Russian Cyber War Training Can Be A Killer

Uploaded on 2016-04-05 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Russia is developing and testing military grade Cyber War weapons on real targets, and finding out what works and what needs improvement.

The problems with this is that most of the testing is conducted on weaker neighbors Russia is not getting along with. For example in late 2015 a large part of western Ukraine suffered a power blackout. Some 1.4 million homes and businesses went dark for several hours because of a computer virus (BlackEnergy) believed to be Russian and deliberately deployed against Ukraine to disrupt a power plants and the electrical distribution system.

From the beginning Ukraine suspected that this was a Cyber War attack that was carried out by Russia as it was the kind of attack that had no monetary reward but was the sort of thing one nation would use on an enemy in wartime. Russia denied any involvement but the Russians always say that even when there is a pile of evidence proving otherwise.

NATO Cyber War advisers immediately went to work helping Ukraine sort out how the attack was carried out and how to protect against future attacks. The investigation concluded that the attacker had first got access to the networks of three small energy companies using spear-fishing attacks (official looking emails that had an attachment which, when opened, secretly installed software that gave the attackers access to the company network.)

After that several other specialized bits of malware (hacker software) were used to map the compromised networks and then carry out crippling attacks. NATO Cyber War investigators found clear evidence of a professional style attack on the energy company networks including careful reconnaissance of the target network to see what items had to be disabled to cause the most damage. The NATO experts gave Ukraine a long list of changes that would have to be made to government and corporate networks associated with all utility (power, water, and so on) and industrial networks.

The forerunner of this Ukraine attacks hit tiny Estonia (population 1.3 million) as early as 2007. In response Estonia, a member of NATO, made a lot of changes and in 2015 formed a Cyber War militia. All this because Russia keeps threatening another major Cyber War offensive. Despite its small size Estonia is the most technically advanced (on a per-capita basis) nation in East Europe and was able to recruit several hundred skilled volunteers who are hard at work pooling their knowledge and skills to better handle more Cyber War aggression from Russia. Ukraine, despite being the largest East European nation is much less well prepared form another Russian Cyber War attack.

Estonia borders Russia and is a member of NATO. That last bit makes Russia reluctant to come in with tanks to take over like they did twice in the 1940s. Instead Russia made a major effort to crush Estonia via major Internet based attacks in 2007. Estonia survived that “invasion” but admitted that this sort of Russian aggression caused great financial damage.

In the wake of these Russian Cyber War attacks Estonia demanded that the UN and NATO declare this sort of thing terrorism and dealt with accordingly. NATO tried to be helpful, but that wasn’t enough. The UN was even less helpful as the UN has a hard time getting anything done when Russia is involved because Russia is one of the handful of founding members that has a veto over such decisions.

NATO did make an effort and in 2008 established a Cyber Defense Center in Estonia. This was the most tangible NATO response to Estonian calls for NATO to declare Cyber War on Russia. NATO agreed to discuss the issue but never took any action against Russia. The Cyber Defense Center was a consolation prize and studies Cyber War techniques and incidents and attempts to coordinate efforts by other NATO members to create Cyber War defenses and offensive weapons. NATO say that this appears to have deterred Russia from making another Cyber War attack.

The Estonians are not so sure as Russia went ahead and invaded Georgia (a nation of four million in the Caucasus) in 2008 and Ukraine in 2014 and still makes very public threats against Estonia. But the Cyber Defense Center in Estonia has proved to be a valuable resource for other nations looking to improve their Cyber War defenses, especially against Russia.

Cyber Wars have actually been going on since the late 1990s and they are getting worse. It started in the 1990s as individuals attacked the web sites in other nations because of diplomatic disputes. This was usually stirred up by some international incident. India and Pakistan went at it several times, and Arabs and Israelis have been trashing each other’s web sites for years.

The Arabs backed off at first, mainly because the Israeli hackers are much more effective. But in the last few years the Arabs have acquired more skills and are back at it. Chinese and Taiwanese hackers go at each other periodically, and in 2001, Chinese and American hackers clashed because of a collision off the Chinese coast between an American reconnaissance aircraft and a Chinese fighter. That was just the beginning for China, which now regularly makes major hacking attacks on the US and other NATO members.

Since 2005 these Cyber Wars have escalated from web site defacing and shutting down sites with massive amounts of junk traffic (DDOS attacks), to elaborate espionage efforts against American military networks. The attackers are believed to be Chinese, and some American military commanders are calling for a more active defense (namely, a counterattack) to deal with the matter.

The Russian attacks against Estonia were the result of Estonia moving a statue, honoring Russian World War II soldiers, from the center of the capital, to a military cemetery in the countryside. The Estonians always saw the statue as a reminder of half a century of Russian occupation and oppression. Russia saw the statue move as an insult to the efforts of Russian soldiers to liberate Estonia and enable the Russians to occupy the place for half a century.

The basic problem here is that most Russians don't see their Soviet era ancestors as evil people, despite the millions of Russians and non-Russians killed by the Soviet secret police. The Russians are very proud of their defeat of Nazi Germany in World War II, ignoring the fact that the Soviet government was just biding its time before it launched its own invasion of Germany and Europe in general. All this means little to anyone from outside East Europe, but for any nations neighboring Russia these Russian resentments have to be carefully monitored.

While many Russians would have backed a military attack on Estonia to retaliate for the insult by an ungrateful neighbor, this approach was seen as imprudent. Estonia is part of NATO and an attack on one NATO member is considered an attack on all. It's because of this Russian threat that Estonia was so eager to get into NATO. The Russians, however, believe that massive Cyber War attacks will not trigger a NATO response. They were so sure of this that some of the early DDOS attacks were easily traced back to computers owned by the Russian government. When that got out, the attacks stopped for a few days, and then resumed from what appear to be illegal botnets.

Russian language message boards were full of useful information on how to join the holy war against evil Estonia. There's no indication that any Russians are afraid of a visit from the Russian cyber-police for any damage they might do to Estonia. And the damage has been significant, amounting to millions of dollars. While no one has been injured, Estonia is insisting that this attack, by Russia, should trigger the mutual defense provisions of the NATO treaty. It didn't, but it was a reminder to all that Cyber War is very real except when it comes time to fight back.

Ein News: http://bit.ly/1YaH7GK

« CEOs Seek Out CIOs With A 'Bias For Action'
CISO Cyber Communications Breakdown »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cyber Castellum

Cyber Castellum

Cyber Castellum is a cybersecurity consulting firm that specializes in the identification of security vulnerabilities in an organization’s technology landscape.