21 December 2020

Cyber-attack is brutal reminder of the Russia problem facing Joe Biden

Luke Harding

It is Joe Biden’s biggest foreign policy headache. As well as confronting the Covid pandemic, the president-elect has to deal with a more familiar problem: Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years.

And now the Kremlin appears to have struck again. This week details emerged of an unprecedented cyber-attack against US government departments. Beginning in March, suspected Russian hackers penetrated Washington’s signature institutions.

They include the commerce and treasury departments, homeland security, nuclear laboratories and the Pentagon, as well as leading Fortune companies. For months the Russian spies roamed at will, apparently undetected. Only now are aghast officials scoping the damage.

The hacking is a brutal reminder of how Vladimir Putin and the KGB agents around him view the world. They regard the US as the glavniy protivnik or main enemy. This adversarial cold war mindset endures, regardless of whether a Trump or a Biden sits in the White House.

This latest cyber-attack can be explained as part of Moscow’s continuous almost-but-not-quite war against the west. It is an asymmetric conflict, fought on Moscow’s side by shadow state operatives. Some are assassins, deployed in Salisbury and Siberia. Others are backroom computer or chemical experts.

In recent years the Kremlin used hacking extensively. It is cheap, deniable, and psychologically effective – inducing panic. Despite billions spent by the US on cyber defence, the hackers were able to discover a vulnerability in a software update, and to infiltrate dozens of US federal computer systems.

A central conundrum for Biden’s presidency is how to contain such hyper-aggressive Russian behaviour. The answer eluded Barack Obama, who tried unsuccessfully to reset relations with Putin. The person who led this doomed mission was the then secretary of state, Hillary Clinton, herself a Russian hacking victim in 2016.

On Thursday Biden pledged to “disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place”. But what this means concretely is unclear. In the meantime billions will be spent on trying to shore up American cyber-defences against the next inevitable Moscow attack.

US officials have ascribed this year’s sophisticated undetected cyber-raid to the SVR, Russia’s foreign intelligence outfit. Not everyone is convinced. Andrei Soldatov, an expert on Russia’s spy agencies and the author of The Red Web, thinks it is more likely a joint SVR/FSB taskforce was involved.

The FSB is the domestic spy agency which Putin headed before he became prime minister and president. Its hackers – known as Cozy Bear or APT29 – broke into Democratic party servers in summer 2015. They got there a few months earlier than a rival Russian hacking group, Fancy Bear, working for GRU military intelligence.

Cozy Bear’s activities are impressively global. They have previously infiltrated unclassified systems belonging to the White House, state department and the US chiefs of staff, as well as other organisations, universities and thinktanks. Victims are in western Europe as well as in Brazil, China, Japan, South Korea and New Zealand.

Last year’s report by the US special counsel Robert Mueller gave stunning details of the GRU’s 2016 hacking operation. But it said little about Cozy Bear. In summer 2014 Dutch intelligence identified FSB hackers, about 10 of them, working from an anonymous university building off Red Square.

The Dutch passed the spies’ identities to the US National Security Agency, the world’s pre-eminent cyber body. It reportedly tipped the NSA off about the state department hack, which breached unclassified networks. Embarrassingly, this latest attack appears to have blindsided the NSA.

Speaking at his annual press conference on Thursday, Putin denied having anything to do with malicious hacking. The American accusations were untrue, he said, with Moscow once again a victim of internal US politics. Few believe him, with the exception of the US’s outgoing president, who has remained silent on the hack.

Establishing exactly who is behind the raids will be tortuous. “I never never heard anything about SVR hackers. Which says something in Moscow where everything leaks,” Soldatov said. Somewhere in Moscow, Russia’s hacking operatives will be toasting another successful mission.

… and it’s nearly the end of the year, we have a small favour to ask. Millions have turned to the Guardian for vital, independent, quality journalism throughout a turbulent and challenging 2020. Readers in 180 countries around the world, including India, now support us financially. Will you join them?

We believe everyone deserves access to information that’s grounded in science and truth, and analysis rooted in authority and integrity. That’s why we made a different choice: to keep our reporting open for all readers, regardless of where they live or what they can afford to pay. This means more people can be better informed, united, and inspired to take meaningful action.

In these perilous times, a truth-seeking global news organisation like the Guardian is essential. We have no shareholders or billionaire owner, meaning our journalism is free from commercial and political influence – this makes us different. When it’s never been more important, our independence allows us to investigate fearlessly, and challenge those in power.

In this unprecedented year of intersecting crises, we have done just that, with revealing journalism that had real-world impact: the inept handling of the Covid-19 crisis, the Black Lives Matter protests, and the tumultuous US election.

We have enhanced our reputation for urgent, powerful reporting on the climate emergency, and moved to practice what we preach, rejecting advertising from fossil fuel companies, divesting from oil and gas companies and setting a course to achieve net zero emissions by 2030.

If there were ever a time to join us, it is now. Your funding powers our journalism, it protects our independence, and ensures we can remain open for all. You can support us through these challenging economic times and enable real-world impact.

No comments: