Moscow’s Hackers Are a Threat Nobody Is Paying Attention To

April 23, 2014

It’s Not Beijing’s Hackers You Should Be Worried About, It’s Moscow’s

Shane Harris

Foreign Policy

When U.S. officials warn of the threat foreign cyber spies pose to American companies and government agencies, they usually focus on China, which has long been home to the world’s most relentless and aggressive hackers. But new information shows that Russian and Eastern European hackers, who have historically focused their energies on crime and fraud, now account for a large and growing percentage of all cyber espionage, most of which is directed at the United States.

Individuals and groups in eastern Europe, and particularly in Russia and Russian-speaking countries, are responsible for a fifth of all cyber spying incidents in the world, according to a global study of data breaches conducted by Verizon, published on Tuesday. The spies are targeting a range of companies as varied as the global economy itself, and are stealing manufacturing designs, proprietary technology, and confidential business plans. The cyber spies steal information on behalf of their governments in order to manufacture cheaper versions of technologies or weapons systems, or to give their home country’s corporations a leg up on their foreign competitors.

The report is based on information provided by computer security companies as well as the U.S. Secret Service and the Department of Homeland Security. Last year, it attributed nearly all incidences of cyber espionage — 96 percent — to sources in China. Russia and Eastern Europe didn’t even rank in the findings. The United States is by far the biggest victim of cyber espionage, accounting for 54 percent of spying incidences, the report found.

The report’s authors say the increase in spying attributed to Russia and Eastern Europe this year is partly the result of new sources of information that reveal more than was previously known about the long reach and sophistication of hackers in those countries. It’s difficult to know precisely how much cyber espionage by Russia had gone undetected in the past — Russian hackers have gone to great lengths to cover their tracks, unlike their counterparts in China, who have generally been easier to detect, said Alan Paller, the a cyber security expert at the SANS Institute.

But that Russian spying is on the rise seems clear, experts said. Spies in East Asian countries, primarily China and North Korea, were still the most active globally, accounting for 49 percent of all cyber espionage incidents, according to the Verizon report. But that data could be skewed by the fact that more cyber espionage campaigns were attributed to Chinese sources — there could be other Russian campaigns that haven’t yet been detected.

That may come as unsettling news for Obama administration officials, who have been watching warily as Russian forces in Ukraine have incorporated cyber spying and warfare alongside conventional military strikes in their swift takeover of Crimea and what looks like an increasingly likely invasion of eastern Ukraine. The report offers new and compelling evidence that Russia is just as interested as the long-time spymaster China in using cyberspace to steal secrets from governments and corporations. And viewed alongside Russia’s successful cyber operations in Ukraine in the past few months, it suggests that Moscow is aggressively ramping up its efforts to dominate cyberspace both for spying and military purposes.

"Intelligence services, as well as cyber criminals, operating in Russia have an interest in collecting information on our government, industry, and economy," said White House spokesperson Laura Lucas Magnuson. "These threats are not going away. We are addressing them by improving our network defenses, sharing information on known vulnerabilities with the private sector, and implementing the president’s executive order on improving cybersecurity for U.S. critical infrastructure."

The Russian forces in Ukraine have integrated cyber operations and conventional military tactics in seamless fashion, current and former U.S. officials and experts say. As soon as Russian forces moved into Crimea, they took over the state-owned telecommunications provider and jammed cell phone signals and severed Internet connections between the peninsula and the rest of the country. Customers across the region lost phone and Internet service, effectively shutting them off from the outside world. Two Ukraine government Web sites also went offline, presumably the targets of Russian hackers trying to stifle the flow of official information out of Kiev.

The Russian military then began a series of conventional and cyber operations against Ukraine’s military. As commando troops took up positions in Crimea and seized official buildings, Russian naval vessels that carry radio and cell phone jamming equipment were spotted in the port of Sevastopol. Eventually, the Russians cut off Ukrainian forces in Crimea from their command and control systems, NATO commander Gen. Philip M. Breedlove told the New York Times. It was textbook operation that combined centuries old combat tactics with cyber-age assaults.

U.S. intelligence agencies were largely caught off guard by the Russian invasion. The occupying forces limited their use of radios and cell phones and went mostly undetected by the United States’ surveillance networks, current and former officials said, an indication of the Russians’ technological savvy.

"It looks like the Russians learned from Osama bin Laden and used couriers," Joel Harding, a former military intelligence officer who worked for the Army’s intelligence command and has experience in surveillance operations, said in a recent interview. "They held access to those with a need to know and exercised strict discipline in communications security. That is the best professionalism I’ve seen from them ever."

The Russian success is especially stinging for the U.S. because these types of blended attacks — cyber strikes launched alongside military operations — are what U.S. military and intelligence officials have for years said will be the hallmarks of America’s future way of fighting a war. Indeed, the US military is spending billions of dollars to integrate cyber warfare into military combat and intends to train a force of 6,000 cyber warriors by the end of 2015, Defense Secretary Chuck Hagel has said.

Also worrying for U.S. officials is the extent to which criminal hackers in Eastern Europe are forging alliances with the Russian government, effectively acting as cyber mercenaries. “I do think there are probably groups in Eastern Europe that not only dally in financially motivated crime, but also espionage,” said Chris Porter, a co-author of the Verizon report. How much that’s actually happening is hard to ascertain, because there’s limited objective data on the matter, Porter said. But what is certain is that the U.S. doesn’t hire criminal hackers to attack foreign governments on its behalf. That puts the U.S. at a disadvantage if other countries are willing to employ more aggressive tactics and hire skilled criminals to do their bidding.

The Verizon report found that cyber spying is on the rise around the world, not just in Russia and Eastern Europe. The number of spying incidents in the new report was three times last year’s, which can partly be attributed to having more and better sources of information. But even accounting for those new datasets, the number of espionage cases grew since last year, the report’s authors conclude.

Russian and Eastern European hackers appear to be interested in stealing the same kinds of information as their Chinese counterparts and are targeting generally the same industries, the report found. Classified military and intelligence information held in government computers tops the spies’ list of targets. Hackers are also trying to infiltrate utility companies, mining companies, and law firms.

The Verizon report doesn’t specify what types of information the hackers have stolen from those companies. But separately, security experts have documented an increase in espionage campaigns in the past few years targeting information about how U.S. oil and natural gas pipelines are designed and controlled, as well as where American companies are looking for new sources of fuel. The hackers have also infiltrated law firms to gain insights into where American companies are attempting to gain rights to drill for oil and mine precious minerals. Given that Russia’s economy is largely dependent on energy, that kind of information would be of extraordinary value to the Russian government and energy companies.

Spies in East Asian countries, primarily China and North Korea, were still the most active globally, accounting for 49 percent of all cyber espionage incidents. But that data could be skewed by the fact that more cyber espionage campaigns were attributed to Chinese sources — there could be other Russian campaigns that haven’t yet been detected.

The vast majority of espionage — 87 percent — was attributed to “state-affiliated” groups, the report found. That could mean hackers working directly for a government or with its clandestine support, but still largely taking their marching orders from state officials.