The extensive hacking of SolarWinds by alleged hackers backed by the Russian state is the latest sign of Moscow’s growing resolution and improvement in Moscow’s technical ability to cause disruptions and spy on cyberspace on a global scale.
The hack, which involved parts of the U.S. government, as well as technology companies, a hospital and a university, adds to a series of increasingly sophisticated and brazen online intrusions that demonstrate how cyber operations have become a key axis in Russia’s confrontation with the West, analysts and officials say.
Moscow’s relations with the West continue to deteriorate and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Therefore, they say Russia is unlikely to withdraw from these tactics, even while facing US sanctions or countermeasures.
“For a country that already perceives itself in conflict with the West in virtually every domain except open military clashes, there is no incentive to leave any field that can offer an advantage,” said Keir Giles, senior consultant of Chatham House tank.
The scope of Russia’s cyber operations has grown in conjunction with Moscow’s global ambitions: from cyberattacks in neighboring Estonia in 2007 to electoral interference in the United States and France a decade later, to SolarWinds, considered one of the worst known hackers in federal computer systems.
“We can definitely see that Russia is stepping on gas in cyber operations,” said Sven Herpig, a former German cybersecurity government official and expert on the German independent public policy think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, have increased in sophistication over the years,” he said.
Jamil Jaffer, a former Justice Department and White House official, said cyber operations have become “an important part of cyber operations. [Russia’s] play.”
“It has allowed them to level up,” Mr. Jaffer, senior vice president of IronNet Cybersecurity.
An alleged Russian cyberattack by the federal government has infringed at least six cabinet-level departments. Gerald F. Seib of WSJ explains what piracy means to President-elect Joe Biden’s national security efforts. Photographic illustration: Laura Kammermann
Russia has consistently denied involvement in state-backed hacking campaigns, including SolarWinds,
stating that the country does not conduct offensive cyber operations. In September, Russian President Vladimir Putin proposed a re-establishment of information security relations between the United States and Russia.
“Russia is not involved in these attacks, especially in [SolarWinds]. We affirm it officially and resolutely, “Kremlin spokesman Dmitry Peskov said recently.” All accusations about Russia’s involvement are absolutely unfounded and seem to be a continuation of a kind of blind Russophobia, “he said.
But analysts say Moscow has added piracy to its arsenal of so-called gray zone activities – a kind of war that really stops firing – along with disinformation campaigns and the use of “little green men”. masked in green uniforms. which appeared with Russian weapons on Ukrainian territory in 2014.
Jeffrey Edmonds, a former White House and Central Intelligence Agency official studying Russia at CNA, a non-profit research organization advising the Pentagon, said Russia’s cyber operations have numerous simultaneous goals , including gathering intelligence, testing capabilities, preparing for potential conflicts by mapping critical infrastructure to adversaries, and laying the groundwork for cyber negotiations.
These operations are a relatively inexpensive and effective way to conduct geopolitics, said Bilyana Lilly, a researcher in the Rand Corp. think tank. This is crucial for Russia, which faces considerable economic and demographic challenges and whose economy is smaller than that of Italy. An article published in 2012 in an official Russian military newspaper said that the “complete destruction of information infrastructure” of the United States or Russia could carry out only a battalion of 600 “information warriors” at a price of 100 million of dollars.
Responding to the rise in Moscow’s cyber activity has been a challenge. Washington’s retaliatory measures — sanctions, confiscations of property, diplomatic expulsions, and even the cyber equivalent of warning shots — seem to have done little to deter hackers.
“Russia does not see sanctions as an instrument of pressure, but as an instrument of punishment,” said Pavel Sharikov, a senior member of the US-Canada Institute of Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand you don’t like what we’re doing, but we really don’t care.’
U.S. authorities and technology companies have reported several cases of Russian cyberattacks and attempted interference before the 2020 elections. WSJ explores how Russian hackers have hacked their 2016 toolkit with new tactics .
In recent years, the so-called clash of information has become a consolidated part of Russia’s military doctrine, according to a document co-written by Ms. Lilly de Rand. In 2019, General Valery Gerasimov, Russia’s chief of staff, said that in modern warfare, cyberspace “provides opportunities for remote and covert influence not only on critical information infrastructures, but also on the population. of the country, which directly influences national security ”.
Russia’s use of piracy to advance its geopolitical agenda initially focused primarily on targets of ex-Soviet countries. A 2007 cyberattack in Estonia deactivated government websites, banks and newspapers. Subsequent attacks in Ukraine and Georgia destroyed electricity supplies, disrupted the media and ran the electoral infrastructure, officials said.
More recently, state-backed Russian hackers have set their sights on the West. In 2014, they broke into the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified calendar, U.S. officials said. In 2015, they entered the German parliament, according to German officials, in what experts consider the most important hacking in the country’s history.
Since interfering in the 2016 US election, Russia has been accused of attacks in the French elections and the Pyeongchang Winter Olympics and the costly NotPetya malware attacks on corporate networks. This year, Western governments accused Russia of cyberespionage against targets related to coronavirus vaccines. Russia has denied its involvement.
As operations have grown, the technical skills of Russian hackers have improved, experts say.
In the 2007 Estonian attack, hackers used a relatively crude tool called “distributed denial of service” which caused websites to go offline flooding them with data and little to hide their trace. , with some of its IP addresses located in Russia.
More recent operations have used new reconnaissance tools and methods to disguise operations, including false flag tactics, to show that another country was responsible.
In 2018, federal officials said state-sponsored Russian hackers broke into supposedly secure, “open-air” or isolated networks owned by U.S. power services. In hacking SolarWinds, intruders used a routine software update to access hundreds of undetected U.S. governments and corporate systems for months.
Still, some former U.S. officials said Russia is far from flawless in the cybersphere.
“They are not 10 feet tall. They are detectable, “said Steven Hall, a former CIA official who oversaw U.S. intelligence operations in the former Soviet Union and Eastern Europe.
Ultimately, Russia’s sophistication in the cyberspace remains to be seen, said Bruce Potter, head of information security at cybersecurity firm Expel. Nations are reluctant to deploy their best cyber tools, as doing so would cause countries and businesses to quickly take on a vulnerability.
“They just left enough to do the job,” he said. “And they do the work.”
Write to Georgi Kantchev to [email protected] and Warren P. Strobel to [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8