“They’ve flooded the information space with nonsense so we can’t get at the truth.”
– Charles Arthur, UK cybersecurity expert
Whilst ranked third among countries in terms of volume of cyber activity (behind the US and China), Russia is regarded as having the most sophisticated and skilled hackers. Unlike the Chinese government which employs thousands of hackers in the People’s Liberation Army, the Russian government’s relationship with resident hackers is much murkier. The trails of cyber attacks originating in Russia tend to end at civilian hacktivist groups and criminal organizations, perhaps providing officials with plausible deniability.
Russian hacking is not just restricted to attacks on large corporations and government institutions. GCHQ and the FBI have warned in a joint statement that hacks on domestic computers and smartphones can be used to coordinate attacks on the UK infrastructure. In the joint “technical alert”, the two countries urged members of the public and businesses to help combat vulnerabilities with basic security precautions. Commenting on the statement, Ciaran Martin, director of the UK’s National Cyber Security Centre said it was a:
“significant moment in the transatlantic fightback against Russian aggression in cybersecurity. We have been tracking some of these attacks for around a year and the attack groups behind them for longer than that. In terms of scale, there have been millions of machines that have been globally targeted. It’s about trying to gain control over the devices to allow them not just to spy on the primary organization but the organizations they connect to.”
The total is believed to include tens of thousands of home devices in the UK alone, which could be used “at scale” for wider operations. Security services admitted they do not know the full scale of attacks by state-sponsored Russian hackers, who are using routers connecting peoples’ homes and offices to the internet, to spy on information going through them, harvesting passwords, data and other information that could later be used in an attack.
FBI Deputy Assistant Director Howard Marshall said breaking into the system and being able to wait:
“is a tremendous tool in the hands of an adversary. We have high confidence that Russia has carried out a coordinated campaign to gain access to enterprise, small office, home office routers and residential routers. This activity isn’t always to steal information from the network that is targeted in these operations, but sometimes used to facilitate other operations that Russians can do against high value targets worldwide.”
Whilst covert hacking is a serious threat, fake social media accounts which show an open hostility to the West on Facebook and Twitter are also dangerous. Cybersecurity expert Charles Arthur said:
“The real Russian attacks are happening on social media: the spread of disinformation and efforts to undermine trust in authoritative sources is almost as big a problem for governments as the undercover efforts to hack emails and computer systems. We usually think of ‘hacking’ as something done where we can’t see it, but a lot of Russia’s efforts are happening right in front of us, on Twitter, Facebook and its public statements - many of which are logically inconsistent, impossible or absurd.”
Facebook and Twitter have taken down networks of accounts with links to the same Russian troll farm responsible for interfering in the 2016 US presidential election. Russia’s Internet Research Agency (IRA) has been using social media accounts to spread inflammatory memes to sow discord. The IRA has gone to new lengths to disguise its involvement, not operating the accounts out of Moscow as it did in 2016, but run by groups in Ghana and Nigeria according to the companies. Facebook’s Head of Security Policy, Nathaniel Gleicher, wrote in a statement:
“They frequently posted about US news and attempted to grow their audience by focusing on topics like black history, black excellence and fashion, celebrity gossip, news and events related to famous Americans like historical figures and celebrities, and LGBTQ issues. Although the people behind this activity attempted to conceal their purpose and coordination, our investigation found links to EBLA, an NGO in Ghana, and individuals associated with past activity by the IRA.”
Another method suspected of being used by the Russians for disseminating fake news is “fishwrapping”. This involves recycling old terror events as breaking news. Threat intelligence firm Record Future, which has published a study of this, has developed tools for detecting and analyzing operations by nation-states and have been tracking this phenomenon. Coining the term “fishwrap”, Record Future says the disinformation network could be acting independently or as part of a foreign government. Co-founder Staffen Truve said:
“Somehow we haven’t seen any way they are trying to monetize what they are doing. So our assumption is that the people doing this are either a state-sponsored actor or a politically inspired group. It’s a classic fear, uncertainty and doubt campaign as part of a larger attempt to manipulate election results in the European Union. These guys are running a professional operation. They keep track of their results, see how many clicks they can get and of course there’s some demographics of the people who are following this and reading it. This could be in preparation for a future operation where once you’ve got established followers to these accounts, you could start spreading genuinely fake news.”
It may not be possible to know with certainty what motivates the Russians to conduct these types of cyber activities but it could well be that Russian officials view this cyber warfare as a political tool which is extremely effective in achieving a geopolitical goal. The new Cold War continues...