A Modern History of Russian Cyberwarfare

In his latest article, Max Bishop gives us a briefing on the state of Russian cyber warfare and postulates that Russian involvement and planning is far more grim than most of us realize.

A Modern History of Russian Cyberwarfare

“FBI warns Russians hacked hundreds of thousands of routers.”
“Russia is waging ‘full spectrum’ war on Britain with fake news and hacking.”
“How an entire nation became Russia’s test lab for cyberwar.”

You don’t have to subscribe to the New York Times to have heard by now about one or two instances of Russian meddling; but exactly how deep does their offensive campaign go? It’s easy to tune out cybersecurity breach or incident updates nowadays, as databases are cracked; credentials are stolen, and privileges are escalated with increasing frequency -- but I’m here to postulate that Russian involvement and planning is far more grim than most realize. It’s the re-stoking of a decades long cold war that never quite lost it’s flame, and we should all be afraid.

To properly articulate my argument, I feel it’s necessary to provide a brief history, or at least a rough timeline of Russian hacking in the last decade or so, which is where I’d argue we reached a visible tipping point in the balance of hacking capabilities.

  • April 2007 - Following a disagreement over an elaborate Soviet era gravemarker between Russia and Estonia; Estonian government; media, finance and news industry are all severely impacted by a sophisticated series of cyber attacks.

  • June 2008 - After the Lithuanian government outlaws displays of Soviet symbols; government web pages are defaced with hammer and sickle symbols, and five pointed stars.

  • August 2008 - Georgia sends troops to contest a breakaway republic backed by Russian central command. Russian hackers.

  • January 2009 - Russia extorts Krygyzstan into evicting an American military base by DDOS-ing two major ISPs. Krygyzstan relents and evicts the American base.

  • August 2009 - Russian hackers commemorate the anniversary of their historical invasion of Georgia by DDOS-ing Twitter and Facebook in Georgia.

  • October 2011 - NASDAQ’s central servers are compromised by malware that appears to be crafted by an intelligence agency. Those close to the investigation suspect a Russian individual named “Aleksandr Kalinin” to be responsible.

  • 2012 - Attacks consistent in methodology with state APTs plague both the Obama and Romney presidential election campaigns.

  • August 2013 - A security breach compromises all 3 billion Yahoo user accounts. Roughly three years later, four men, including two Russian intelligence officers, are charged with perpetrating the breach.

  • October 2014 - Hackers believed to be affiliated or employed by Russian gov’t breach unclassified White House computer networks.

  • November 2014 - U.S. State Department’s unclassified email systems are successfully breached by Russian hackers. This is later believed to be a test of US capabilities, as well as a message about their seriousness in the field.

  • May 2015 - German computer experts determined the German federal parliament (Bundestag)’s computer network was compromised by hackers later determined to be Russian in origin.

  • July 2015 - A Pentagon staffer leaks that Russian hackers compromised the email system used by the Joint Chiefs of Staff at the Pentagon, forcing the US to take it offline and “cleanse” it.

  • September 2015 - Russian APT “Cozy Bear” is found to have been exploiting commercial satellites to exfiltrate data from US agencies.

  • October 2015 - Experts believe Russian hackers attempted to infiltrate a Dutch computer system with records of the Dutch investigation into flight MH17’s crash, later determined to have been perpetrated by pro-Russian rebels using a Russian-made missile.

  • March 16th, 2016 - Clinton campaign chairman John Podesta’s Gmail account is compromised via phishing by Russian APT, “Fancy Bear”.

  • May 18th, 2016 - James Clapper, Director of National Intelligence, warns of indications of cyberattacks in the 2016 election.

  • June 16th, 2016 - More details emerge of the May hacking attack; that two seperate Russian intelligence operations are believed to be responsible. It is now reported that the DNC computer network as a whole or majority was breached.

  • December 2016 - German politicians and figureheads warn of impending cyberattacks likely to occur in midst of 2017 German parliamentary election, hinting that Russia was the expected assailant.

  • October 2017 - Allegations come out accusing Kaspersky Labs of either inadvertently or intentionally leaving a backdoor for Russian intelligence to exploit for surveillance of important targets.

  • December 2017 - The Russian hacker charged with compromising the DNC’s computer network in the previous year’s election cycle confesses under oath to be hired by Russian state intelligence.

It’s pretty clear looking at this extended timeline that the Russian state & intelligence agencies have been openly honing their craft for some time now. I was surprised to see how long they’d been fairly blatantly running these hacking campaigns on rival governments and their incumbents, and concerned to see how successful the Russian government is, consistently, at penetrating high value and highly secured networks and systems.

It would seem this leaves other world governments and other citizens across the world with two options: roll over and accept Russia as the world hegemon and superpower in cybersecurity; which may as well read, “accept Russia as the world hegemon -- full stop,” or start preparing the workforce and the youth in or about to attend college to focus with more scrutiny on cybersecurity. The US government has been encouraging people to go into the field for at least a few years; but without much concentrated effort; and the timeline seems to make it clear how poorly this has prepared us for the current state of cyberwarfare.

Another imperative is taking a more active role in preparing our systems for more dangerous attacks than we currently seem to expect. It's hard to point the finger solely at state actors working under any government when we're the ones who left the systems vulnerable.

It’s difficult to guess what Russia’s short term or long term goals in a cyberwarfare campaign might be -- perhaps that’d be a better question for a politician or a general; but as far as I can tell their intelligence is liberally developing and practicing cyberwarfare techniques and methods with the short term goal of assessing these tools and method’s effectiveness, as well as their various target’s defensive capabilities, and the long term goal of establishing themselves as the world’s leading power in cyberwarfare.

Not only are many of the most well-known cyberattacks perpetrated by Russians; but the most threatening and dangerous malware coding can be attributed to Russian origin; such as the Sandworm virus, which when analyzed was found to use intrusion techniques first demonstrated at a hacker conference held in Russia.

This is a call to arms to all cybersecurity professionals, aspiring hackers, phreakers, coders, pentesters, and disaffected IT workers, across the globe. No one nation should seize total dominance of the cybersecurity industry. If we continue to let Russia bully and torment our industries without fear of retaliation or difficulty in penetration, they will continue to do so, and continue pushing the boundaries of what we’ve grown accustomed to.

Cybersecurity is beautiful because nobody has ownership of the internet, because anybody with a cheap laptop or Raspberry Pi can wield real power through knowledge alone. It’s an equalizing field that you don’t need money, a college degree, or credentials to achieve and collaborate in, it’s far from an ivory tower and well established as a system of checking and balancing power in other areas like the economy or government, as evidenced by the plethora of lone wolf hackers from impoverished nations with no fancy lab or expensive equipment to support them.

We should all be taking this apparent threat a little more seriously.