The Russian Cyber Threat: Views from Estonia

Tensions between Russia and its adversaries in the West are escalating. In recent years, Russia has undermined the security of its neighbors by violating their land borders, crossing into their airspace unannounced and harassing them above and below sea level. Less noticed or understood, however, are Moscow’s aggressive actions in cyberspace. The small Baltic country of Estonia—a global leader in digital affairs—is well-placed to shed light on the tactical and strategic aspects of Russia’s offensive computer network operations.

In fact, three civilian and intelligence agencies responsible for cyber security—the Estonian Information System Authority, Internal Security Service and Information Board—recently issued reports that help put together different pieces of the puzzle. The conclusion is that “in cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO.” Now policymakers on both sides of the Atlantic must decide what to do about it.

In the long term, this includes undermining and, if possible, helping to dissolve the EU and NATO.

Russia has been developing and employing offensive cyber capabilities for years. Russian cyber threat groups consist of professional, highly skilled practitioners whose daily jobs are to prepare and carry out attacks. And they don’t go after low-hanging fruit; instead, they receive specific orders on which institutions to target and what kind of information is needed. Criminals, hacktivists, spies and others linked to Russian strategic interests are usually well-financed, persistent and technologically advanced. They have a wide range of tools and resources, including the ability to carry out denial-of-service attacks, develop sophisticated malware and exploit previously unknown software vulnerabilities. Russian threat actors cloak their identities by using remote servers and anonymizing services. They target everything from the mobile devices of individuals to the IT infrastructure of entire government agencies.

Often, Russian threat actors map target networks for vulnerabilities and conduct test attacks on those systems. After carrying out reconnaissance, they conduct denial-of-service attacks or try to gain user access. Common techniques include sending emails with malicious attachments, modifying websites to infect visitors with malware and spreading malware via removable media devices like USB drives. Once inside, they continue to remotely map networks, attempt to gain administrator-level access to the entire network and extract as much sensitive data as possible. Such access also lets them change or delete data if that’s what the mission requires. They’ll often go after the same targets for years to get what they need. They have the confidence that comes from perceived anonymity and impunity; if they make a mistake or fail, they’ll simply try again.

These tactical activities are carried out in pursuit of strategic objectives. In the long term, this includes undermining and, if possible, helping to dissolve the EU and NATO. Moscow also aims to foster politically divided, strategically vulnerable and economically weak societies on its periphery in order to boost its own ability to project power and influence on those countries’ decisions. Russian cyber threat actors help by stealing military, political or economic data that gives Russia advantages in what it sees as the zero-sum game of foreign relations. The exfiltrated data can be used to recruit intelligence agents or provide economic benefits to its companies. Cyber capabilities can also be used to carry out influence operations that undermine trust between the citizens and the state. Telling examples of that strategy include its multi-week distributed-denial-of-service (DDoS) attacks against Estonia in 2007, its coordinated attacks against Ukraine’s 2014 presidential elections and the false-flag operation against a French telecommunication provider in 2015.

Most worryingly, today’s intelligence operations can enable tomorrow’s military actions. Influence operations, including the use of propaganda and social media, can create confusion and dissatisfaction among the population. Denial-of-service attacks can inhibit domestic and international communication. Coordinated, plausibly deniable attacks on multiple critical national infrastructure sectors can disrupt the provision of vital services such as energy, water, or transportation. This can provide a context for the emergence of “little green men”. Malicious code can be weaponized to hinder military and law enforcement responses. Clearly, cyber capabilities have the potential to be a powerful new tool in the Kremlin’s not-so-new “hybrid warfare” toolbox. With enough resources and preparation, they can be used in attempts to cause physical destruction, loss of life and even to destabilize entire countries and alliances. Such operations could be but a decision or two away in terms of planning, and perhaps several months or years before implementation. What can be done about it?

Preventive and countermeasures exist at the personal, organizational, national and international levels. Individuals should take “cyber hygiene” seriously, since Russian threat actors target both personal and work devices. This includes employing basic security technologies, backing up data, not visiting dubious websites and not opening suspicious emails. Organizations that handle sensitive information should adopt stricter security policies, including for handling of work-related data on personal devices. Information systems managers must be especially vigilant since they are primary targets, and weak personal security on their part may compromise national security. For their part, governments must enact the basics: computer security laws, national cyber strategies, a police focus on cybercrime, national CERTs, public-private partnerships and capable intelligence agencies. They also need continuous training and exercises to keep relevant agencies prepared for their missions. Finally, global cooperation and expeditious exchange of information among cyber security firms, national computer security incident response teams (CSIRTs) and security services are key to identifying Russian attack campaigns and taking defensive countermeasures.

All such countermeasures comprise elements of a deterrence-by-denial strategy that aims to raise the cost of carrying out malicious operations. States have also undertaken diplomatic initiatives to manage the potential instability that could result from the use of weaponized code—namely confidence-building measures, norms of responsible state behavior and attempts to agree on international law. While laudable, none of these have curbed Russian cyber aggression in the short term. For example, Russia’s coordinated December 2015 attack on the Ukrainian electrical grid—highlighted in all three agencies’ reports—was clearly an attack on critical national infrastructure that violated tentative international norms signed by Russia, possibly even while the campaign was being prepared. Defensive and diplomatic countermeasures must be complemented by a cohesive strategy of deterrence-by-punishment by individual countries as well as like-minded allies.

Cyber threat actors with links to Russia (APT28/Sofacy/Pawn Storm, the Dukes/APT29, Red October/Cloud Atlas, Snake/Turla/Uroburos, Energetic Bear/DragonFly, Sandworm Team and others) target NATO members on a daily basis—mainly for espionage and influence operations. But a recent SCMagazineUK article claims that the FSB plans to spend up to $250 million per year on offensive cyber capabilities. “Particular attention is to be paid to the development and delivery of malicious programs which have the ability to destroy the command and control systems of enemy armed forces, as well as elements of critical infrastructure, including the banking system, power supply and airports of an opponent.” Clearly, we had better be prepared.

Join the Conversation

1 Comment

  1. The U.S. State Dept. has been infested with communists since WW1 and Woodrow Wilson, they tried to steal the Russian elections for their comrades in the Russian Communist Party through non-profit n.g.o.s… just like at home in America…

    But Vladimir Putin beat them, so they launched a fággot jihad against the Russian Orthodox church over the punk rock band and the Olympics (something Bítch Romney stupidly piled onto)… Miss neo-kabbalah lesbian Madonna, now rumored to be a Muslim convert, was flown in to agitate while Hillary was on a world-wide gay pride tour.

    When the Iron Curtain came down the Bolsheviks all fled to the other side because they knew what the Russians would do to them after 100 years of communism. The best thing about Russia getting Crimea back… Catherine the Great took it from the Turks… What happened right after Russia retook Crimea? The Russian FSB searched all the Turks living there… Why? Because NATO sponsors Islamist terrorism when it suits them to.

    The EUSSR needed Libya’s oil, but Muammar Gadaffi decided he wanted gold instead of worthless fiat currency from the EU… What was the first thing NATO did when Gaddafi was deposed besides stealing all of Libya’s gold? Form a new government? NOPE, they formed a new Libyan national bank. Now, why would they do that? Because even if Muammar was deposed, he and his heirs would still be the sole proprietors!

    While Leon Puñettas was so busy with gay pride celebrations at the Pentagon, three Navy Seals and a U.S. ambassador were murdered, all because everyone was being so fúcking gay.

    Like with the nonsense in Syria, the U.S. State Department armed terrorist rebels to get rid of Gadaffi, the same ones that killed Ambassador Stevens and stole weapons from that secret armory in the basement… It was easy to dispose of the hated Muammar Gaddafi, but Bashar al Assad has friends… Syria and Ukraine are the same scenario as Serbia… NATO bombed Serbia so the IMF could make loans for rebuilding and get control of Serbian iridium assets.

    Albanian Muslims operate human slaughterhouses in Kosovo where they rip out the organs of Christians to sell to Turkey and Saudi Arabia… How is Hillary Clinton’s “reset button” working out for America, comrade Maldre?

    The banksters need a war desperately right now. They’ve tried so hard in Syria and it just hasn’t worked. Now they’ve got crazy Trump actually saying we should stay out of the Middle East and focus on our own problems, and people are listening… What’s a self-respecting globalist financier to do?

    Without the US military killing people and breaking things, there is no future growth path for them. So they send their puppets like Kasich and Romney out to talk up the fight against “evil” and threaten Russia and China, hoping to fool those dumb white ‘Murkins one more time into sending their sons off to die for God and Country and Goldman Sachs.

    The IMF is in bed with the Turks, Saudis, and NATO, they are worried about a Trump audit of the Federal Reserve… and about Trump and Putin teaming up to destroy them once and for all… Trump is a vote for peace, and peace does not make money for the weapon industry. The pseudo secular media and their globalist masters profit from destabilization.

Leave a comment
Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.