With SolarWinds Hack, suspected Russian hackers are once again bending Moscow’s Spycraft Muscle

While the hack seems to lack a destructive cyber attack so far, the use of covert trading and an unprecedented digital toolkit serves as a powerful reminder of Russia’s cyber capabilities and willingness to use them extensively, analysts say. The range of targets – from the Departments of Commerce, State and Homeland Security to the National Institutes of Health – could provide Russian leaders with vital information and secrets for use at a later stage.

Ultimately, the hack signals to the West that years of international sanctions have not hampered Russia’s global ambitions or deterred its security apparatus from conducting wide-ranging operations with impunity, analysts say.

“It’s always good to sneak into these systems and gather some information that you can use in the future. It’s classic industrial and political espionage, ”said Andrei Soldatov, an expert and author of Russian spy agencies.

“At the political level, this can also be very important,” he said. “Such operations send a signal that Russia has strong intelligence services and that they cannot be slowed down by the Americans.”

Mark Galeotti, an expert on Russian intelligence and senior associate fellow at the British think tank Royal United Services Institute, said the hack shows Russia will continue its cyber operations unabated.

“If you think the Americans are out to get you, as many in Russia do, then you have no reason not to try your best,” he said.

The Kremlin denies involvement in the hacks. Mr Putin’s spokesman Dmitry Peskov called the allegations on Monday “a continuation of blind Russophobia.” Russian officials said this week that the country is not conducting “offensive” operations in cyberspace. In his September statement, Mr. Putin for reaching an agreement “on a no-first-strike with the use of [digital technologies] against each other.”

US intelligence leaders often recognize the extreme level of cyber skills Russian hackers possess, but always say they are not as good as what US spies can handle. A former senior US intelligence official said the hack should spark a period of serious reflection as to whether Russia’s hackers are superior, as a frank admission that the US has fallen behind with a key adversary could lead to a necessary renewed commitment to improve cyber capabilities and defenses.

“People in the Pentagon don’t like to think that the Russians are superior to us in everything,” the former official said. “We’re playing a game against opponents who are our peers, maybe our superiors, in the cyber domain.”

US and Russian experts say that since the hack does not appear to have altered or corrupted the data and no computer systems or other infrastructure appears to have been damaged so far, it was a classic act of cyber espionage and a modern example of high-powered power competition.

“Cyber ​​espionage is a legitimate state activity,” said Vladimir Frolov, former senior Russian diplomat and political analyst from Moscow. “Every self-respecting state does that. On a similar opportunity to gather information on Russian targets, the NSA or the CIA wouldn’t hesitate for a second. “

But the sheer scale of the Russian heist is changing the dynamics of the act and should be factored into Washington’s possible response options, some US intelligence officials and security experts have said.

“In no way, shape or form have they exercised any discretion that they have met the standard of necessity or proportionality,” Chris Inglis, the former deputy director of the NSA, said during a panel discussion Thursday about the hack. “It’s cheeky, it’s impressive, it’s random.”

Russian cyber operations have evolved since 2016 when US intelligence discovered that Russia was interfering with the presidential election, which Moscow denies.

Four years ago, hackers mainly relied on spear phishing – an attack where you pretend to be another person to trick an email recipient into clicking on a malicious link – to steal credentials. They’ve recently deployed more scout tactics, such as password sprays, which target a larger network of people with automated attempts to essentially guess passwords.

In the latest hack, instead of targeting organizations directly, the hackers broke in through a software backdoor and used it as a springboard to reach their tracks. They sneak their malicious code into legitimate software from a trusted software maker – an Austin, Texas-based company called SolarWinds Corp.

and its software called Orion. As many as 18,000 companies have downloaded the malicious SolarWinds update.

While US government officials and cybersecurity experts have concluded that Russia is likely responsible for the hack, the actual culprit behind the breaches is less certain.

Some US officials and experts suspect that Russian foreign intelligence, known by its initials SVR, was behind the breaches, although other security experts involved in investigating the hack believe a previously unknown Russian cyber-espionage group may be responsible.

Mr Soldatov said the hack could have been a joint operation between the SVR and the Federal Security Service or FSB, Russia’s domestic spy agency, which is known for its extensive cyber capabilities and has experience with similar hacks, he said. In contrast, the SVR does not have the same cyber resources and technical expertise and would have been involved in providing information on how and where to perform the hack, he added

Another Russian security agency, the military intelligence agency known as GRU, has gained notoriety in recent years and has been linked by US authorities to the cyber interference in the 2016 elections and other operations in subsequent years that shut down Ukraine’s energy network. , revealed emails from the French president’s party and damaged global systems.

While there is still uncertainty as to whether the latest cyber theft involved intelligence cooperation, it is clear that with competition among such organizations in Russia, running a hack like this could be a way to get a head start on rivals, analysts said.

“They all want to prove to the boss [Mr. Putin] that they are the best, the most imaginative, the most loyal, ”said Mr. Galeotti. ‘They all compete for access, for resources. “Russia is a system where agencies can be devoured by their rivals if they look weak or inefficient.”

Russian officials are carrying out a counter-offensive, accusing their country of being the target of foreign hackers.

Konstantin Kosachev, the chairman of the Russian House of Lords Foreign Affairs Committee, claimed last week that about 30% of hacking attacks on Russia come from the US.

Putin, while denying state-sponsored hacking campaigns, has in the past defended Russian cyber spies and compared hackers to artists.

‘When artists get up in the morning with a good feeling, they just paint all day long. The same goes for hackers, “he said in 2017.” If they feel patriotic, they will, as they think, contribute to the righteous struggle against those who speak ill of Russia. “

On Sunday, at a ceremony in the Moscow suburbs to commemorate an SVR anniversary, Mr Putin praised the agency’s intelligence operations, saying it should focus, among other things, on ensuring information security.

“I know firsthand what we are talking about here, and I offer my greatest credit for these complicated and professional operations,” he said.

Write to Georgi Kantchev at [email protected] and Dustin Volz at [email protected]