Report: Russian cyber spies part of military move against Ukraine

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Russ­ian occu­pa­tion of Ukraine in 2014 was car­ried out with a mil­i­tary show of force – informed and sup­port­ed by a coor­di­nat­ed cyber-spy­ing campaign.

That’s the upshot of a remark­ably detailed report from net­work secu­ri­ty firm Look­ing­glass. The account con­nects the dots between cyber spy­ing and the mil­i­tary maneu­vers that unfold­ed as Rus­sia moved to occu­py Ukraine last year.

To gath­er intel, cyber spies used phish­ing rus­es to infect com­put­ers and steal infor­ma­tion that was use­ful in gain­ing a tac­ti­cal advantage.

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

It’s noth­ing new, but it is becom­ing more obvi­ous, because we have more eyes on the prob­lem set, and the activ­i­ties are becom­ing more trans­par­ent,” Chris Cole­man, Look­ing­glass CEO, told Third­Cer­tain­ty.  “I equate this to sub­ma­rine war­fare dur­ing the Cold War; it was some­thing we always heard about but nev­er saw.”

Chris Coleman, CEO, Lookingglass
Chris Cole­man, CEO, Lookingglass

This is the lat­est case study show­ing how the hack­ing tools and method­olo­gies fuel­ing for-prof­it cyber-crim­i­nal enter­pris­es are rou­tine­ly used for cyber spy­ing, and, increas­ing­ly, for coor­di­nat­ing mil­i­tary tac­ti­cal maneu­vers in the field.

In recent years, there have been at least a dozen cyber attacks trig­gered by polit­i­cal dis­putes between Rus­sia and for­mer Sovi­et republics with West­ern lean­ings. In 2008, thou­sands of Russ­ian sup­port­ers vol­un­teered their PCs to be used in denial-of-ser­vice attacks against web­sites sup­port­ing the nation of Geor­gia. The attacks ran spo­rad­i­cal­ly for a few hours – as long as enough activists ded­i­cat­ed their PCs to the assault.

In 2007, a sim­i­lar attack cut off most Inter­net ser­vices to Esto­nia for sev­er­al weeks.

It’s not just Rus­sia mov­ing to weaponize the Inter­net. A 2011 New York Times sto­ry out­lined how the Win­dows Stuxnet com­put­er worm, designed to slith­er into and take over indus­tri­al con­trol sys­tems in Iran­ian pow­er plants, could have been part of a joint U.S.–Israeli effort to under­mine Iran.

And Kim Zetter’s new book, Count­down to Zero Day, drills deep into the U.S. con­nec­tion to the Stuxnet attack.  Zetter is Wired’s vet­er­an infos­ec reporter.

The Look­ing­glass report is instruc­tive in that it details how the cyber com­po­nent of mil­i­tary action is becom­ing more method­i­cal and engrained as part of nor­mal oper­a­tions, says Coleman.

Case in point: Look­ing­glass researchers doc­u­ment­ed how intel­li­gence gath­er­ing via phish­ing attacks was sus­pend­ed dur­ing the dura­tion of nego­ti­at­ed cease-fires.

It shows a very coor­di­nat­ed approach between both the cyber-espi­onage front, mil­i­tary troop move­ment and occu­pa­tion in …  Ukraine,” Cole­man says. “Once cease-fires came in, that activ­i­ty stopped, and when the cease-fires stopped … that activ­i­ty came back into play.”

More on emerg­ing best practices

5 data pro­tec­tion tips for SMBs

What SMBs need to know about CISOs

Pro­tect­ing your dig­i­tal foot­print in the post pri­va­cy era

Posted in Cybersecurity, Featured Story