Beware of Russian Cyber Warfare in 2016

Cyberwar

 

2016/01/06 • Analysis & Opinion, Military analysis, Op-ed

So what was Russia up to in 2015 beyond its continuing war in Ukraine, capturing the Donetsk airport and the Debaltseve area last winter (at a high cost for own men and material, and for the civilian population in the Debaltseve region) and the West allowing Putin a return to world politics through his bombing of Syria?

Russia presented a record military budget and conducted a record amount of military exercises – some among them being some snap exercises causing NATO officials sleepless nights. Most of the exercises took place before Russia’s bombing of Syria, which could be cynically viewed as just another exercise for Russian special forces and Air Force to practice. Russian authorities praise the deadly potential of their military forces in Syria while simultaneously concealing their activities and the resulting casualties both in Ukraine and Syria – as Russia’s actions prove. The exposure of obviously Russian military personnel and military equipment operating in Ukraine has been one of the best means to undermine Russia’s deniable methods of warfare.

On the Russian “home front” the last year saw another wave of criminalization of Russian civil right’s organizations and ordinary citizens, particularly those supporting Ukraine or the Russian political opposition (for some cases see here). The bulk of the Russian population had to cope with decreasing buying power and the ban of certain foreign products; now also products from Ukraine and Turkey. The more wealthy also had to face the fact that Turkey has ceased to be a holiday destination. Those were all issues only reluctantly and far from systematically covered by western journalists and media, leave alone politicians.

But there is another rather neglected issue that might become even more interesting in 2016 than in 2015 as Russia is expected to step up its crusade against NATO and EU with decreasing oil prices and growing geopolitical tensions.

This issue is Russian cyber warfare against individuals, institutions, and crucial infrastructure.

Russia’s methods in the cyber-sphere go far beyond Ukraine or Georgia, two of Russia’s top targets in the last years (see this month’s claimed attack on Ukraine’s energy facilities). Cyber attacks might target any country Russia wants to send a “message” to, ranging from Bulgaria to Germany or even Austria.

Russia’s “troll army” has been already been heavily covered by journalists who are harassed for not fully agreeing with Russia’s view on certain topics as the trolls spread disinformation and/or propaganda. The regime-supporting activities of Russian immigrants in the cyber sphere (especially in the German-language countries, most of whom share the views of the Kremlin) are not to be underestimated, but this unfortunately has been a taboo issue.

Another more serious thing that requires outside action is the blocking of individual accounts in social media – in 2015, Facebock blocked the accounts of prominent Ukrainians on Facebook; and earlier, sites had been blocked that offered information on Russian soldiers killed in Russia’s summer 2014 campaign against Ukraine. The new Twitter guidelines of December 2015 have already proven their “potential” as various anti-Russian/pro-Ukrainian accounts were blocked (interestingly, some accounts that are very similar to blocked accounts and suspected of being “trolls” continue to function).

DDoS (distributed-denial-of-service) attacks and the like are popular measures when it comes to attacks against critical media outlets and blogs, and have targeted a wide-range of websites or accounts on social media. Such methods have been commonly considered as “cyber riots” as they do not require professionals and do not develop deadly potential against individuals or bring down a national economy.

There are other potential activities which go beyond “riots”. One of them is to hack email accounts or personal computers using infected attachments installing malware. Another is to use a bug in Microsoft Windows and other software to spy on computers used by the EU, NATO, sovereign states, or companies in the energy and telecommunications sectors.

The attacker can use the material acquired in these or other ways for diversion, blackmail, or as a basis for future attacks, or the attacker can publish the content online – we have seen this on a rather organized scale with Wikileaks in the last years. Examples for 2015 concerning the collection of material for future purposes have been hacking the email system of the US Pentagon (also used by the US Joint Chiefs of Staff). This was not the first incident of this kind since Russia invaded Ukraine. In the autumn of 2014, a similar attack penetrated unclassified email systems in the White House and State Department (one assumes that unclassified emails of US President Obama were included). In this context, human shortcomings are also of importance – the best example being Hillary Clinton using a private email server as secretary of state and now denying to fully reveal what could possibly have fallen in the hands of foreign agents/secret services.

The known security problems of telephone/internet communications and especially of mobile phones are definitely an issue. Ukraine has gained knowledge of all the weaknesses of modern telecommunication. For example, Russia blocking telecommunication during active warfare. We can only hope the West has learned some lessons. Russia is quite active in this direction as demonstrated by the fact it got hold of a few thousand mobile phone numbers of Polish members of the military in later 2015 (a Russian operator contacted the numbers, offering telephone services).

There have been single probes to paralyze the work of media, enterprises or state institutions with cyber attacks anonymously. The Polish stock exchange was targeted already in October 2014 and the French TV5Monde in April 2015 – the attackers posed as Islamists, but could not conceal their real, Russian, origin. In later 2015, there were “broader actions.” Bulgaria saw severe attacks in October/November 2015 against government websites, causing the country’s president complaining Russia was staging a hybrid war. Turkey has been affected by cyber-attacks since mid-December 2015. Turkish media reported that 400.000 websites with the extension .tr were denied access from abroad. This hack seriously affected official business and private enterprises. According to the latest information, these problems are continuing, notably with online banking.

The most worrying dimension for the public – and with the most deadly potential – are Russian efforts to target crucial infrastructure, for example public transport companies, energy providers and security organizations. One of the more worrying incidents was an attack on Germany’s Thyssen Krupp in 2014, which damaged a blast furnace. In 2015, electricity and transport companies went down in German-language countries, and some incidents happened in the UK – the latest being a media attack on the BBC.

However some of the recent examples, such as the reported disruption of power to Crimea or a fire on a landlide of the major internet provider in Azerbaijan, that caused the internet to go down on 16 November 2015, show that cyber attacks are not a prerequisite to cause internet / energy shortages.

Tags: , , , , ,