Cybersecurity and Deterrence
Takeaways From the Latest Russian Hacking Indictment
The Justice Department announced on Oct. 5 the indictment of seven officers of the Russian Military Intelligence Directorate, or GRU, on charges of computer hacking, wire fraud, aggravated identity theft and money laundering. Here are three quick takeaways.
First, the court documents describe Russian great-power politicking and damaged national pride. The actions outlined in the indictment overwhelmingly align with Russian strategic objectives, highlighting the country’s historical attachment to using success in sports as a means of asserting national power.
The indictment revealed that the GRU targeted Westinghouse Electric, a Pennsylvania company that provides safety systems for Ukrainian nuclear energy plants and therefore could be a significant target in Russia’s strategy of attacking Ukrainian critical infrastructure. Other targets included the Organization for the Prohibition of Chemical Weapons (OPCW), a group investigating Russian support for chemical-weapons attacks in Syria and the Sergei Skripal poisoning, and the Spiez Swiss Chemical Laboratory, which worked with the OPWC to analyze chemicals used in the Skripal attack. Westinghouse, the OPCW and the Spiez Lab all threatened Russia’s covert efforts to pursue its objectives in Eastern Europe and undermine chemical-weapons bans—making them obvious targets of attack.
The rest of the evidence in the indictment details attacks on various athletes and athletic organizations—an apparent reprisal for the banning of Russian athletes as fallout from the 2014 Sochi Olympics doping scandal. At the direction of the Kremlin, operatives covertly replaced tainted urine samples of athletes who had been doping with clean samples collected months earlier.
Sports-related attacks do not, at first glance, carry the same power-politics implications as cyberattacks that could potentially destabilize Ukrainian nuclear plants. But given the importance that Russia—and, before it, the Soviet Union—has placed on its athletes as symbols of power since the early days of the Cold War, it’s unsurprising that the Russian government would launch an extensive campaign to delegitimize the doping narrative.
Second, Russia is using highly effective methods to meet its objectives: cyberattacks and disinformation campaigns. As the indictment describes, the GRU utilized most of the cyber tools the organization has available to conduct a wide variety of attacks, from spear phishing to spoofing to distributed denial of service attacks. Some of their efforts appear sophisticated, such as masking identities, utilizing cryptocurrency and developing malware to steal information.
Yet the aspect of the indictment that should send shivers down the spines of Western officials is the revelation that Russian agents used Wi-Fi to conduct attacks. These were not merely hackers conducting operations from the comfort of their home country. When they couldn’t attack remotely, agents traveled to their victims and took advantage of the security risks of unencrypted networks, and using poorly secured hotel Wi-Fi to steal network information and hack into the targeted computers.
According to the indictment, hacked information was then released—sometimes after being altered—as part of a disinformation campaign by the “Fancy Bear Hack Team.” Fancy Bear targeted an estimated 116 reporters and tried to create a social-media campaign to distribute the message that Russia was unfairly targeted and that athletes from other states dope as well . As noted by FBI Cyber Division Deputy Assistant Director Eric Welling, this campaign targeted hundreds of clean athletes from almost 30 countries.
Though few additional details about Fancy Bear’s social media campaign have been provided, it appears to follow some of the standard practices, which include trying to get fake stories reprinted in outlets across multiple countries, spreading conspiracies about “secret plots,” and generally attempting to undermine trust in the official narratives of legitimate institutions.
Third, Russian intelligence makes mistakes.
The indictment and Justice Department press conference reveal that Russian intelligence operations are not a perfectly functioning machine. When GRU operatives were attempting to hack an OPCW facility, the Dutch defense intelligence service interrupted the operation. The Russian operatives fled, leaving equipment that contained data revealing other places the operatives had used it to hack Wi-Fi.
Previous Justice Department indictments after Russian cyberattacks show that these and other attacks can be traced, and that eventually their origins will be revealed. In fact, three of the GRU officers named in this indictment have already been indicted in the course of the Mueller investigation. But this indictment shows that the U.S. and its allies are going to make full use of any Russian mistakes in their efforts to get to the bottom of these attacks.