With SolarWinds Hack, suspected Russian hackers are once again bending Moscow’s Spycraft Muscle

MOSCOW – In September, Russian President Vladimir Putin proposed a resumption of US-Russia relations in the field of information security and called for a ceasefire to prevent cyberspace incidents.

While the hack so far appears to fall outside a destructive cyber attack, the use of insidious craftsmanship and an unprecedented digital toolkit serves as a potent reminder of Russia’s cyber capabilities and its willingness to use them on a large scale, analysts say. The range of goals – from the departments of trade, state and homeland security to the national institutes of health – could provide Russian leaders with indispensable intelligence and secrets that can be used at a later date.

Ultimately, the hack signals to the West that years of international sanctions have not hampered Russia’s global ambitions or deterred its security apparatus from conducting broad-based operations without impunity, analysts say.

“It’s always good to sneak into these systems and gather some intelligence that you can use in the future. It is classic industrial and political espionage, “said Andrei Soldatov, an expert and author of Russia’s spy agencies.

“At the political level, this can also be very important,” he said. “Such operations send a message that Russia has its strong intelligence agencies and that they cannot be slowed down by the Americans.”

A suspected Russian cyber attack by the federal government has violated at least six departments at the cabinet level. WSJ’s Gerald F. Seib explains what the hack means for President-elect Joe Biden’s national security efforts. Photo illustration: Laura Kammermann

Mark Galeotti, an expert on Russia’s intelligence services and senior associate fellow at the British think tank Royal United Services Institute, said the hack shows that Russia will continue its cyber operations undiminished.

“If you think the Americans are looking for you, as many in Russia do, you have no reason not to do your worst,” he said.

The Kremlin has denied involvement in the hackers. Sir. Putin’s spokesman Dmitry Peskov on Monday called the allegations “a continuation of blind Russophobia.” Russian officials said this week that the country is not conducting “offensive” operations in cyberspace. In his statement from September, Mr. Putin to reach agreement “on non-first strike with the use of [digital technologies] against each other. ”

SVR leader Sergei Naryshkin in October.


Sergei Karpukhin / Zuma Press

US intelligence leaders often acknowledge the extreme level of cyber skills possessed by Russian hackers, but always say that they are not as good as the American spies can handle. A former senior U.S. intelligence official said the hack should provoke a period of serious reflection on whether Russia’s hackers are superior, because an honest admission that the United States has fallen behind a chief opponent could entail a necessary commitment to improve cyber capabilities and defense.

“People in the Pentagon do not like to think that the Russians are better than us in anything,” the former official said. “We are playing a game against opponents who are our equals, perhaps our superiors, in the cyber domain.”

U.S. and Russian experts say that since the hack did not appear to have altered or damaged data, and no computer systems or other infrastructure appears to have been damaged so far, it was a classic act of cyber espionage and a modern example of fierce power competition. .

“Cyber ​​espionage is a legitimate state activity,” said Vladimir Frolov, a former senior Russian diplomat and Moscow-based political analyst. “Every self-respecting state does that. Given a similar opportunity to gather information on Russian targets, the NSA or CIA would not hesitate for a moment. ”

But the large size of the Russian heist is changing the dynamics of the action and should be taken into account in Washington’s potential response capabilities, some U.S. intelligence officials and security experts have said.

“In no way, shape or form have they exercised any discretion that they have met the standard of necessity or proportionality,” Chris Inglis, the former deputy director of the NSA, said during a panel discussion Thursday on the hack. “It’s shameless, it’s effective, it’s arbitrary.”

Russian cyber operations have been evolving since 2016, when US intelligence found that Russia was interfering in the presidential election, which Moscow denies.

Four years ago, hackers relied primarily on spearphishing – an attack that involves posing as another person to trick an email recipient into clicking a malicious link – to steal login information. They have recently used more reconnaissance tactics, such as password sprays, which target a wider network of people with automated attempts to essentially guess passwords.

In the latest hack, instead of targeting organizations directly, hackers broke in through a software backdoor and used it as a springboard to reach their brands. They sneaked their malicious code into the legitimate software of a trusted software maker – an Austin, Texas-based company called SolarWinds. Corp.

and its software called Orion. As many as 18,000 companies downloaded the malicious SolarWinds update.

On Sunday, at a ceremony on the outskirts of Moscow commemorating an SVR anniversary, Mr Putin praised the agency’s intelligence operations.


Aleksey Nikolskyi / Kremlin Pool / Zuma Press

While U.S. government officials and cybersecurity experts have concluded that Russia is likely to be responsible for the hack, the actual perpetrator behind the violations is less certain.

Some US officials and experts suspect that Russia’s foreign intelligence service, known by the initials SVR, was behind the violations, although other security experts involved in probing the hack believe a previously unknown Russian cyber espionage group may be responsible.

Sir. Soldatov said the hack could have been a joint operation between the SVR and the Federal Security Service or the FSB, Russia’s domestic spy agency, which is known for its extensive cyber functions and has experience with similar hacks, he said. SVR, on the other hand, does not have the same cyber resources and technical expertise and would have been involved in providing intelligence on how and where to carry out the hack, he added

Another Russian security agency, the Military Intelligence Service, known as the GRU, has gained fame in recent years and was linked by US authorities to cyber interference during the 2016 elections and other operations in subsequent years that knocked out Ukraine’s energy network. mails from the French. the president’s party and damaged global systems.

While there is still uncertainty as to whether the recent cyber theft involved cooperation between intelligence agencies, it is clear that with competition between such organizations in Russia pulling a hack like this, it could be a way to gain an advantage over rivals, according to analysts.

“They all want to prove to the boss [Mr. Putin] that they are the best, the most imaginative, the most loyal, ”Galeotti said. “They are all competing for access, for resources. “Russia is a system where agencies can be consumed by their rivals if they look weak or ineffective.”

Russian officials have gone on the counterattack, accusing their nation of being the target of foreign hackers.

Konstantin Kosachev, chairman of the Foreign Affairs Committee of Russia’s Supreme Parliament, claimed last week that approx. 30% of hacking attacks on Russia come from the United States.

Sir. While denying state-sponsored hacking campaigns, Putin has previously defended Russian cyber spies and compared hackers to artists.

“If artists get up in the morning and feel good, all they do all day is paint. The same goes for hackers, ”he said in 2017.“ If they feel patriotic, they will, as they believe, start contributing to the legitimate fight against those who speak ill of Russia. ”

On Sunday, at a ceremony on the outskirts of Moscow commemorating an SVR anniversary, Mr. Putin, the agency’s intelligence operations, said it should focus on securing information security, among other things.

“I know firsthand what we are talking about here, and give my utmost praise for these complicated and professional operations,” he said.

Write to Georgi Kantchev at [email protected] and Dustin Volz at [email protected]

Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8