SUZANNE KELLY
Bottom Line: The risk posed to U.S. national security by what are believed to be Russian-backed hacking groups, is similar to the October 1962 Cuban Missile Crisis according to Cipher Brief Experts, but different, in that the U.S. has no clear and obvious deterrent this time around. Recent Developments: The FBI recently forced its way between a hacking group known as ‘Sofacy’ – believed to be linked to the Russian military – and the unwitting owners of more than half a million wireless routers. Armed with a court order, The Bureau seized control of a broad network of infected routers as well as the domain it believed was serving as the command and control infrastructure of a world-wide botnet.
In a statement issued in late May, Assistant Attorney General Jeff Demers called the FBI action a “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”
Deeper Background: Botnets are simply connected devices used by cybercriminals to create disruptions on the internet. Cyber criminals can infect your home or office devices with malware allowing them to connect them to other devices, creating an ‘army’ of cyber soldiers that they can then command to take an action. Usually, that action is overloading a website so that it no longer functions. That’s a DDoS attack.
While getting a court order to seize a domain was a new twist, this kind of hacking activity has been going on for years. The DOJ announcement followed similar actions taken in April when the U.S. and U.K. jointly blamed Moscow for cyber intrusions into the routers and switches that serve as a gateway for internet access into homes as well as major corporations.
The Department of Homeland Security has been warning about such exploits since 2015.
Just this past April, the White House Cybersecurity Coordinator (a position that has since been eliminated) told reporters that “The activity isn’t always to steal information from the network, but at times is used to facilitate other operations that the Russians can do against high value targets worldwide,” according to Rob Joyce, who warned that such incidents needed to “be viewed in the totality of Russian malicious cyber activity. For this reason,” Joyce warned “we cannot rule out that Russia may intend to use this set of compromises for future offensive cyber operations as well. It provides basic infrastructure that they can launch from.”
Ukraine: The Perfect Test Range
Cisco Systems, Inc said it believes the recent VPNFilter malware launch was most concentrated in Ukraine, where Russian-backed hacker groups are believed to have carried out thousands of cyber attacks over the past four years, targeting everything from the Ukrainian power grid, to the financial and electoral systems.
Though Russia has denied it, U.S. Intelligence officials believe that Russian-backed hackers were behind last summer’s NetPetya attack, a malware virus that appeared to be heavily concentrated in Ukraine, though it also spread rapidly through Europe. The virus was seen as an extremely sophisticated attack that rendered many computers and networks damaged beyond repair.
In February, the White House published a statement calling out Russia’s role in what it called ‘the most destructive cyberattack in history’ and ‘causing billions of dollars in damage across Europe, Asia and the Americas’.
Chris Inglis, Former Deputy Director, National Security Agency
‘Russia has long used cyber as a coercive instrument of power, enjoying significant benefits and few consequences. Their actions in NotPetya were brazen, impactful and indiscriminate – likely intended to impose costs on the Ukraine but, in the end, inflicting hundreds of millions of dollars in costs and lost opportunity to innocent people and enterprises around the globe. The result is an increasingly emboldened and unapologetic Russia that continues to enjoy significant leverage from relatively modest investments in cyber capability and infrastructure. The possible takedown of the Russian controlled Botnet would thus seem to be a reasoned and reasonable challenge to the growing and unacceptable threat posed by Russian cyber adventurism.’
‘Russia has historically (since the 2014 invasion of Crimea) used Ukraine almost as a test range for offensive cyber capabilities. They clearly have the go-ahead to take aggressive action (witness the Dec 2015, Dec 2016 attacks on the power grid and the NotPetya attack). They are also not overly concerned with collateral damage; NotPetya was a destructive attack aimed at the Ukrainian government, and also took out Russian entities and commercial firms like Merck, Maersk, FedEx, and Mondelez. Combined, these factors and the high preponderance of infected routers in Ukraine make me think the likelihood of offensive action against Ukraine is high, if not necessarily imminent. I would also be concerned that there would be widespread collateral damage via other infected routers and malware that propagated without constraint.’
The Modern-Day Cuban Missile Crisis?
In October 1962, the U.S. and Soviet Union faced off over the Soviets installation of nuclear missiles in Cuba. President John Kennedy cited the proximity and reach of the missiles and the threat posed to U.S. national security as he enacted a naval blockade, drawing a very clear line.
Crisis was averted when the Soviets agreed to remove the missiles in exchange for a promise by the U.S. that it would not invade Cuba.
Today’s cyber crisis is similar in terms of the risk to U.S. national security, according to experts, but different, in that the U.S. has no clear and obvious deterrent this time around, and the missiles are already here. The Trump Administration in April, accused Russia of a coordinated ‘multi-stage’ campaign’ to hack into critical infrastructure networks and conduct ‘network reconnaissance” while attempting to delete evidence of their intrusions.
‘Russia’s willingness to use cyber as a strategic instrument of power has enjoyed great success in many cases, though they have not paid any real price, they have gained valuable operational experience, and have established an effective deterrent capability. Now add the recent Trump administration’s announcements that the Russians are targeting U.S. critical infrastructure and the fact that we have no clear strategy or policy to rapidly (like a Manhattan-type Project) and effectively secure and defend that infrastructure and impose costs on the Russians even if they simply threaten us. In my opinion, I see no logical difference between the placement of Soviet missiles in Cuba and the placement of Russian Malware in our critical infrastructure. We almost went to nuclear war over the simple basing of those missiles in Cuba, but hardly a peep over the Russian “basing” of malware on our own soil.’
Want to read more about the Russian Threat to U.S. national security? Check out The Cipher Brief’s newest column ‘Moscow Station‘. Written by former CIA Officers and headed up by the former Director of the CIA’s National Clandestine Service, Moscow Station keeps you up-to-speed on the evolving strategic threats that traditional news networks aren’t focused on. Sign up for The Cipher Brief’s daily newsletter for updates on national security news that matters.
No comments:
Post a Comment