SolarWinds’ widespread hack by alleged Russian state-backed hackers is the latest sign of Moscow’s growing determination and technical ability to cause disruption and spying on a global scale in cyberspace.
The hack, which has compromised parts of the US government, as well as technology companies, a hospital and a university, adds to a series of increasingly sophisticated and blatant online intrusions, demonstrating how cyber operations have become a key platform in the Russia’s confrontation with the West, say analysts and officials.
Moscow’s relations with the West continue to sour, and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Russia, they say, is unlikely to give up such tactics, even in the face of U.S. sanctions or countermeasures.
“For a country that already perceives itself to be in conflict with the West in virtually all areas except open military confrontations, there is no incentive to leave any field that can offer an advantage,” said Keir Giles, senior consultant at Chatham House . tank.
The scope of Russia’s cyber operations has grown along with Moscow’s global ambitions: from cyber attacks in neighboring Estonia in 2007 to electoral interference in the USA and France, a decade later, for SolarWinds, seen as one of the worst known hacks of federal systems of computer.
“We can definitely see that Russia is accelerating cyber operations,” said Sven Herpig, a former German government official in cybersecurity and an expert on the independent German public policy think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, everything has increased in sophistication over the years,” he said.
Jamil Jaffer, a former White House and Justice Department official, said cyber operations had become “a significant part of [Russia’s] Touch.”
“This allowed them to level up,” said Jaffer, senior vice president, IronNet Cybersecurity.
A suspected Russian cyber attack on the federal government breached at least six ministerial departments. Gerald F. Seib of WSJ explains what the hack means for President-elect Joe Biden’s national security efforts. Photo illustration: Laura Kammermann
Russia has consistently denied involvement in state-supported hacking campaigns, including SolarWinds,
maintaining that the country is not conducting offensive cyber operations. In September, Russian President Vladimir Putin proposed a resumption of US-Russia information security relations.
“Russia is not involved in such attacks, particularly in [SolarWinds]. We declare this officially and with determination, ”said Kremlin spokesman Dmitry Peskov recently. “Any claim that Russia is involved is absolutely unfounded and appears to be the continuation of a kind of blind Russophobia,” he said.
But analysts say Moscow has added hacking to its arsenal of activities called the gray area – a type of war that doesn’t really get fired – along with disinformation campaigns and the use of “little green men”, masked soldiers in uniforms greens that appeared with Russian weapons in Ukrainian territory in 2014.
Jeffrey Edmonds, a former White House and Central Intelligence Agency employee who studies Russia at CNA, a nonprofit research organization that advises the Pentagon, said Russia’s cyber operations have several simultaneous goals, including intelligence gathering , ability to test, prepare for potential conflict by mapping critical adversary infrastructure and laying the groundwork for cyber negotiations.
These operations are a relatively inexpensive and effective way to conduct geopolitics, said Bilyana Lilly, researcher at think tank Rand Corp. This is crucial for Russia, which faces considerable economic and demographic challenges and whose economy is smaller than that of Italy. A 2012 article in an official Russian military newspaper said that the “total destruction of information infrastructures” in the US or Russia could be accomplished by just a battalion of 600 “information warriors” at a price of $ 100 million.
Responding to increased Moscow cyber activity has been a challenge. Washington’s retaliatory measures – sanctions, property seizures, diplomatic evictions and even the cyber equivalent of warning shots – appear to have done little to stop the hacks.
“Russia does not see sanctions as an instrument of pressure, but as an instrument of punishment,” said Pavel Sharikov, senior member of the United States and Canada Institute of Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand that you don’t like what we’re doing, but we really don’t care.'”
US officials and technology companies have reported several cases of cyber attacks and attempts to interfere in Russia before the 2020 elections. WSJ explores how Russian hackers and trolls have expanded their 2016 toolkit with new tactics.
In recent years, the so-called information confrontation has become an established part of Russia’s military doctrine, according to an article co-written by Ms. Lilly de Rand. In 2019, General Valery Gerasimov, Russia’s chief of staff, said that in modern warfare, cyberspace “offers opportunities for remote and secret influence, not only on critical information infrastructures, but also on the country’s population, influencing national security directly “.
Russia’s use of hacking to promote its geopolitical agenda initially focused mainly on targets in the former Soviet countries. A 2007 cyber attack in Estonia disabled government websites, banks and newspapers. Subsequent attacks in Ukraine and Georgia disrupted energy supplies, disrupted media and electoral infrastructure, officials said.
More recently, state-backed Russian hackers have turned their eyes to the West. In 2014, they hacked into the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified programming, American officials said. In 2015, they arrived at the German parliament, according to German authorities, in what experts consider the most significant hack in the country’s history.
Since its interference in the 2016 US elections, Russia has been accused of attacks in the French elections and the Pyeongchang Winter Olympics and the expensive NotPetya malware attacks on corporate networks. This year, Western governments have accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied involvement.
As the scope of operations has grown, the technical skills of Russian hackers have improved, experts say.
In the 2007 Estonia attack, hackers used a relatively crude tool called “distributed denial of service” that took offline sites flooding them with data and did little to hide their trail, with some of their IP addresses located in Russia.
More recent operations used new recognition tools and methods to cover up operations, including false flag tactics, to make it appear that another country was responsible.
In 2018, federal officials said Russian state-sponsored hackers hacked into supposedly secure, “air-gap” or isolated networks owned by U.S. electric utilities. In the SolarWinds hack, attackers stealthily used a routine software update to gain access to hundreds of US corporate and government systems undetected for months.
Still, some former American officials said Russia is far from perfect in the cybersphere.
“They are not 3 meters high. They are detectable, ”said former senior CIA official Steven Hall, who oversaw US intelligence operations in the former Soviet Union and Eastern Europe.
Ultimately, how sophisticated Russia is in the cyber realm has yet to be seen, said Bruce Potter, director of information security at cybersecurity company Expel. Nations are reluctant to deploy their best cyber tools because doing so would make countries and companies quickly fix a vulnerability.
“They just gave enough to get the job done,” he said. “And they do the job.”
Write to Georgi Kantchev at [email protected] and Warren P. Strobel at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8