The extended SolarWinds hack by alleged state-backed Russian hackers is the latest sign of Moscow’s growing determination and improved technical capacity to disrupt and spy globally on cyberspace.
The hack, which has compromised parts of the US government, as well as technology companies, a hospital and a university, adds to an increasingly sophisticated and increasingly annoying series of online intrusions, demonstrating how cyber operations have become a key plate in Russia’s confrontation with the West, analysts and officials say.
Moscow’s relations with the West continue to deteriorate, and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Therefore, Russia, they say, is unlikely to withdraw from such tactics, even while facing US sanctions or countermeasures.
“For a country that is already perceived to be in conflict with the West in virtually every area except open military clashes, there is no incentive to leave any area that can offer an advantage,” said Keir Giles, senior consultant at Chatham House tank.
Russia’s field of cyber operations has grown in tandem with Moscow’s global ambitions: from cyber attacks on neighboring Estonia in 2007 to US and French electoral interference a decade later, to SolarWinds, seen as one of the worst-known hacks. of federal computer systems.
“We can certainly see that Russia is stepping on the gas of cyber operations,” said Sven Herpig, a former German government cybersecurity official and expert on the German independent think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, have grown in sophistication over the years,” he said.
Jamil Jaffer, a former White House and Justice Department official, said cyber operations have become “a significant part of [Russia’s] Play.”
“It allowed them to level up,” said Mr. Jaffer, senior vice president at IronNet Cybersecurity.
A Russian cyber attack suspect of the federal government has violated at least six cabinet departments. WSJ’s Gerald F. Seib explains what the hack means for the national security efforts of President-elect Joe Biden. Photo illustration: Laura Kammermann
Russia has consistently denied involvement in state-backed hacking campaigns, including SolarWinds,
claiming that the country does not carry out offensive cyber operations. In September, Russian President Vladimir Putin proposed resetting US-Russia information security relations.
“Russia is not involved in such attacks, especially in [SolarWinds]. We state this officially and resolutely, “Kremlin spokesman Dmitry Peskov said recently. “Any allegations of Russia’s involvement are completely unfounded and appear to be a continuation of a kind of blind Russophobia,” he said.
But analysts say Moscow has added hacking to its arsenal of so-called gray area activities – a type of war that stops effective firing – along with disinformation campaigns and the use of “little green men”, soldiers disguised in green uniforms. who appeared with Russian weapons on Ukrainian territory in 2014.
Jeffrey Edmonds, a former White House and Central Intelligence Agency studying Russia at the NAC, a nonprofit research organization advising the Pentagon, said Russia’s cyber operations have many simultaneous goals, including gathering information, testing capabilities, preparing for potential conflict by mapping the critical infrastructure of opponents and laying the groundwork for cyber negotiations.
Such operations are a relatively inexpensive and efficient way to conduct geopolitics, said Bilyana Lilly, a researcher at the Rand Corp. think tank. This is crucial for Russia, which faces considerable economic and demographic challenges and whose economy is smaller than Italy’s. A 2012 article in a Russian official military journal said that the “complete destruction of information infrastructure” in the United States or Russia could be carried out by a single battalion of 600 “intelligence warriors” at a cost of 100 million. USD.
The response to Moscow’s growing cyber activity has been a challenge. Washington’s retaliatory measures – sanctions, confiscation of property, diplomatic expulsions, and even the cyber equivalent of warning shots – seem to have done little to deter hacks.
“Russia does not see sanctions as an instrument of pressure, but as an instrument of punishment,” said Pavel Sharikov, a senior senior at the Institute for US and Canadian Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand that you don’t like what we do, but we don’t really care. ‘ “
US authorities and technology companies have reported several cases of Russian cyberattacks and attempted interference before the 2020 elections. The WSJ is exploring how Russian hackers and trolls have expanded their 2016 toolkit with new tactics.
In recent years, the so-called information confrontation has become an established part of Russia’s military doctrine, according to an article co-written by Rand’s Mrs. Lilly. In 2019, General Valery Gerasimov, Russia’s chief of staff, said that in modern warfare, cyberspace “offers opportunities for remote, hidden influence not only on critical information infrastructure but also on the country’s population, directly influencing national security.” .
Russia’s use of hacking to advance its geopolitical agenda initially focused mainly on targets from ex-Soviet countries. A 2007 cyber attack in Estonia has disrupted government, bank and newspaper websites. Subsequent attacks in Ukraine and Georgia destroyed power supplies, disrupted the media and targeted electoral infrastructure, officials said.
More recently, state-backed hackers have turned to the West. In 2014, they broke into the State Department’s unclassified e-mail system and a White House computer server and stole President Barack Obama’s unclassified program, U.S. officials said. In 2015, they entered the German parliament, according to German officials, in what experts consider the most significant hack in the country’s history.
Since its interference in the 2016 US elections, Russia has been accused of attacks on the French elections and the Pyeongchang Winter Olympics and the costly NotPetya malware attacks on corporate networks. This year, Western governments have accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied involvement.
As operations grew, the technical skills of Russian hackers improved, experts say.
In the 2007 Estonian attack, hackers used a relatively crude tool called “distributed denial of service”, which hit offline sites, flooding them with data, and did little to hide their traces, with some of them their IP addresses located in Russia.
More recent operations have used new reconnaissance tools and methods to cover up operations, including false flag tactics, to make it appear that another country was responsible.
In 2018, federal officials said Russian state-sponsored hackers broke into allegedly secure, “overhead” or isolated networks owned by US electricity services. In the SolarWinds hack, intruders secretly used a routine software update to gain access to hundreds of government and corporate systems that had not been detected for months.
However, some former US officials have said that Russia is far from impeccable in the cybersphere.
“They do not have a height of 10 meters. They are detectable, “said former CIA official Steven Hall, who oversaw US intelligence operations in the former Soviet Union and Eastern Europe.
Finally, how sophisticated Russia is in cybersecurity remains to be seen, said Bruce Potter, chief intelligence officer at cybersecurity company Expel. Nations are reluctant to implement the best cyber tools, as this would cause countries and companies to quickly fix a vulnerability.
“They just got down enough to do the job,” he said. “And they do their job.”
Write to Georgi Kantchev at [email protected] and Warren P. Strobel at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8