Report: Russian cyber spies part of military move against Ukraine
By Byron Acohido, ThirdCertainty
The Russian occupation of Ukraine in 2014 was carried out with a military show of force – informed and supported by a coordinated cyber-spying campaign.
That’s the upshot of a remarkably detailed report from network security firm Lookingglass. The account connects the dots between cyber spying and the military maneuvers that unfolded as Russia moved to occupy Ukraine last year.
To gather intel, cyber spies used phishing ruses to infect computers and steal information that was useful in gaining a tactical advantage.
Security & Privacy News Roundup: Stay informed of key patterns and trends
“It’s nothing new, but it is becoming more obvious, because we have more eyes on the problem set, and the activities are becoming more transparent,” Chris Coleman, Lookingglass CEO, told ThirdCertainty. “I equate this to submarine warfare during the Cold War; it was something we always heard about but never saw.”
This is the latest case study showing how the hacking tools and methodologies fueling for-profit cyber-criminal enterprises are routinely used for cyber spying, and, increasingly, for coordinating military tactical maneuvers in the field.
In recent years, there have been at least a dozen cyber attacks triggered by political disputes between Russia and former Soviet republics with Western leanings. In 2008, thousands of Russian supporters volunteered their PCs to be used in denial-of-service attacks against websites supporting the nation of Georgia. The attacks ran sporadically for a few hours – as long as enough activists dedicated their PCs to the assault.
In 2007, a similar attack cut off most Internet services to Estonia for several weeks.
It’s not just Russia moving to weaponize the Internet. A 2011 New York Times story outlined how the Windows Stuxnet computer worm, designed to slither into and take over industrial control systems in Iranian power plants, could have been part of a joint U.S.–Israeli effort to undermine Iran.
And Kim Zetter’s new book, Countdown to Zero Day, drills deep into the U.S. connection to the Stuxnet attack. Zetter is Wired’s veteran infosec reporter.
The Lookingglass report is instructive in that it details how the cyber component of military action is becoming more methodical and engrained as part of normal operations, says Coleman.
Case in point: Lookingglass researchers documented how intelligence gathering via phishing attacks was suspended during the duration of negotiated cease-fires.
“It shows a very coordinated approach between both the cyber-espionage front, military troop movement and occupation in … Ukraine,” Coleman says. “Once cease-fires came in, that activity stopped, and when the cease-fires stopped … that activity came back into play.”
More on emerging best practices