Russia's Greatest Weapon May Be Its Hackers

In hacker jargon, it’s called a “cyber-to-physical effect.” It’s when a hacker reaches out from the virtual world into the real one, often with catastrophic consequences.

In hacker jargon, it’s called a “cyber-to-physical effect.” It’s when a hacker reaches out from the virtual world into the real one, often with catastrophic consequences. The Americans and Israelis pioneered the technique back in 2009 when the Stuxnet program infiltrated Iranian computer systems and wrecked thousands of uranium-enriching centrifuges. But now other players, especially the Russians and Chinese, are getting into the game of remotely using computer networks to destroy infrastructure and threaten human lives. 

Last year, according to a report by Germany’s Federal Office for Information Security, a blast furnace melted down in an unnamed industrial city in Germany after a digital attack on its control systems, causing “massive damage.”

It nearly happened in the United States too, when unknown hackers succeeded in penetrating US electrical, water and fuel distribution systems early in 2014. While old-fashioned, relatively low-tech data hacks make headlines—for instance, high-profile break-ins over the last 12 months to the email systems and databases of the White House, State Department, Department of Homeland Security, Department of Defense and Sony Pictures Inc.—what has security officials seriously worried is the new and dangerous world of cyber-to-physical infrastructure attacks.

“This is not theoretical,” National Security Agency Director Admiral Michael Rogers told the US House of Representatives’ Intelligence Committee recently. Hacking attacks on the U.S. and its allies are “costing us hundreds of billions of dollars,” Rogers warned, and will result in “truly significant, almost catastrophic failures if we don’t take action.”

According to Alexander Klimburg, an affiliate of the Harvard Kennedy School of Government’s Belfer Center and senior research fellow at the Hague Centre for Strategic Studies, “cyberspace today is like Europe in 1914, before World War I. Governments are like sleepwalkers. They do not comprehend the power of new technology and the consequences of misunderstanding each other’s activities.”

According to the US Intelligence Community’s 2015 “Worldwide Threat Assessment” report, Russia and China are the "most sophisticated nation-state actors” in the new generation of cyberwarfare, and Russian hackers lead in terms of sophistication, programming power and inventiveness. “The threat from China is overinflated, while the threat from Russia is underestimated,” says Jeffrey Carr, head of Web security consultancy Taia Global and author of the book Inside Cyber Warfare. “The Russians are the most technically proficient. For instance, we believe that Russian hackers-for-hire were responsible for the Sony attack.”

Last year hackers gained access to thousands of Sony company emails and threatened further damage unless a film lampooning North Korean leader Kim Jong Un was withdrawn from cinemas. “We spoke to [one of the hackers] via an intermediary,” says Carr. “Even after Sony lost 80 percent of its network capability, the hackers were still operating. That shows an incredibly high level of technical ability.”

The Moscow connection is worrying because Russia is the only country to date to have combined cyberwarfare with assaults by conventional guns and tanks. “The Russia-Georgia war of 2008 was a perfect example of a combined kinetic and cyber operation,” says Carr. “Nobody else has ever done anything like that.”
 
Putin has characterized the Internet as a “CIA invention” and this month ordered the FSB to “cleanse the Russian Internet” by forcing all Internet providers to keep their servers in Russia 

Similarly, in the wake of Russia’s annexation of Crimea in April 2014, ground assaults were accompanied by a deluge of mostly low-tech cyberassaults, on over a hundred government and industrial organizations in Poland and Ukraine, as well as attacks on the European Parliament and the European Commission. Many of these attacks featured a modified version of “BlackEnergy,” a kind of malware program known as a Trojan horse that is designed to remotely take over computers. A network of such infected computers, or “bots,” is known as a “botnet.” This can be mobilized to overwhelm a target server with requests for information and crash it—an attack known as Distributed Denial of Service, or DDoS.
“The BlackEnergy malware was authored by a Russian hacker and originally used for DDoS attacks, bank frauds and spam distribution,” says Pierluigi Paganini, founder of the Security Affairs blog and a member of a European Union Agency for Network and Information Security working group. “But the new variant was used in targeted attacks on government entities and private companies across a range of industries.”

One of the biggest mysteries of the latest generation of cyberattacks, known in the US government as Offensive Cyber Effects Operations, is working out who is behind them and whether they are being launched with political or criminal intent.
What’s not in doubt is that Russian hackers have long been kings of the cybercrime world. A group of Russians and Ukrainians were named by US federal prosecutors, as being behind the biggest cybercrime case in US history, a bank-card fraud spree from 2010 to 2013 that cost companies including J.C. Penney, JetBlue and French retailer Carrefour more than $300 million. A group of Russian “click-jackers” were convicted in the US last year for hijacking users of Apple's iTunes store, Netflix, the US Internal Revenue Service, Amazon.com, ESPN.com and the Wall Street Journal website—as well as computers at NASA.

Another as-yet-unidentified hacking ring, based in a small city in south-central Russia, stole some 1.2 billion Internet logins and passwords and more than 500 million email addresses last year by plundering data from more than 400,000 websites, according to US cybersecurity firm Hold Security. And in February the Moscow-based Internet security company Kaspersky Labs revealed details of the biggest Internet heist of all time—a raid on over 100 banks in Russia, Ukraine, Japan, the United States and Europe from 2013 to 2014. Kaspersky reported seeing evidence of $300 million in losses just from the banks that had hired it to clean up the mess—and estimated that the total amount stolen was likely to be around $900 million.    
The exact nature of the links between these criminal hackers and the Russian government remains murky. “Cybercrime, cyberterrorism and cyberwarfare share a common technological basis, tools, logistics and operational methods,” says Klimburg. “They can also share the same social networks and have comparable goals. The differences between these categories of cyber activity are often razor–thin. It’s hard to distinguish in cyberspace between financial and political motivation.”

It is unlikely that such a regime would shy away from using every cyberweapons at its disposal. It’s equally unlikely that, faced with a barrage of what White House spokeswoman Jan Psaki described as “hundreds of cyberattacks a day,” the US will cease and desist from developing some of the world’s most sophisticated cyberweapons in retaliation. The cyber arms race is on.

Newsweek

 

 

 

 

 

« Gartner Predicts Three Big Trends for Business Intelligence
US Calls for Cyber Reform After Massive Hack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

OAS Chain

OAS Chain

OAS Blockchain Renaissance Project presents three platforms that address the major challenges of public blockchain, private blockchain, and IoT security.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.