With SolarWinds Hack, Russian suspected hackers are once again flexing Spycraft muscles in Moscow

While the hack so far appears devoid of a destructive cyber attack, the use of the stormy tradecraft and an unprecedented set of digital tools serves as a powerful reminder of Russia’s cyber capabilities and its willingness to use them on a large scale, analysts say. The range of objectives – from the departments of trade, state and internal security to the National Institutes of Health – could provide Russian leaders with indispensable and secret information that can be used at a later stage.

Finally, the hack signals to the West that years of international sanctions have not prevented Russia’s global ambitions or discouraged its security apparatus from carrying out large-scale operations with impunity, analysts say.

“It’s always good to sneak into these systems and gather some information that you can use in the future. It is a classic industrial and political espionage, “said Andrei Soldatov, an expert and author of Russian intelligence agencies.

“Politically, this could be very important,” he said. “Such operations send a message that Russia has its strong intelligence agencies and that they cannot be slowed down by the Americans.”

Mark Galeotti, an expert on intelligence services in Russia and a senior associate colleague at the British think tank Royal United Services Institute, said the hack shows that Russia will continue its cyber operations without interruption.

“If you think the Americans are about to bring you in, as many in Russia do, you have no reason not to do your best,” he said.

The Kremlin has denied involvement in the hacks. Mr Putin’s spokesman Dmitry Peskov on Monday called the allegations “a continuation of blind Russophobia”. Russian officials said this week that the country was not conducting “offensive” operations in cyberspace. In his September statement, Mr Putin proposed that an agreement be reached “on the absence of the first strike with the use of [digital technologies] against each other. “

The leaders of the American intelligence services frequently recognize the extremely high level of cyber skills that Russian hackers possess, but they always say that they are not as good as what American spies can handle. A former senior US intelligence official said the hack should lead to a period of serious reflection on whether Russian hackers are superior, as a sincere acknowledgment that the US has fallen behind an opponent chief could lead to a necessary renewal to improve cyber capabilities and defense.

“People at the Pentagon don’t like to think that the Russians are superior to us in everything,” the former official said. “We play a game against opponents who are our equals, maybe our superiors, in the cyber realm.”

American and Russian experts say that since the hack does not appear to have altered or damaged data and no computer system or other infrastructure appears to have been damaged so far, it was a classic act of cyber espionage and a modern example of strong competition.

“Cyber ​​espionage is a legitimate activity of the state,” said Vladimir Frolov, a former senior Russian diplomat and political analyst in Moscow. “Every self-respecting state does that. With a similar opportunity to gather information about Russian targets, the NSA or CIA would not hesitate for a second. “

But the sheer magnitude of the Russian robbery is changing the dynamics of the act and should be taken into account in Washington’s potential response options, some US intelligence officials and security experts said.

“Under no circumstances did they exercise any discretion to comply with the standard of necessity or proportionality,” Chris Inglis, the former NSA deputy director, said in a discussion Thursday about the hack. “It’s crazy, it has an impact, it’s non-discriminatory.”

Russia’s cyber operations have evolved since 2016, when US intelligence found that Russia had intervened in the presidential election, which Moscow denies.

Four years ago, hackers relied primarily on spearphishing – an attack that involves pretending to be someone else to trick an email recipient into clicking on a malicious link – to steal credentials. connection. Recently, they have implemented several recognition tactics, such as password sprays, which target a wider network of people with automatic attempts to essentially guess passwords.

In the latest hack, instead of directly targeting organizations, hackers broke through a back door and used it as a trampoline to reach their marks. They slipped their malicious code into the legitimate software of a trusted software manufacturer – a company in Austin, Texas called SolarWinds Body.

and its software called Orion. Up to 18,000 companies have downloaded the malicious SolarWinds update.

While US government officials and cybersecurity experts have concluded that Russia is likely responsible for piracy, the real perpetrator behind the violations is less certain.

Some US officials and experts suspect that Russia’s foreign intelligence service, known by the initials SVR, was behind the breaches, although other security experts involved in the investigation of the attack of faith believe that a previously unknown cyber intelligence group in Russia be responsible.

Mr Soldatov said the hack could have been a joint operation between SVR and the Federal Security Service or FSB, Russia’s domestic intelligence agency, which is known for its extensive cyber capabilities and experience with similar hacks. he said. SVR, on the other hand, does not have the same cyber resources and technical expertise and would have been involved in providing information on how and where the hack took place, he added.

Another Russian security agency, military intelligence known as the GRU, has gained notoriety in recent years and has been linked to US authorities by cyber interference during the 2016 elections and other operations in the following years that destroyed Ukraine’s energy network. , exposed e-mails from the French president’s party and the deterioration of global systems.

Although there are still uncertainties as to whether the latest cyber theft involved collaboration between intelligence agencies, what is clear is that with intense competition between such organizations in Russia, throwing such a hack could be a way. to gain an advantage over rivals, according to analysts.

“Everyone wants to prove it to the boss [Mr. Putin] that they are the best, the most imagined, the most loyal “, said Mr. Galeotti. “Everyone is competing for access, for resources. “Russia is a system where agencies can be devoured by their rivals if they seem weak or ineffective.”

Russian officials have gone on the offensive, accusing their nation of being the target of foreign hackers.

Konstantin Kosachev, chairman of the foreign affairs committee of Russia’s upper house of parliament, said last week that about 30 percent of Russia’s piracy attacks came from the United States.

Mr Putin, while denying state-backed hacking campaigns, has in the past defended Russian cyber spies, comparing hackers to artists.

“If the artists get up in the morning feeling good, all they do all day is paint. The same is true for hackers, “he said in 2017.” If they feel patriotic, they will begin to contribute, as I believe, to the justified fight against those who speak ill of Russia. “

On Sunday, at a ceremony on the outskirts of Moscow commemorating an SVR anniversary, Mr Putin praised the agency’s intelligence operations and said he should focus on ensuring information security, among other topics.

“I know first hand what we are talking about here and I give my highest praise for these complicated and professional operations,” he said.

Write to Georgi Kantchev at [email protected] and Dustin Volz at [email protected]