News / Science & Technology

    Russia Plays Big Role in Cyber Spying, Hacking

    A man types on a computer keyboard in Warsaw in this Feb. 28, 2013 illustration file picture.
    A man types on a computer keyboard in Warsaw in this Feb. 28, 2013 illustration file picture.

    Even in these times of incessant cyber-attacks and Internet hacks, the news took many security analysts by surprise – and led to the doors of the Kremlin.

    Late in October, computer networks at the White House were breached by an outside group, causing disruptions throughout the entire system.  White House officials were quick to point out that the hacked systems did not contain classified information, and moved swiftly to plug the security holes.

    Still, the White House computer systems are among the most highly fortified in the world. So who was behind the successful and brazen attack?

    The White House blames hackers tied to Moscow. And, coming on the heels of other reports of alleged Russian cyber-attacks targeting the governments of Germany, Ukraine among others, and military resources at NATO headquarters, the White House hack is raising alarm that one of the most serious threats to online security may not be coming from China, but from Russia.

    “The Russians are a lot more sophisticated in terms of state-sponsored attacks than the Chinese,” says Darren Hayes, director of cyber-security at Pace University. “It’s of concern because often various traditional mechanisms used for stopping these types of attacks are rendered useless.”

    Russian cyber moves

    Russia was one of the first nations to move assertively into the digital sphere.

    As far back as 1998, long before most nations even began thinking about cyber-security, the Kremlin directed “Directorate K,” a government agency, to begin operations to monitor and defend against hackers and spammers. In recent years, Directorate K has since taken on a greater offensive role in the digital arena.

    In what is widely considered the first nationally coordinated cyber-attack against another nation, Russian hackers in 2007 launched waves of massive cyber-attacks against Estonia, effectively crippling the nation. One year later, a similar operation targeting Georgia was launched from Russian ISPs.

    “Russia is clearly testing NATO and the West,” Urmas Paet, Estonia’s Foreign Minister, warned at the time.

    “And that was before Ukraine,” said Hayes, an expert on Russia’s cyber activities. “Here, we’re seeing the convergence of military aggression – as we’ve seen what’s happened the last few days in Sweden for example – with cyber-attacks. The cyber-attacks can be just as devastating as an actual kinetic attack. They’re having tremendous success.”

    Analysts say Russia’s moves are getting far less notice than China’s cyber exploits.

    “The threat from China is overinflated, (and) the threat from Russia is underestimated,” said Jeffrey Carr, who heads the web security firm Taia Global and author of the book Inside Cyber Warfare. “Russia certainly has been more active than any other country in terms of combining cyber-attacks, or cyber-operations, with physical operations,” he told VOA. “The Russia-Georgia war of 2008 was a perfect example of a combined kinetic and cyber operation.  And nobody else has ever done that – China has never done anything like that.”

    Kurt Baumgartner is the Principal Security Researcher at the web-security firm Kaspersky Lab, and has been tracking various major malware Russian-speaking threats including “RedOctober”, “Epic Turla” and others. Two of those most recent threats, “Sandworm” and “Crouching Yeti,” have been linked back to Russia because of Russian language coding.

    But Baumgartner said Kaspersky has not yet been able to definitively tie these attacks to sources in Russia.

    “Cyber-espionage seems to be the name of the game,” he told VOA via email. “But, source attribution is practically impossible as cybercriminals have been known to use various techniques to keep themselves hidden (using different languages from their own in their code or work, constantly changing locations or working with a large organization of criminals.”

    US eyes Russia

    The cyber-threat posed by Russia may not be new, but it appears leaders in the U.S. intelligence and military communities see it as a growing problem.

    Earlier this year, speaking before the House Permanent Select Committee on Intelligence, James Clapper, the U.S. Director of National Intelligence, spoke to what he sees as the unique threat that Russia poses in the digital world.

    “Russia presents a range of challenges to U.S. cyber policy and network security,” Clapper told the committee. “Its Ministry of Defense is establishing its own cyber command, according to senior MOD officials, which will seek to perform many of the functions similar to those of the U.S. Cyber Command. Russian intelligence services continue to target U.S. and allied personnel with access to sensitive computer network information.”

    Some months later, speaking at a conference in Austin, Texas, Clapper was more blunt.

    “I worry a lot more about the Russians than China," he said.

    A DNI spokesperson told VOA via email that Clapper’s warning referred directly back to his cautionary statements made in public about Russian hacks.

    Kaspersky’s Baumgartner point to what he calls a “learning effect” – that more advanced hackers tied back to Russia are apparently learning from each other, increasing the overall effectiveness of the attacks. However, he said that this learning effect does not definitively prove Moscow’s involvement.

    “Functionality found in malware or techniques can be misleading,” he said via email. “It cannot be relied on to speculate that a specific campaign was operated out of one part of the world or another - analysis and identifying the source is much more complex than that.”

    Russian officials have routinely denied any involvement in hacks that have been traced back to Russian ISPs. Several calls to the Russian embassy by VOA for comment were not returned.

    And while many forensic analysts like Carr say that  Russia’s capacity for cyber-attacks is technologically comparable to that of the U.S. or Israel – among the world’s most sophisticated hackers – finding definitive proof of Moscow’s involvement remains difficult.

    “Viruses unfortunately don’t carry ID cards” Kaspersky, the Russian security specialist and founder of Kaspersky Lab, told Der Spiegel. Kaspersky was referring to the now-standard practice used even by amateur hackers to spread malware or launch attacks through a series of ISPs in various countries, thwarting efforts to trace the attack back to the source.

    Pace University’s Darren Hayes also notes that another tactic employed by Moscow has been to use non-governmental groups, such as the pro-Putin “Nashi” youth movement, to carry out cyber-attacks, giving the government plausible deniability for involvement.  

    “It’s been long known that the Russian government isn’t afraid to use young hacker groups, not only for monetary uses but also for attacks related to political issues,” said Hayes. “When you use these younger hacking groups that aren’t employed by, but are connected to, the Russian government, then it gives them a way to distance themselves from these attacks and not be noted as the perpetrator.”

    Russia’s Internet control

    There’s another trend that troubles some analysts; namely what appears to be Russia’s expanding efforts to control the Internet within its borders and those companies doing business there.

    Already, tech firms operating within Russia are required to comply with all requests about their products from the state Federal Security Service, known as the FSB. That can include providing sensitive information about the software design or registered users, or requests to insert new bits of code.

    The Kremlin tightened restrictions this year on what bloggers can say and expanded search requests for user information. Several months later, another law required major foreign-owned services like Twitter and Facebook to register with the state Internet monitor Roskomnadzor as well as locate all servers handling and storing Russian data traffic within Russia’s borders. 

    Some analysts like Hayes see a parallel between what Russia is trying to accomplish with its cyber-strategy and its current broader, national goals on the world stage: namely, continuing efforts to probe Western defenses while destabilizing local neighbors.

    “The effective counter-measures are more sanctions,” Hayes said. “These cyber-wars can be a lot more devastating financially and in terms of confidence than actual ground warfare sometimes. The U.S. needs to clearly define what cyber-warfare is, attribute it to various nations, and discuss repercussions for theft of intellectual property or money or just destructive attacks.”


    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Russia Sees Brexit Impact Widespread but Temporary

    Officials, citizens react to Britain’s vote to exit European Union with mix of pleasure, understanding and concern

    Obama Encourages Entrepreneurs to Seek Global Interconnection

    President tells entrepreneurs at global summit at Stanford University to find mentors, push ahead with new ideas on day after Britain voters decide to exit EU

    Video Some US Gun Owners Support Gun Control

    Defying the stereotype, Dave Makings says he'd give up his assault rifle for a comprehensive program to reduce gun violence

    This forum has been closed.
    Comment Sorting
    by: Lawrence Bush from: Houston, Texas
    November 17, 2014 12:17 PM
    Really, I've been pondering over in great apprehension for a long time over the cyber hackings in ours and how it can be stopped? In context of of military competition and rivalry, the piratical activities and such hackings to go on. And, all that do necessiate to be curbed. Certainly, we should possess that sort of safeguards for our cyber systems all that to remain immune to any kind of piratical hacking by any enemy side in this
    world. Our cyber research sides of our defense and intelligence along with our top IT technocrats do have great responsibilities in this regard.
    In Response

    by: Doug Bernard
    November 18, 2014 8:17 AM
    I would only add that I've never spoken with a cyber-security researcher who believes that the U.S. government is doing nearly enough to protect sensitive assets from such hacks.

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Brexit Vote Plunges Global Markets Into Unchartered Territoryi
    June 24, 2016 9:38 PM
    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Brexit Vote Plunges Global Markets Into Unchartered Territory

    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Orlando Shooting Changes Debate on Gun Control

    It’s been nearly two weeks since the largest mass shooting ever in the United States. Despite public calls for tighter gun control laws, Congress is at an impasse. Democratic lawmakers resorted to a 1960s civil rights tactic to portray their frustration. VOA’s Carolyn Presutti explains how the Orlando, Florida shooting is changing the debate.

    Video Tunisian Fishing Town Searches for Jobs, Local Development Solutions

    As the European Union tries to come to grips with its migrant crisis, some newcomers are leaving voluntarily. But those returning to their home countries face an uncertain future.  Five years after Tunisia's revolution, the tiny North African country is struggling with unrest, soaring unemployment and plummeting growth. From the southern Tunisian fishing town of Zarzis, Lisa Bryant takes a look for VOA at a search for local solutions.

    Video 'American Troops' in Russia Despite Tensions

    Historic battle re-enactment is a niche hobby with a fair number of adherents in Russia where past military victories are played-up by the Kremlin as a show of national strength. But, one group of World War II re-enactors in Moscow has the rare distinction of choosing to play western ally troops. VOA's Daniel Schearf explains.

    Video Experts: Very Few Killed in US Gun Violence Are Victims of Mass Shootings

    The deadly shooting at a Florida nightclub has reignited the debate in the U.S. over gun control. Although Congress doesn't provide government health agencies funds to study gun violence, public health experts say private research has helped them learn some things about the issue. VOA's Carol Pearson reports.

    Video Trump Unleashes Broadside Against Clinton to Try to Ease GOP Doubts

    Recent public opinion polls show Republican Donald Trump slipping behind Democrat Hillary Clinton in the presidential election matchup for November. Trump trails her both in fundraising and campaign organization, but he's intensifying his attacks on the former secretary of state. VOA National Correspondent Jim Malone reports.

    Video Muslim American Mayor Calls for Tolerance

    Syrian-born Mohamed Khairullah describes himself as "an American mayor who happens to be Muslim." As the three-term mayor of Prospect Park, New Jersey, he believes his town of 6,000 is an example of how ethnicity and religious beliefs should not determine a community's leadership. Ramon Taylor has this report from Prospect Park.

    Video Internal Rifts Over Syria Policy Could Be Headache for Next US President

    With the Obama administration showing little outward enthusiasm for adopting a more robust Syria policy, there is a strong likelihood that the internal discontent expressed by State Department employees will roll over to the next administration. VOA State Department correspondent Pam Dockins reports.

    Video Senegal to Park Colorful ‘Cars Rapide’ Permanently

    Brightly painted cars rapide are a hallmark of Dakar, offering residents a cheap way to get around the capital city since 1976. But the privately owned minibuses are scheduled to be parked for good in late 2018, as Ricci Shryock reports for VOA.

    Video Florida Gets $1 Million in Emergency Government Funding for Orlando

    The U.S. government has granted $1 million in emergency funding to the state of Florida to cover the costs linked to the June 12 massacre in Orlando. U.S. Attorney General Loretta Lynch announced the grant Tuesday in Orlando, where she met with survivors of the shooting attack that killed 49 people. Zlatica Hoke reports.

    Video How to Print Impossible Shapes with Metal

    3-D printing with metals is rapidly becoming more advanced. As printers become more affordable, the industry is partnering with universities to refine processes for manufacturing previously impossible things. A new 3-D printing lab aims to bring the new technology closer to everyday use. VOA's George Putic reports.

    Video Big Somali Community in Minnesota Observes Muslim Religious Feast

    Ramadan is widely observed in the north central US state of Minnesota, which a large Muslim community calls home. VOA Somali service reporter Mohmud Masadde files this report from Minneapolis, the state's biggest city.

    Special Report

    Adrift The Invisible African Diaspora