Russia says new rules of cyberwar

At midnight on 17 December 2016, almost all the Ukrainian capital Kiev, the lights went out.

Failed transformer station, which feeds electricity to high voltage large areas. The head of the company-operator of the United energy system of the country Ukrenergo Vsevolod Kovalchuk explained on his page in Facebook that the station was subjected to “external attack” that lasted about 30 minutes.

According to experts from the field of cyber security, it was the next manoeuvre of Russia, which is increasingly aggressive and openly trying to push the boundaries of modern warfare, using all kinds of means, ranging from the dirt on opponents and ending hacker attacks to de-energize entire cities.

“Russian use of cyber weapons like bread with butter in the morning. This is the most important pillar in its global strategy of hybrid war. They are constantly pushing the boundaries and improving methods of use of cyber weapons, said the former employee of the American military intelligence and the Department of homeland security Malcolm nance (Malcolm Nance), specializing in the fight against terrorism. — Ukraine — is only one of many polygons”.

The world today is entering a new era of cyberwar, and Russian hackers have become pirates these uncharted seas. Almost every week brings fresh news about cyber attacks because Russia checks many countries of the world to the vulnerability. It makes hacking hacking email senior members of the Democratic party, disfiguring the web sites of political candidates in Eastern Europe. Russia today called the author of the most brazen attacks in recent years. In some cases, these attacks are espionage actions aimed at intelligence gathering in the maximum volumes. Sometimes Russia is trying to conduct a psychological operation trying to learn the geopolitical goals of a potential enemy. This week the Ministry of justice announced that the hacking Yahoo in 2014, the results of which were revealed more than 500 million mailboxes, is actually the handiwork of the Russian Federal security service (FSB), whose agents cooperate with the cyber criminals. As stated in the Ministry of justice, it was one of the largest email hacks in history, targeting email accounts of a small group of journalists, dissidents and American government officials.

For many years the Supreme military command of the various countries of the world claims that cyber warfare is simply the modern form of warfare. Going forward, Russia tests the limits of patience of other countries and sets an example for other States, showing what can be achieved having a military budget ten times less than the us.

Kiev plunging into the darkness attack occurred almost exactly a year after the first known attack on the electric grid. In the course of the cyber attack, which many attribute is funded by the Russian government hackers in Ivano-Frankivsk region of Ukraine were de-energized dozens of substations, and nearly a quarter of a million people lost their electricity. Experts on cyber security has long been assumed that such attacks are possible, but they thought that it was unlikely any state will be decided on such a blatant act of cyber-attacks, fearing retribution. Now the same experts examine the attacks of the last 12 months, and it becomes very clear that Russia achieves its key strategic goals with the help of hackers and fight with their enemies around the world with impunity.

The Russian involvement in the brazen cyber attacks on the US, which has been hacked email senior members of the Democratic party, led to the fact that Washington imposed insignificant sanctions against Russian officials and expelled 35 Russian diplomats (although the United States claims that there were other, hidden retaliation). “We are entering a new era, when some countries there are significant opportunities,” — said in September 2016 at the annual G20 summit in China, President Barack Obama recently gave orders to his intelligence to check the facts of foreign interference in American elections. Obama added that he spoke with China and with Russia on the establishment of rules for conducting cyber warfare. “Our goal is not to replicate in cyberspace the cycle of escalation we’ve seen in the past in the course of the arms race”, — he said.

One us intelligence official, is now involved in cyber operations, said: “the problem is not that the Russian are doing something that is not available to others. Not to say that Americans do not have the technical skills to carry out this type of attack. Just Russian hackers are willing to act in this way, willing to experiment and carry out attacks, from which other countries refuse”. This employee asked not to be named in connection with the delicacy of the issue under discussion. “This is a blatant and rash actions. They evaluate their abilities and hone their skills. Sometimes they do it very, very sloppy, and sometimes extremely clever and cunning,” said he.

Experts on cybersecurity in General agree that the most advanced and modern in the field of cyber-warfare have United States, China and Russia. Nance, who recently wrote the book The Plot to Hack America (Hacking plot against America), where it is analyzed in advance of your expected Russian intervention in elections in 2016, compared the American cyber operations with precision weapons, which is done manually, repeatedly tested, then produced in several copies and then applied in practice. So, the United States attacked the Iranian centrifuges with the Stuxnet virus, which could be manufactured jointly with Israel. However, they did not attack financial institutions and infrastructure, as this would have a negative impact on ordinary citizens of Iran. China, which in some sense behaves in cyberspace as arrogant and aggressive as Russia while conducting cyberspace operations to obtain economic benefits, is engaged in cyber espionage against corporations and collects intelligence, as do most other countries.

“Russia uses cyber weapons to achieve geopolitical objectives,’ said nance. And this brings results.”

Held in December 2015 attack in Ivano-Frankivsk region in Western Ukraine have led to power outages in some areas, which lasted six hours. Kiev cyber attack in December 2016, have plunged the city into darkness for 75 minutes. It is unknown whether these attacks to deaths and injuries among the population, however, experts on cyber security and government agencies around the world are still analyzing the incident.

Cyber attacks on the electricity system of the country cause the greatest fear among the public and panic legislators. The hospital may suddenly be left without electricity, and there will cease to operate ventilators and incubators for premature children. In the darkness unable to take the airfields, and the pilots will become extremely difficult to land the plane. Large cities can be in the darkness. These are apocalyptic scenarios that are written by experts on cyber security, in the event that if ever the energy supply of some countries will be dealt a coordinated cyberwar.

“The United States is scared of this opportunity,” said Robert E. Lee (Robert M. Lee), in the past engaged in cyber operations at United States air force and then founded the cyber security firm Dragos Security, which specializiruetsya on the protection of critical infrastructure. Lee was part of the working group, which investigated the attack on the Ukrainian electricity network in 2015 and made the appropriate report. Many simply do not understand what could be the consequences of the attack on the power system and what results it may bring. There is an enormous difference between what about attacks on the electricity system thinks Washington and what we can do in reality,” explained Lee.

Even the most sophisticated attack could cause power outages high for 30-60 minutes, say experts on cyber security. But many companies and organizations, such as hospitals and airports have backup generators and plans of action in emergencies in the event of a power outage.

According to American intelligence officials, Russia knew what kind of psychological impact on the leadership of the United States and Europe will have even a short power outage in Ukraine. They know that their country is also vulnerable to such attacks. Security officers, who agreed to speak anonymously with reporters BuzzFeed News on the topic of attacks against Ukraine in 2015 and 2016, in one voice saying that the situation has taken a “radical change”. “First of all, the effect is psychological, they said. — Not that the US was not able to defend against it. Just in our opinion, a foreign state is able to disable the power supply system for at least 10 minutes, radically changes the situation. That’s why we analyze what happened in Ukraine and trying to make conclusions from this”.

During cyberattacks 2015 in Ukraine, several substations were disconnected at the same time, said Lee.

“About 70 substations were disconnected from the single power supply system. All attacks, except one, were carried out using malware,” said Lee, who in his report outlined the actions of hackers to disable the power substations. At all substations, except for one, hackers use as entry points selective phishing (email messages are completely harmless species, which contain malicious links or programs). According to kiberskvottera, Russian hackers prefer this method. He was used upon entering the mail of high-ranking Democrats in the United States. Ukraine hackers are using the phishing fraudulently forced the operators of the substations to load in your system the virus called BlackEnergy3.

But at the last substation was the most interesting and the most frightening.

Ukrainian officials and experts on cyber security refuse to call this substation, but the hackers decided to try a much more complicated method. They created a mirror image of the SCADA system (automated system of dispatch control), which is used to monitor and control the equipment at such facilities as power plants. Creating a perfect copy of a system of the substation, they began to send commands that the system is perceived as its own.

“Creating your own environment SCADA is a complex process that requires a lot of time and effort, Lee said. — We stress this when talking with top leaders of different countries. We say that this is a test. There is no operational necessity to do such a huge amount of work in the intelligence field. Why create a copy of only one station?” It seems that the hackers have experienced this type of cyber attack, signaling that they have enough technical knowledge and experience to create a copy of the entire SCADA system. But they were in Ukraine, the cyber-espionage to make the detailed plan of one station. “From the point of view of cybersecurity, one and only attack of its kind on the system of industrial control scared people much more than all of the failed substation.”

A year later, the cyber attack was carried out in Kiev. All the evidence suggests that this is the same type of cyber attacks on SCADA system.

“This is definitely a higher level, not the distribution, transmission and substation, Lee said. — The us is most worried about such attack on a transmission substation.”

Member of the foreign Affairs Committee of the Ukrainian Rada Igor GUZ told BuzzFeed News that he had no doubt of Russian involvement in recent attacks on the power system. Russia has long been intervening in Ukraine, shutting off gas supplies, introducing troops on the Crimean Peninsula. According to Guzya, these attacks will last all the time, “while Russia will have the opportunity for such interference.”

Kiev after the attack has passed three months, and experts on cyber security have time to learn used carrying methods. According to Lee, there are very few ways to protect against the enemy, who found time and made enough effort to create a complete copy of the entire system. This is the perfect type of attack to a country like Russia, because the computational burden is very small. It requires only the time for learning purpose and to create its copy. As a result, while achieving maximum.

“The best thing here to do is quickly switch on the backup power, Li says. — The power grid complex is one of the most complex systems created by mankind. Attack help sharpen your skills…. Washington and the White house had definitely heard the signal that was filed when disconnected the power supply system”.

This year one staff member of the cyber intelligence participated in regular meeting on the exchange of intelligence information with the European legislators, when things took a very unexpected turn. Assistant of one of the deputies took him aside in the hallway.

“She turned the phone and showed a phishing message, which someone recently started sending to her boss,” said the officer, who wished to remain anonymous — as his own, and injured deputies.

“He didn’t want to raise this issue directly at the meeting because he was embarrassed. He clicked the damn thing and didn’t know what to do, ‘ said the officer. — I was very sorry for this guy, and I told his assistant that this could happen to anyone”.

Then the assistant asked an expert to write a series of protocols and worst-case scenarios that panicked the Deputy calmed down.

“The worst scenario is if you a couple of months will read their emails on WikiLeaks,” the disappointing said this intelligence official, Recalling the assistant about the thousands of messages, stolen from high-ranking Democrats. The worst scenario is what happened in the United States.”

One of the first known countries subjected to cyber attacks was Estonia. In 2007, on its web sites was undertaken in a coordinated DDoS attack. Former President of Estonia Toomas Hendrik Ilves (Toomas Hendrik Ilves) since then documenting and studying Russian tactics of cyberwar. This week he testified in the legal Subcommittee of the us Senate on issues of crime and terrorism, and warned of the tools Russia uses to undermine democracies.

“Russians are very aggressive everywhere, all over Europe, but each country independently and alone struggling with this issue,” Ilves told BuzzFeed News.

Russia more than a decade invested in the development of cyber capabilities of his army. Last year independent Russian news site Meduza was told about the system in which the highest political leadership of Russia has the task of recruiting hackers and blackmailing criminals, forcing them to act according to his orders. Last month, Russian defense Minister Sergei Shoigu told Russian lawmakers that the Russian cyber army is a propaganda war, and that “it would be a much more effective tool than what we used before in order to counter-propaganda”.

In the coming months in France and Germany will hold General elections, and this week the Netherlands voted for the liberal party. Later this year there will be important elections in several countries of Eastern Europe. They all publicly stated that he is concerned about Russian interference in the voting process.

“What happened in the United States has become for Europeans a reality check. We’ve never watched the show, and then it was too late,” said Stefan Meister (Stefan Meister) of the German Council on foreign relations (the German Council on Foreign Relations). Although these Eastern European countries like Ukraine and Georgia have long been complaining about Russian encroachment, Western Europe believed that it is immune from hacker break-ins, cyber-espionage and misinformation campaigns attributed to Russia. “Germany and France, they belatedly began to take it seriously. Only after what happened in America, they began to realize that their system is also poorly protected”.

This intervention is carried out in a specific pattern. The most common way is a disinformation campaign in which the Internet figures and the publication of working for the Russian government, was spread in Internet history, with political overtones and objectives. Last year in Germany, widespread story about the 13-year-old girl Lisa F. from a family of Russian immigrants. She disappeared for 30 hours, then showed up with a story about how she was kidnapped and raped by “the Arabs”. She later confessed that it was a lie, but that did not stop the Pro-Russian sites to carry out a frenzied campaign with the accusations of German Chancellor Angela Merkel, who has an open door policy towards refugees. It was charged in the brutal attack on Lisa F.

“All this does not require much cost and effort, said Meister, who believes that seriously interfere in the Affairs of other countries (methods cyber and traditional warfare) Russia started after the elections of 2012, when Putin was re-elected to the presidency. Russia knew that to influence the direction of information as important, how to do a classic arms race…the Various elements of their cyber-attacks it combined with WikiLeaks, with foreign media. You take something and begin to spread misinformation, and use these for social networks to be heard to a wide audience. Russia is using against us the structure of our democratic society, our lives online.”

In the Balkan country of Montenegro has heard allegations that Russian intervention has become significantly more open. During the parliamentary elections in November last year, the current leader almost lost to Pro-Russian coalition amid allegations that Russia has not only sent money to opposition candidates, but also created a media specifically for the promotion of opposition candidates. And when current Prime Minister Milo Dukanovic won the election, the leadership of the country started talking about what Russia was planning a conspiracy to overthrow him, under the guise of anti-government protests. The participants had to storm the office of Prime Minister and figurehead of the police began to arrest them and kill. The special Prosecutor of Montenegro on fight against organized crime confirmed that in search announced two Russians, referred to as key organizers of the conspiracy.

“It seems that Russia today operates by trial and error, designing a system. She feels their methods in Ukraine, in Georgia, in other countries, said Meister. Costs it is minimal. This attacks are very cheap, and to prove their conduct is extremely difficult.”

He added that Russia just adopted what has long enjoyed the others, but with regard to the new conditions of today’s world of the Internet.

“This is a war of the XXI century. Now doing this and the United States, and Europe. But Russia is acting much more aggressive. It uses cyber weapons to attack larger and richer country. This is quite reasonable, ‘ said Meister. — Many other countries will learn the right lessons.”

In the past month, analysts from the sphere of cyber security noticed something strange malicious programs, which are attempts of cyber attacks on Polish financial institutions. The codes of malware there were a few Russian words, though when they are read by Russian speakers, they seemed nonsensical.

“In some cases, an inaccurate translation completely changes the meaning of the words. This strongly suggests that the organizers of this attack are not native speakers of the Russian language, using Russian words like a false flag,” wrote cybersecurity experts from the company BAE Systems. They believe that the malware spread is not a Russian cyber criminals, a group called the Lazarus. This active hackers associated with North Korea. It is believed that they carried out in 2014 attack on Sony Pictures, and in 2016, made cyberarena the Central Bank of Bangladesh for $ 81 million.

To establish the authorship of hacker attacks — that is, to determine which country or group of hackers held them — every year it becomes more difficult. Hackers specifically leave false leads, but this is just the tip of the iceberg. Cybersecurity experts say that Russia will use many other tactics, for example, comes up with public figures who take responsibility for cyber attacks and help to disseminate information about them. When it was first released emails of senior members of the Democratic party, appeared on the Internet calling someone Guccifer2.0. It was an obvious reference to a well known Romanian hacker Guccifer. In his email correspondence with reporters Guccifer2.0 claimed that he — the activist hacker movement and Romanian descent. However, in reality these claims were false (experts on cybersecurity say that the grammatical errors and syntactic features strongly suggest that the author of this account Russian). His initial claims gave rise to suspicions about Russia’s role in the attack.

Russia uses the services of cybercriminals, that convincingly showed published this week the indictment of the Ministry of justice. This suggests that the line between working for the state hackers trying to get rich by cybercriminals is very thin. According to the Ministry of justice, two Russian FSB agent recruited two well-known hackers, and those helped them to hack Yahoo and get access to the 500 million mailboxes. For experts in the field of law and to government officials attempting to ascribe the authorship of cyber-attacks, using cyber criminals have become more complex.

To hide their online identity is getting easier and easier, say experts on cyber security. And when used in a malicious program code hits the open market, hackers, and governments around the world can buy it and use it for their own purposes.

Take for example the Stuxnet virus, which was developed in the USA to damage the Iranian program to develop nuclear weapons as part of a cyber attack, which is considered one of the most difficult in history. Individual parts of the code, constituting the Stuxnet surfaced in the cyber attacks conducted in different countries from Asia to Latin America. It is also believed that Iran used a separate part of the Stuxnet virus to create virus, Shamoon, which Tehran in 2012, has infected 30 thousand computers of the Saudi-American oil company ARAMCO.

“When you see these tools, they are distributed among those wishing to carry out attacks. Those who are planning a hacking attack, you take these viruses, modify them and then use” — said a former counterintelligence officer, Eric O’neill (Eric O’neill), who served in the FBI and now working in the cyber security firm Carbon Black. Last week he gave an interview to BuzzFeed News after WikiLeaks published a new batch of documents in the amount of 8 760 pieces which describes in detail malware and codes applied by the CIA for hacking a variety of devices from phones and laptops to the new generation of TVs.

These documents show that the CIA has the habit to convert the codes. In several papers it talks about how CIA unit called UMBRAGE recycles scraps codes developed by other groups, thus attempting to save yourself time.

“All borrow from everyone. Unlike Russia — that it makes it more aggressive. This is an example of how to do this with few resources, while achieving the great result,” said Meister, who added that some small countries in Latin America, Africa and Asia may copy the actions of Russia when carrying out its own cyber operations.

I agree with him, the former President of Estonia Ilves. According to him, Russia is “very aggressive in everything.”

“They do it asymmetrically. We can’t do to them what they do to us. This is the feature of all authoritarian regimes. Liberal democracy with a free press, free and fair elections are asymmetric disadvantageous position, because against them you can intervene using their tools, such as democratic freedom of speech”, — said Ilves.


Hacker attack on NCDP, the authorship of which is attributed to us intelligence agencies of Russia, can repeat dozens of countries around the world, as evidenced by the former responsible for cybersecurity policy in the Obama administration Robert Naik (Robert K. Knake).

“Russia showed a diagram of his game. What she did was pretty simple, and is able to make approximately 60 countries. Need nanesti strike on a third party to steal documents and materials, electronic correspondence, and then selectively publish them, put that third party at a disadvantage, said Naik, speaking in the BBC Today. — It’s not very subtle and sophisticated intervention. In addition, it is a violation of national sovereignty and norms of customary law”.

As noted by Maister, in cyber war benefits often receive small countries, especially those where there are no open and democratic media. “In a closed authoritarian state to achieve the big effect is hard. But if such an authoritarian state — it is you, you are available cyberinsurance for attacks on larger companies that appreciate the Internet speeches and debates,” said Meister.

Russia, he added, teaches the world that its army has its limitations and disadvantages, however it is through cyberwarfare can cause panic and instill fear. “They scared us. That is what they wanted to show. Now with each new attack, then immediately says it’s Russia, said Meister. — This is a form of victory.”

Sheera Frenkel (Frenkel Sheera) — BuzzFeed News reporter specializing in cyber security. Previously, she worked in Israel, Egypt, Jordan and other Middle East countries.