Fake News & Botnets: Russia Has Weaponised The Web

It began in 2007, when a Russian-speaking mob began rioting in the streets of Tallinn, the capital city of Estonia following the government had announcment that a bronze statue of a heroic second world war Soviet soldier was to be removed from a central city square. 

For ethnic Estonians, the statue had less to do with the war than with the Soviet occupation that followed it, while for the country’s Russian-speaking minority, 25% of Estonia’s 1.3 million people, the removal of the memorial was a sign of ethnic discrimination. Russia’s government warned that the statue’s removal would be “disastrous” for Estonia.

Hacker took down Estonia’s Systems
Estonia boasts the most technologically advanced system of government in the world. Every citizen possesses a digital identity, an identification number and login code for access to completely digitised interactions with the state. 

Estonians can vote online, file their taxes, check medical records, access the national health care system, and receive notifications of most government attempts to access their personal records. About 97% of the country uses digital banking. The Estonian national ethic is built on the idea that every citizen is transparent and the state is too. 

This makes Estonia extremely efficient, and extremely vulnerable. “We live in the future. Online banking, online news, text messages, online shopping, total digitisation has made everything quicker and easier,” said Jaan Priisalu a senior fellow at NATO's Cyber Defence Centre in Tallin. “But it also creates the possibility that we can be thrown back centuries in a couple of seconds.” Over the following two nights after the statue came down, as the street battles began to wane, the attacks on Estonia’s technological infrastructure picked up. 

The authorities were slow to recognise what was happening. It wasn’t until 24 hours later when the national defence minister realised he was unable to log on to the ruling party’s website that they knew they had a major problem on their hands. Then the mail server for parliament crashed. News sites began to falter. Some of the country’s most widely read publications disappeared altogether.  “Mail-bombing” email barrages and volleys of status and location queries overloaded servers across the country, bringing crucial parts of the Estonian internet to a halt. 

Some websites, according to the BBC, were “defaced,” redirecting users “to images of Soviet soldiers and quotations from Martin Luther King Jr about resisting evil”. “War dialing”, in which automated phone calls target a company or institution, placed a virtual blockade on phone numbers for government offices and parliament. In May, Hansabank, Estonia’s biggest bank, had to cease online services and international card transactions temporarily.

The digital firepower arrayed against Estonia was massive and intense. One thousand data packets per hour were travelling through the country’s networks on the first day. On the second day, it was 2,000 per hour. At its highest point, it was 4m per second. 

Ordinary computer users, many of them with no prior hacking experience, volunteered to become “script kiddies,” wielding premade freeware code scripts to contribute to the attack. Botnets cost money, and this was funded by online accounts that anyone could pay into. The attacks seemed somehow to have been outsourced, with the cost of the aggression crowdfunded.
The government was baffled. Were the attacks the opening moves of a military invasion? Estonia had recently joined Nato, despite the vocal protests of its Russian neighbour. Should it activate Article 5, the mutual defence clause of the security group’s charter?

Finally, on 19 May, 2007, the attacks were stopped. The Estonians had implemented a simple, almost absurdly sad solution: they pulled the plug.

The most wired country in the world severed its international electronic connections and largely disappeared from the internet, bringing what military historians now call the first internet war to an abrupt halt. It was a decisive victory for whoever had perpetrated the attacks.

No one has ever claimed responsibility, but it soon became apparent to Priisalu and many others that Russia was responsible. Russia had an obvious, and publicly stated, political motive: its opposition to the removal of the statue. More importantly, the events in Estonia helped crystalise an emerging consensus that cyber-attacks could constitute warfare. The attacks on its digital infrastructure had paralysed parliament, shut down banks, and fuelled violence in the streets. It was, Priisalu concluded, undoubtedly an act of war.

Perhaps more telling was the fact that the strategies used in Estonia had already been included in a Russian manual of war. In 1998, Sergei P Rastorguev, a Russian military analyst, published Philosophy of Information Warfare, which included a lengthy version of this anecdote:

Once there was a fox that wanted to eat a turtle, but whenever he tried to, it withdrew into its shell. He bit it and he shook it, but he wasn’t getting anywhere. One day he had an idea: he made the turtle an offer to buy its shell. But the turtle was clever and knew it would be eaten without this protection, so it refused. 

Time passed, until one day there appeared a television hanging in a tree, displaying images of flocks of happy, naked turtles – flying! The turtle was amazed. Oh! They can fly! But wouldn’t it be dangerous to give up your shell? Hark, the voice on television was announcing that the fox had become a vegetarian. “If I could only take off my shell, my life would be so much easier,” thought the turtle. “If the turtle would only give up its shell, it would be so much easier to eat,” thought the fox, and paid for more broadcasts advertising flying turtles. One morning, when the sky seemed bigger and brighter than usual, the turtle removed its shell. What it fatally failed to understand was that the aim of information warfare is to induce an adversary to let down its guard. Rastorguev said that one of the most effective weapons in modern conflict was information, or more accurately, disinformation, like the fake news and social media posts that US audiences have been reading since last year’s presidential election, or the stories that whipped Estonian protesters into a frenzy in 2007. 

The core concept of cyberwar has to be understood as something broader than hacks or the defacement of websites. It is psychological manipulation, executed with targeted digital disinformation designed to weaken a country from within. 

Thus, no smoking gun will ever be found: “The Russian theory of war allows you to defeat the enemy without ever having to touch him,” says Peter Pomerantsev, author of Nothing is True and Everything is Possible. “Estonia was an early experiment in that theory.”

Since then, Russia has only developed, and codified, these strategies. The techniques pioneered in Estonia are known as the “Gerasimov doctrine,” named after Valery Gerasimov, the chief of the general staff of the Russian military. In 2013, Gerasimov published an article in the Russian journal Military-Industrial Courier, articulating the strategy of what is now called “hybrid” or “nonlinear” warfare. “The lines between war and peace are blurred,” he wrote. New forms of antagonism, as seen in 2010’s Arab spring and the “colour revolutions” of the early 2000s, could transform a “perfectly thriving state, in a matter of months, and even days, into an arena of fierce armed conflict”.

Russia has deployed these strategies around the globe. Its 2008 war with Georgia, another former Soviet republic, relied on a mix of both conventional and cyber-attacks, as did the 2014 invasion of Crimea. Both began with civil unrest sparked via digital and social media, followed by tanks. Finland and Sweden have experienced near-constant Russian information operations. Russian hacks and social media operations have also occurred during recent elections in Holland, Germany, and France. 

Most recently, Spain’s leading daily, El País, reported on Russian meddling in the Catalonian independence referendum. Russian-supported hackers had allegedly worked with separatist groups, presumably with a mind to further undermining the EU in the wake of the Brexit vote.

As the smoking gun is often missing, we shouldn’t fall for every allegation of assumed Russian involvement. 
Still, certain patterns have emerged from these conflicts, allowing experts to draft a rough model of the techniques Russia uses to destabilise its opponents. First, people’s trust in one another is broken down. Then comes fear, followed by hatred, and finally, at some point, shots are fired. 

The pattern was particularly striking in Crimea. People posted reports on Facebook about gross mistreatment by Ukrainians; dramatic messages circulated on Instagram about streams of refugees fleeing the country; billboards suddenly appeared in Kiev bearing pro-Russian slogans; demonstrations followed. Rising suspicion and mutual mistrust split Ukrainian society. 
In a matter of months, fighting broke out. Russia used the conflict as a pretext to send in “aid convoys”, presenting itself as a benevolent responder to an emergency.

The Kremlin has used the same strategies against its own people. Domestically, history books, school lessons, and media are manipulated, while laws are passed blocking foreign access to the Russian population’s online data from foreign companies, an essential resource in today’s global information-sharing culture. According to British military researcher Keir Giles, author of Nato’s Handbook of Russian Information Warfare, the Russian government, or actors that it supports, has even captured the social media accounts of celebrities in order to spread provocative messages under their names but without their knowledge. 

The goal, both at home and abroad, is to sever outside lines of communication so that people get their information only through controlled channels.

Since 2007, Estonia has established itself as a global hub for thinking about cyber-attacks and, more broadly, about what constitutes an act of war in the internet age. Priisalu has been at the forefront. In 2008, he helped establish the Cooperative Cyber Defence Centre of Excellence, a Nato-funded international research centre in Tallinn that brings together cybersecurity experts from around the world. 

Each year the centre hosts Locked Shields, the world’s largest international cyberwar exercise. In this year’s simulation, 25 member states enlisted representatives to fight off thousands of simultaneous attacks on a virtual country called Crimsonia. The progress of the battle was rendered visually and beamed on to giant screens. Some “soldiers” came in suits, others in sweatshirts, but most logged in from home.

The US has adopted some of Estonia’s programs in its own efforts to combat cyber incursions. In 2009, the American government established its own Cyber Command centre, under the NSA, at Fort Meade in Maryland. Last July, the Trump administration split the command off as an independent agency with a proposed $647m annual budget, 133 operational teams and as many as 6,200 workers. 

Likewise, the Department of Defense has developed its own cybersecurity infrastructure, with dedicated digital “national mission teams” and “combat mission teams”. But the next step in the west’s collective defensive strategy is to develop a consensus about what, legally, constitutes an act of cyberwar.

The question is how the west can maintain its core values of freedom of speech and the free flow of information while protecting itself from malevolent geopolitical actors? For centuries, eastern European countries such as Estonia relied on walls, watchtowers, and fortresses to keep out invaders. The US became the world’s most powerful country in part because it was insulated from foreign threats by vast oceans on two sides. In the internet age, traditional borders are less effective.
To survive in the era of information warfare, every society will have to create ways of withstanding cyber-attacks. Blockchain technology, the underlying protocol of cryptocurrencies such as bitcoin, might for example function as a sort of digital fortress protecting the secure exchange of information online. 

Whatever form these defences take, democratic countries will have to focus more resources on finding and spreading potent and reliable technologies, whether in partnership with private companies or in government cyber labs in Estonia or the US. 
But we will also have to accept the sobering reality that these attacks, like guerilla warfare and suicide bombings, aren’t going away.

What’s more, other countries area already aping these techniques. Russia may be the world’s most open cyberwarfare aggressor, but it’s far from the only one. Iran, Israel, North Korea and the United States, and perhaps other countries, are all active. Permanent globalised digital warfare might become the new cost of living in a connected world.

Guardian

You Might Also Read:

Russia’s Digital Weapons Refined Against Ukraine:

Russian General Brags About Cyberwar Successes:

How A Cyber Attack Transformed Estonia:

 

« More Businesses Could Use Machine Learning
Mercenary Hackers Funded By Nation-States »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

ixAssociates

ixAssociates

ixAssociates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

eSecurityPlanet

eSecurityPlanet

eSecurity Planet is the IT professional's top choice for Internet security news and analysis, technical tutorials, product reviews, and buying guides.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

CASES.lu

CASES.lu

CASES.lu is a government-driven initiative offering awareness-raising, a web resource and other tools to assist SMEs concerning information security.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

The Prelude Institute (TPI)

The Prelude Institute (TPI)

The Prelude Institute is a new type of school designed to help you transition into becoming a cybersecurity analyst by assessing, training and placing you in 15 weeks.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.