With SolarWinds Hack, suspected Russian hackers flex the muscle of Moscow espionage

MOSCOW – In September, Russian President Vladimir Putin proposed a resumption of US-Russia relations in information security, calling for a truce to prevent incidents in cyberspace.

While the hack so far appears to fall short of a destructive cyber attack, the use of stealth espionage and a digital toolkit never seen before serves as a powerful reminder of Russia’s cyber capabilities and its willingness to use them at scale, analysts say . The variety of targets – from the departments of Commerce, State and Homeland Security to the National Institutes of Health – could provide Russian leaders with intelligence and indispensable secrets that can be used at a later stage.

Ultimately, the hack signals to the West that years of international sanctions have not undermined Russia’s global ambitions or prevented its security apparatus from conducting broad-based operations with impunity, analysts say.

“It’s always a good idea to sneak into these systems and collect some information that you can use in the future. It is classical political and industrial espionage, ”said Andrei Soldatov, an expert and author of Russian spy agencies.

“At the political level, this can also be very important,” he said. “These operations send a message that Russia has its strong intelligence agencies and they cannot be delayed by the Americans.”

A suspected Russian cyber attack on the federal government breached at least six cabinet departments. Gerald F. Seib of WSJ explains what the hack means for President-elect Joe Biden’s national security efforts. Photo illustration: Laura Kammermann

Mark Galeotti, a Russian intelligence services expert and senior associate member of the British think tank Royal United Services Institute, said the hack shows that Russia will continue its unshakable cyber operations.

“If you think that the Americans are after you, as many do in Russia, you have no reason not to do your worst,” he said.

The Kremlin denied involvement in the hacks. Putin’s spokesman, Dmitry Peskov, on Monday called the allegations “a continuation of blind Russophobia”. Russian officials said this week that the country is not conducting “offensive” operations in cyberspace. In his September statement, Putin proposed reaching an agreement “on the use of no first attack [digital technologies] against each other.”

Sergei Naryshkin, head of the SVR, in October.


Sergei Karpukhin / Zuma Press

US intelligence leaders often recognize the extreme level of cyber skills that Russian hackers have, but they always say they are not as good as what American spies can manage. A former US intelligence official said the hack should lead to a period of serious reflection on whether Russia’s hackers are superior, because an outspoken admission that the US has fallen behind a major opponent can lead to compromise. necessary to improve cyber capabilities and defenses.

“People at the Pentagon don’t like to think that the Russians are superior to us at all,” said the former official. “We are playing against opponents who are our equals, perhaps our superiors, in the cyber domain.”

American and Russian experts say that because the hack does not appear to have altered or damaged data and no computer system or other infrastructure appears to have been damaged so far, it was a classic act of cyber espionage and a modern example of high-powered competition.

“Cyber ​​espionage is a legitimate activity of the state,” said Vladimir Frolov, a former Russian diplomat and political analyst based in Moscow. “Every self-respecting state does that. Given a similar opportunity to collect information on Russian targets, the NSA or the CIA would not hesitate for a second. “

But the magnitude of the Russian theft changes the dynamics of the act and should be considered in Washington’s potential response options, said some US intelligence officials and security experts.

“In no way, shape or form did they exercise any criteria that met the standard of need or proportionality,” said Chris Inglis, the former deputy director of the NSA, during a panel discussion on Thursday about the hack. “It is brazen, it is impactful, it is indiscriminate.”

Russian cyber operations have evolved since 2016, when U.S. intelligence discovered that Russia interfered in the presidential election, which Moscow denies.

Four years ago, hackers relied primarily on spearphishing – an attack that involves impersonating someone else to trick a recipient of an email into clicking a malicious link – to steal login credentials. Recently, they implemented more recognition tactics, such as password sprays, that target a broader network of people with automated attempts to essentially guess passwords.

In the most recent hack, instead of hitting organizations directly, hackers broke into a software’s back door and used it as a springboard to reach their targets. They infiltrated their malicious code into legitimate software from a trusted software manufacturer – a company based in Austin, Texas, called SolarWinds Corp.

and its software called Orion. About 18,000 companies downloaded the malicious update from SolarWinds.

On Sunday, at a ceremony outside Moscow in celebration of the SVR’s birthday, Putin praised the agency’s intelligence operations.


Aleksey Nikolskyi / Kremlin Pool / Zuma Press

Although US government officials and cybersecurity experts have concluded that Russia is probably responsible for the hack, the real perpetrator behind the breaches is less certain.

Some American officials and experts suspect that Russia’s foreign intelligence service, known by the initials SVR, is behind the breaches, although other security experts involved in the hack investigation believe that a previously unknown Russian cyber espionage group may be the responsible.

Soldatov said the hack could have been a joint operation between the SVR and the Federal Security Service or FSB, Russia’s domestic spy agency, which is known for its extensive cyber capabilities and has experience with similar hacks, he said. The SVR, on the other hand, does not have the same cyber capabilities and technical experience and would be involved in providing information on how and where to conduct the hack, he added.

Another Russian security agency, military intelligence known as GRU, has gained notoriety in recent years and has been linked by US authorities to cyber intrusion during the 2016 elections and other operations in subsequent years that brought down Ukraine’s power grid, exposed and emails from the French president’s party and damaged global systems.

While there is still uncertainty as to whether the most recent cyber theft involved collaboration between intelligence agencies, what is clear is that, with stiff competition between these organizations in Russia, carrying out a hack like this can be a way to gain an advantage over rivals, according to analysts.

“They all want to prove to the boss [Mr. Putin] that they are the best, the most creative, the most loyal, ”said Galeotti. “Everyone is competing for access, for resources. “Russia is a system in which agencies can be devoured by their rivals if they appear weak or inefficient.”

Russian officials have gone on the counter-offensive, accusing their country of being the target of foreign hackers.

Konstantin Kosachev, chairman of the Foreign Affairs Committee of the Upper House of the Russian Parliament, said last week that about 30% of hacker attacks on Russia come from the United States.

Putin, while denying state-backed hacking campaigns, has defended Russian cyber-spies in the past, comparing hackers to artists.

“If artists get up feeling good in the morning, all they do all day is paint. The same goes for hackers, “he said in 2017.” If they feel patriotic, they will start contributing, as they believe, to the justified fight against those who speak ill of Russia. “

On Sunday, at a ceremony outside Moscow celebrating the SVR’s birthday, Putin praised the agency’s intelligence operations and said it should focus on ensuring information security, among other topics.

“I know first hand what we are talking about here and I offer my highest praise for these complicated and professional operations,” he said.

Write to Georgi Kantchev at [email protected] and Dustin Volz at [email protected]

Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8