Pages

6 August 2019

Cold War in Cyberspace

by Ky Krauthamer

The dramatic assertions in a U.S. Senate report on Russian interference in the 2016 presidential election got major play in the U.S. media. And no wonder: the report relayed intelligence assessments that Russian government hackers scanned electoral systems in all 50 states, looking for weaknesses to exploit.

The report also noted that U.S. intelligence suspected Russian hackers were prepared to launch a disinformation drive on social media in the event that Democratic candidate Hillary Clinton was elected.

Russian meddling reportedly continued as the 2018 midterm elections neared, when, according to the Department of Homeland Security, “numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election.”


Yet reports of U.S. or other Western government hacks on Russian targets have received less coverage, even though some of the claims made are dramatic.

One audacious hack took place late last year, when a powerful malware agent was installed on computers of Russian’s largest tech company, Yandex, in an attempt to spy on user accounts, according to an exclusive report by Reuters last month.

Reuters attributed the attack to “hackers working for Western intelligence agencies,” citing four people with direct knowledge of the matter.

The sources did not identify the country or countries behind the hack late last year, although the malware used, Regin, “is known to be used” by the “Five Eyes” intelligence alliance of the United States, UK, Canada, Australia, and New Zealand, Reuters reported.

Data released by former U.S. security contractor Edward Snowden revealed Regin as a Five Eyes tool in 2014, Reuters says.

The Russian cyber-security firm Kaspersky Labs that same year described Regin as an extremely sophisticated tool enabling attackers to take remote control of computer networks “at all possible levels.”

“Considering the complexity and cost of Regin development, it is likely that this operation is supported by a nation-state,” said Kaspersky.

Russia’s main intelligence agency, FSB, was itself targeted in a hack this month, although the damage appears to be relatively limited and no one has accused Western governments of involvement.

The BBC Russian service reported on 19 July that a hacking group calling itself 0v1ru$ infiltrated a major FSB contractor and exposed FSB projects. The report named the contractor as a Moscow firm called Сайтэк. In its 22 July report, the main BBC news site gives the company’s name as SyTech. The company website is no longer active. The hackers said they found information on FSB projects to identify users of the Tor anonymous browser, and information on insulating the Russian internet from potential outside attacks.

FSB’s primary remit is domestic security, but its reach extends to include foreign electronic surveillance and intelligence gathering, surveillance firm owner Zak Doffman writes for Forbes.

The projects exposed by 0v1ru$ were already known, Doffman says. More significant is the apparent ease with which hackers apparently breached an FSB contractor and extracted 7.5 terabytes of data. “Contractors remain the weak link in the chain for intelligence agencies worldwide,” he notes, offering Snowden as an example.

Washington Shows Its Cards

U.S. officials are clear that the Trump administration is taking a more aggressive approach to combating Russian cyber-security threats. Those steps include placing malware inside the Russian electric power system, The New York Times reported recently.

Citing current and former officials, the Times says the Pentagon’s Cyber Command has inserted “reconnaissance probes into the control systems of the Russian electric grid” since at least 2012.

The more offensive tactics come after years of U.S. intelligence claims that Russia has infected power plants, pipelines, and water systems with malware. “The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir Putin and a demonstration of how the Trump administration is using new authorities to deploy cyber-tools more aggressively,” the Times writes.

There is precedent for fears of a devastating malware attack on energy systems. In 2015, hackers cut power to hundreds of thousands of homes in western Ukraine. Russia denied the Ukrainian security service SBU’s claim of Russian responsibility for the attack.

During last November’s U.S. elections, Cyber Command took direct action against a notorious Russian troll farm, The Washington Post reported.

The planned disruption of the Internet Research Agency’s networks, on election day and for a day or so afterward, was meant to block any Russian attempt to mount a disinformation campaign, officials said.

Former staff of the St. Petersburg-based operation have said it employed dozens of people who spread pro-Kremlin and anti-Western views on social media in the guise of ordinary citizens. Earlier this year, researchers working for a U.S. Senate committee claimed the agency used fake accounts to promote Donald Trump’s candidacy in 2016. Russia denied the allegations, Reuters reported.

Cyber Command’s disruption of the agency was the first live test of its new strategy of constantly hounding cyber-foes and sharing information with partners, the Post wrote. Last fall, Cyber Command sent specialists to Macedonia, Montenegro, and Ukraine to help bolster their cyber-security defenses, the officials said.

No comments:

Post a Comment