009). "Hackers Stole IDs for Attacks". WSJ.
- "Georgian cyber attacks launched by Russian crime gangs".
- "Russia behind hack on German parliament, paper reports". Deutsche Welle. Retrieved 30 January 2017.
- Wehner, Markus; Lohse, Eckart (11 December 2016). "Wikileaks: Sicherheitskreise: Russland hackte geheime Bundestagsakten". Faz.net. Frankfurter Allgemeine Zeitung. Retrieved 30 January 2017.
- "Vor Bundestagswahl: BND warnt vor russischen Hackerangriffen". SPIEGEL ONLINE. Retrieved 30 January 2017.
- "Was bedeuten die neuen Cyberangriffe für die Bundestagswahl?" (in German). 1 November 2016. Retrieved 30 January 2017.
- "BND-Präsident warnt vor Cyberangriffen aus Russland". Retrieved 30 January 2017.
- King, Esther (2017-02-07). "German intelligence finds no evidence of Russian meddling". Politico. Retrieved 2017-10-21.
- https://www.zdnet.com/google-amp/article/german-authorities-charge-russian-hacker-for-2015-bundestag-hack/
- "BfV: Russia is trying to destabilise Germany". AlJazeera. Retrieved 30 January 2017.
- Schwirtz, Michael (2017-09-21). "German Election Mystery: Why No Russian Meddling?". The New York Times. Retrieved 2017-10-21.
- Bradbury, Danny (2009-02-05). "Danny Bradbury investigates the cyberattack on Kyrgyzstan". the Guardian. Retrieved 2018-03-12.
- Rhoads, Christopher (2009-01-28). "Kyrgyzstan Knocked Offline". WSJ. Retrieved 2018-03-12.
- Flis, Daniel (2019-04-24). "Disinformation network on Facebook supported by Polish Deputy Minister of Digitization". vsquare.org. Archived from the original on 2019-06-02. Retrieved 2019-06-02.
- The Christian Science Monitor (12 March 2014). "Russia's cyber weapons hit Ukraine: How to declare war without declaring war". The Christian Science Monitor.
- Mazanec, Brain M. (2015). The Evolution of Cyber War. USA: University of Nebraska Press. pp. 221–222. ISBN 9781612347639.
- Ukraine's military denies Russian hack attack , Yahoo! News (6 January 2017)
- "Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units". CrowdStrike. 22 December 2016.
- Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software, Interfax-Ukraine (6 January 2017)
- "Malware Found Inside Downed Ukrainian Grid Management Points to Cyberattack". Motherboard. 2016-01-04.
- "SANS Industrial Control Systems Security Blog - Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered - SANS Institute". Retrieved 1 August 2016.
- "First known hacker-caused power outage signals troubling escalation". Ars Technica. 2016.
- "Ukraine power grid attacks continue but BlackEnergy malware ruled out".
- "U.S. government concludes cyber attack caused Ukraine power outage". Reuters. 25 February 2016. Retrieved 1 August 2016.
- "BlackEnergy malware activity spiked in runup to Ukraine power grid takedown". The Register. Retrieved 26 December 2016.
- Clayton, Mark (June 17, 2014). "Ukraine election narrowly avoided 'wanton destruction' from hackers". The Christian Science Monitor. Retrieved August 16, 2017.
- Watkins, Ali (August 14, 2017). "Obama team was warned in 2014 about Russian interference". Politico. Retrieved August 16, 2017.
- Kramer, Andrew E.; Higgins, Andrew (August 16, 2017). "In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking". The New York Times. Retrieved August 16, 2017.
- S Rosenberg, ‘EU referendum: What does Russia gain from Brexit?’ (26 June 2016) BBC News
- Highly probable' that Russia interfered in Brexit referendum, Labour MP says' (13 December 2016) Independent
- J Kanter and A Bienkov, 'Labour MPs think the government is hiding info about Russia interfering with Brexit' (23 February 2016) Business Insider
- Syal, Rajeev (2017-04-12). "Brexit: foreign states may have interfered in vote, report says". The Guardian. Retrieved 2017-10-21.
- Teffer, Peter (2017-04-12). "MPs and media create Brexit hacking scare". EUobserver. Retrieved 2017-10-21.
- 'Nigel Farage is 'person of interest' in FBI investigation into Trump and Russia' (2 June 2017) Guardian
- 'MPs order Facebook to hand over evidence of Russian election meddling' (24 October 2017) Telegraph
- Evan Perez; Shimon Prokupecz (8 April 2015). "How the U.S. thinks Russians hacked the White House". CNN. Retrieved 17 December 2016.
Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
- Evan Perez and Shimon Prokupecz. "Sources: State Dept Hack the 'worst ever'". CNN. Retrieved 2017-02-05.
- Ignatius, David (18 January 2017). "Russia's radical new strategy for information warfare". The Washington Post. Retrieved 22 March 2017.
- Thielman, Sam; Ackerman, Spencer (29 July 2016). "Cozy Bear and Fancy Bear: did Russians hack Democratic party and if so, why?". The Guardian.
- Ackerman, Spencer; Thielman, Sam (8 October 2016). "US officially accuses Russia of hacking DNC and interfering with election".
- Corera, Gordon (22 December 2016). "Can US election hack be traced to Russia?". BBC. Retrieved 23 December 2016.
- Gallagher, Sean. "Did the Russians "hack" the election? A look at the established facts". arstechnica. Retrieved 23 December 2016.
- Savage, David (18 December 2016). "'How much and what damage?' Senators call for a special committee to investigate Russian hacking". Los Angeles Times. Retrieved 20 December 2016.
- Nakashima, Ellen (22 December 2016). "Cybersecurity firm finds evidence that Russian military unit was behind DNC hack". The Washington Post. Retrieved 22 December 2016.
- https://www.us-cert.gov/ncas/alerts/TA18-074A
- Dlouhy, Jennifer; Riley, Michael (15 March 2018). "Russian Hackers Attacking U.S. Power Grid and Aviation, FBI Warns". Bloomberg.
- "Runrunes es víctima de ataques cibernéticos tras reportaje sobre las FAES" (in Spanish). Tal Cual. 27 May 2019.
- Eilperen, Juliet &, Entous, Adam (30 December 2016). "Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say". Washington Post. Retrieved 31 December 2016.
- Eilperin, Juliet; Entous, Adam (December 31, 2016). "Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say". Washington Post.
Further reading
- Spencer Ackerman and Sam Thielman, "US Officially Accuses Russia of Hacking DNC and Interfering with Election," The Guardian, October 8, 2016, accessed August 13, 2017, https://www.theguardian.com/technology/2016/oct/07/us-russia-dnc-hack-interfering-presidential-election
- Halpern, Sue, "The Drums of Cyberwar" (review of Andy Greenberg, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers, Doubleday, 2019, 348 pp.), The New York Review of Books, vol. LXVI, no. 20 (19 December 2019), pp. 14, 16, 20.