The sprawling SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow’s growing determination to improve its technical ability to cause disruption and carry out espionage in cyberspace on a global scale.
The hack, which endangered parts of the U.S. government as well as technology companies, a hospital and a university, is contributing to a series of increasingly sophisticated and brutal online burglaries, and shows how cyber operations have become a key role in Russia with the West, analysts and officials say.
Moscow’s relations with the West continue to sour, and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Russia is therefore unlikely to withdraw from such tactics, they say, even when faced with US sanctions or countermeasures.
“For a country that already considers itself to be in conflict with the West in almost every domain, except open military clashes, there is no reason to leave a field that can provide an advantage,” said Keir Giles, senior consulting fellow at Chatham House. tank.
The scale of Russia’s cyber operations has grown in line with Moscow’s global ambitions: from cyber attacks on neighboring Estonia in 2007, to electoral interference in the US and France a decade later, to SolarWinds, seen as one of the worst known hackers of Russia. federal computer systems.
“We can certainly see Russia accelerating cyber operations,” said Sven Herpig, a former German government cybersecurity officer and expert at the German independent think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, have all become more sophisticated over the years,” he said.
Jamil Jaffer, a former White House and Justice Department official, said cyber operations “have become an important part of [Russia’s] Play. “
“It has enabled them to progress to the next level,” said Mr. Jaffer, senior vice president at IronNet Cybersecurity.
A suspected Russian federal government cyberattack has breached at least six cabinet departments. WSJ’s Gerald F. Seib explains what the hack means for President-elect Joe Biden’s national security efforts. Photo illustration: Laura Kammermann
Russia has consistently denied participating in state-sponsored hacking campaigns, including SolarWinds,
claim the country is not conducting offensive cyber operations. In September, Russian President Vladimir Putin proposed a reset of US-Russia relations in the field of information security.
“Russia is not involved in such attacks, especially in [SolarWinds]. We state this officially and decisively, ”Kremlin spokesman Dmitry Peskov said recently. “All allegations of Russia’s involvement are absolutely unfounded and appear to be the continuation of a kind of blind Russophobia,” he said.
But analysts say Moscow has added hacking to its arsenal of so-called gray-area activities – a kind of war that ends without actually firing – in addition to campaigns of disinformation and the use of “ little green men, ” the masked soldiers in green uniforms. who appeared on Ukrainian territory with Russian weapons in 2014.
Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at CNA, a nonprofit that advises the Pentagon, said Russia’s cyber operations have numerous simultaneous goals, including gathering information, testing capabilities, preparing for potential conflicts by mapping critical infrastructure of opponents and laying the foundation for cyber negotiations.
Such operations are a relatively inexpensive and effective way to conduct geopolitics, said Bilyana Lilly, a researcher at Rand Corp. think tank. This is crucial for Russia, which faces significant economic and demographic challenges and whose economy is smaller than Italy’s. A 2012 article in an official Russian military magazine said the “complete destruction of US or Russian information infrastructures” could be carried out by just one battalion of 600 “information fighters” for a price tag of $ 100 million.
Responding to increased cyber activity in Moscow has been challenging. Washington’s retaliatory measures – sanctions, property seizures, diplomatic evictions, even the cyber equivalent of warning shots – seem to have done little to deter hacks.
“Russia does not see sanctions as a tool to exert pressure, but as a tool to punish,” said Pavel Sharikov, senior fellow at the Institute for US and Canadian Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand you don’t like what we do, but we don’t really care.’ ”
US authorities and technology companies have reported several instances of Russian cyber-attacks and attempted interference ahead of the 2020 election. WSJ examines how Russian hackers and trolls have expanded their 2016 toolkit with new tactics.
In recent years, the so-called information confrontation has become a regular part of Russian military doctrine, according to a paper co-written by Rand’s Mrs. Lilly. In 2019, General Valery Gerasimov, the Chief of the Russian General Staff, said that cyberspace in modern warfare “provides opportunities for covert influence from a distance, not only on critical information infrastructures, but also on the population of the country, making national safety is directly affected. “
Russia’s use of hacking to advance its geopolitical agenda initially focused primarily on targets in ex-Soviet countries. In a cyber attack in Estonia in 2007, government, bank and newspaper websites were disabled. Subsequent attacks in Ukraine and Georgia cut off the power supply, disrupted the media and infrastructure for targeted elections, officials said.
More recently, Russian state-sponsored hackers have set their sights on the West. In 2014, they breached the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified scheme, US officials said. In 2015, according to German officials, they entered the German parliament in what experts see as the most important hack in the country’s history.
Russia has been accused of attacks on the French elections and the Winter Olympics in Pyeongchang and NotPetya’s costly malware attacks on corporate networks since its meddling in the 2016 US elections. This year, Western governments accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied involvement.
As operations grow in size, Russian hackers’ technical skills have improved, experts say.
In the 2007 Estonia attack, hackers used a relatively crude tool called “distributed denial-of-service” that pushed websites offline by flooding them with data, and did little to hide their trail, as some of their IP addresses were located in Russia.
More recent operations have used new reconnaissance tools and methods to camouflage operations, including false flag tactics, to give the impression that another country was responsible.
In 2018, federal officials said that state-sponsored Russian hackers broke into supposedly secure, “air-gape” or isolated networks owned by US power companies. In the SolarWinds hack, intruders covertly used a routine software update to gain access to hundreds of US government and corporate systems that had gone unnoticed for months.
Still, some former US officials said Russia is far from spotless in the cybersphere.
‘They are not 3 meters long. They are detectable, ”said former senior CIA official Steven Hall, who oversaw US intelligence operations in the former Soviet Union and Eastern Europe.
Ultimately, it remains to be seen how advanced Russia is when it comes to cyber, said Bruce Potter, chief information security officer at cybersecurity firm Expel. Countries are reluctant to deploy their best cyber tools, as this would result in countries and companies quickly patching a vulnerability.
“They put down just enough to get the job done,” he said. “And they get the job done.”
Write to Georgi Kantchev at [email protected] and Warren P. Strobel at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8