Pages

12 December 2016

Russia Expects a Taste of Its Own Cyber Medicine

By Leonid Bershidsky

Russia, demonized as the biggest cyber-villain in the world in the wake of the U.S. election campaign, must now take special care of its own information security. Its adversaries don't just possess powerful cyber-spying and offensive capabilities -- they suspect Russian involvement in every incident, and that makes Russia vulnerable to all kinds of retaliation. 

After it was accused of trying to influence the U.S. presidential race, Russia faces the same charges in Germany. Given Chancellor Angela Merkel's support of anti-Russian sanctions and her deep-seated support of a close partnership with the U.S., Russian President Vladimir Putin has strong motives to undermine her. Last week, WikiLeaks, which appeared to closely coordinate its U.S. election-related publications with Russian propaganda outlets such as the RT channel and Sputnik network of websites, published material from a German parliamentary inquiry into the cooperation between Germany's BND intelligence service and the U.S. National Security Agency. The issue is politically sensitive to privacy-minded Germans, who do not appreciate their country's collaboration with the intrusive U.S. service. The Russian propaganda organizations were on it immediately.

Merkel's government anticipates more than leaks. Late last month, about 900,000 customers of Germany's biggest internet provider, Deutsche Telekom, experienced outages after what appeared to be an attack on a particular type of router. The company said the problems were caused by "deliberate hacking," and German politicians wasted no time in hinting at Russian involvement. Merkel said she didn't have any specific information about the Deutsche Telekom attack, but added, "Let me just say that such cyberattacks, or 'hybrid attacks' as they're known in Russian doctrine, are part of everyday life today, and we need to learn to deal with them." 

In a recent interview with the daily Sueddeutsche Zeitung, Bruno Kahl, the head of the BND, said he had evidence Russia was undertaking cyberattacks, "which have no other purpose but to cause political uncertainty." Add the powerful, well-funded BND to the U.S. intelligence services plotting to prevent Russian attacks, and the Kremlin has a serious problem. 

Putin clearly understands that and feels the need to shift the narrative or at least signal his preparedness. On Monday, he approved a new Russian information-security doctrine which mentions "a number of foreign countries increasing their technological capacity to impact" Russian infrastructure "to attain military goals." It also talks about foreign intelligence services attempting to "exert psychological influence by information means in order to destabilize the domestic political situation in various regions of the world and undermine the sovereignty and territorial integrity of states."

According to the document, the Russian stance against such practices is defensive. But it is more likely an attempt to justify cyberattacks and the spreading of propaganda in the Kremlin's favorite way -- by saying everybody else does it, too.

The new doctrine was published on the day the FSB, Russia's domestic intelligence service, said it expected the start of a major cyberattack by "foreign special services" against the Russian banking sector. On Dec. 2, the FSB said in a brief statement that Russian banks would be attacked from servers in the Netherlands owned by the Ukraine-based hosting company BlazingFast. At the same time, the FSB said, social networks would fill with panic-inducing messages about the collapse of certain banks and the central bank's plans to strip them of licenses.

The threat apparently was taken seriously. The communications ministry held meetings with bankers and internet providers, and the central bank offered extra liquidity in case there's a bank run. Monday came and went, though, and nothing happened to Russian banks; no panic spread through social networks, either. A BlazingFast representative suggested that the publicity scared off any hackers that might have planned the attack, but the FSB announcement also may have been part of a Kremlin campaign to present Russia as a victim rather than an instigator of hybrid warfare in cyberspace.

Though the Ukrainian firm -- a legitimate infrastructure provider with a branch in Amsterdam -- wasn't directly accused of involvement in the cyberattack, Russia has plenty to fear from Ukrainians. Unlike the U.S. and German spy agencies, careful not to start an all-out war with Russia, Ukraine is already involved in a proxy war with its eastern neighbor. It is also a lawless place full of excellent information-technology specialists. The recent global operation to roll up Avalanche, a giant botnet used by cyber-criminals for various malware attacks that have caused hundreds of millions of dollars in damage, culminated in the arrest of Hennady Kapkanov, a Ukrainian citizen, in Poltava. Avalanche was just the type of criminal network that could be used for an attack on a country's banking system, and it was far from the only one or even the biggest.

It was a Ukrainian hacktivist group that breached the e-mail of Putin adviser Vladislav Surkov in October. They didn't find anything particularly sensational, but they did demonstrate their ability to hack Kremlin servers. 

Moscow has long been worried about the dominance of Western software and the wide reach of U.S. internet companies. Last week, Natalya Kasperskaya, head of the InfoWatch information security company, suggested that the Russian government stake a claim to all the data collected from Russian citizens on the internet before foreign companies get their hands on it. Russia has introduced stringent rules for internet firms, obliging them to store Russians' personal data within the country. Now, though, it's no longer a matter of protectionism or even securing Russians' personal data: Russia has every reason to expect attacks on its critical systems perpetrated in retaliation for Russian meddling in foreign elections. 

Making sure these attacks don't come is a matter of constant vigilance. The FSB warning may even have been a drill. It also helps if elections in Western countries are won by people who won't be interested in retaliating. Donald Trump probably isn't. If indeed Putin has authorized election meddling and Western intelligence agencies have proof of that, we can expect that he will double down on the activity and step up the cyberwar.

No comments:

Post a Comment