Cyberwarfare by Russia

From Wikipedia, the free encyclopedia
  (Redirected from Cyberwarfare in Russia)
Jump to: navigation, search

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov,[1] some of these activities have been coordinated by the Russian signals intelligence, which is part of the FSB and was formerly a part of the 16th KGB department, but others have been directed by the Russian Ministry of Internal Affairs and the Military of Russia.

Online presence[edit]

US journalist Pete Earley described his interviews with former senior Russian intelligence officer Sergei Tretyakov, who defected in the United States in 2000:

Sergei would send an officer to a branch of New York Public Library where he could get access to the Internet without anyone knowing his identity. The officer would post the propaganda on various websites and send it in emails to US publications and broadcasters. Some propaganda would be disguised as educational or scientific reports. ... The studies had been generated at the Center by Russian experts. The reports would be 100% accurate [2]

Tretyakov did not specify the targeted web sites, but made clear they selected the sites which are most convenient for distributing the specific disinformation. During his work in New York City in the end of the 1990s, one of the most frequent disinformation subjects was War in Chechnya.

According to a publication in Russian computer weekly Computerra, "just because it became known that anonymous editors are editing articles in English Wikipedia in the interests of UK and US intelligence and security services, it is also likely that Russian security services are involved in editing Russian Wikipedia, but this is not even interesting to prove it — because everyone knows that security bodies have a special place in structure of our [Russian] state"[3]


It has been claimed that Russian security services organized a number of denial of service attacks as a part of their cyber-warfare against other countries,[4] most notably the 2007 cyberattacks on Estonia and the 2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan.[5] One identified young Russian hacker said that he was paid by Russian state security services to lead hacking attacks on NATO computers. He was studying computer sciences at the Department of the Defense of Information. His tuition was paid for by the FSB.[6]


Speaking about the 2007 cyberattacks, Estonia's defence minister Jaak Aaviksoo said he did not possess evidence of official Russian government involvement in cyberattacks.[7]


Concerning the 2008 cyberattacks on Georgia, an independent US-based research institute US Cyber Consequences Unit report stated the attacks had "little or no direct involvement from the Russian government or military". According to the institute's conclusions, some several attacks originated from the PCs of multiple users located in Russia, Ukraine and Latvia. These users were willingly participating in cyberwarfare, being supporters of Russia during the 2008 South Ossetia war, while some other attacks also used botnets.[8][9]


In 2015 a high-ranking security official stated that it was "highly plausible" that a cybertheft of files from the German Parliamentary Committee investigating the NSA spying scandal later published by Wikileaks was conducted by Russian hackers.[10][11] In late 2016 Bruno Kahl, president of the Bundesnachrichtedienst warned of data breaches and misinformation-campaigns steered by Russia.[12] According to him there are insights that cyberattacks occur with no other purpose than political uncertainty.[13][14] Hans-Georg Maaßen, head of the country's Federal Office for the Protection of the Constitution, notes "growing evidence of attempts to influence the [next] federal election" in September 2017 and "increasingly aggressive cyber espionage" against political entities in Germany.[15]

Russia (domestic)[edit]

According to Soldatov, a hacker attack on his web site Agentura was apparently directed by the secret services in the middle of the Moscow theater hostage crisis.[1]


In March 2014, a Russian cyber weapon called Snake or "Ouroboros" is reported to have created havoc on Ukrainian government systems.[16] The Snake tool kit began spreading into Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE), as well as highly sophisticated Computer Network Attacks (CNA).[17]

According to CrowdStrike from 2014 to 2016, the Russian APT Fancy Bear used Android malware to target the Ukrainian Army's Rocket Forces and Artillery. They distributed an infected version of an Android app whose original purpose was to control targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the X-Agent spyware and posted online on military forums. CrowdStrike claims the attack was successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the Ukrainian Armed Forces[18]).[19] According to the Ukrainian army this number is incorrect and that losses in artillery weapons "were way below those reported" and that that these losses "have nothing to do with the stated cause".[20]

The U.S. government concluded after a study that a cyber attack caused a power outage in Ukraine which left more than 200,000 people temporarily without power. The Russian hacking group Sandworm or the Russian government were possibly behind the malware attack on the Ukrainian power grid as well as a mining company and a large railway operator in December 2015.[21][22][23][24][25][26]

United States[edit]

In April 2015, CNN reported that "russian hackers" had "penetrated sensitive parts of the White House" computers in "recent months." It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems."[27]

In 2015, CNN reported that Russian hackers, likely working for the Russian government, are suspected in the State Department hack. Federal law enforcement, intelligence and congressional officials briefed on the investigation say the hack of the State email system is the "worst ever" cyberattack intrusion against a federal agency.[28]

In February 2016, senior Kremlin advisor and top Russian cyber official Andrey Krutskikh told the Russian national security conference in Moscow that Russia was working on new strategies for the “information arena” that was equivalent to testing a nuclear bomb and would “allow us to talk to the Americans as equals.”[29]

In 2016, the release of emails from Democratic presidential candidate Hillary Clinton through the DC Leaks website were said by private sector analyst's [30] and US intelligence services [31] to have been of Russian origin.[32][33] Also, in December of 2016, Republican and Democratic Senators on the United States Armed Services Committee called for "a special select committee to investigate Russian attempts to influence the presidential election."[34][35]

On December 30, 2016 Burlington Electric Department, a Vermont Utility company, announced that a code associated with the Russian hacking operation dubbed Grizzly Steppe had been found in their computers. Officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence warned executives of the financial, utility and transportation industries about the malware code.[36] Later on, the Washington Post put the following disclaimer at the top of its report: "An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far."[37]

Victim of Cyberattack[edit]

Trans-Siberian Pipeline explosion[edit]

When Russia was still the Soviet Union in 1982, a portion of its Trans-Siberia pipeline within its terroritory exploded, allegedly due to computer malware implanted in the pirated Canadian software by the Central Intelligence Agency. The malware caused the SCADA system running the pipeline to malfunction. The "Farewell Dossier" provided information on this attack, and wrote that compromised computer chips would become a part of Soviet military equipment, flawed turines would be placed in the gas pipeline, and defective plans would disrupt the output of chemical plants and a tractor factor. This caused the "most monumental nonnuclear explosion and fire ever seen from space." However, the Soviet Union did not blame the United States of the Attack. [38]

In popular culture[edit]

The alleged FSB activities on the Internet have been described in the short story "Anastasya" by Russian writer Grigory Svirsky, who was interested in the moral aspects of their work.[39] He wrote:

"It seems that offending, betraying, or even "murdering" people in the virtual space is easy. This is like killing an enemy in a video game: one does not see a disfigured body or the eyes of the person who is dying right in front of you. However, the human soul lives by its own basic laws that force it to pay the price for the virtual crime in his real life".[40]

See also[edit]


  1. ^ a b State control over the internet, a talk show by Yevgenia Albats at the Echo of Moscow, January 22, 2006; interview with Andrei Soldatov and others
  2. ^ Pete Earley, "Comrade J: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War", Penguin Books, 2007, ISBN 978-0-399-15439-3, pages 194-195
  3. ^ Is there only one truth? by Kivy Bird, Computerra, 26 November 2008
  4. ^ Cyberspace and the changing nature of warfare. Strategists must be aware that part of every political and military conflict will take place on the internet, says Kenneth Geers.
  5. ^ "". Retrieved 1 August 2016. 
  6. ^ Andrew Meier, Black Earth. W. W. Norton & Company, 2003, ISBN 0-393-05178-1, pages 15-16.
  7. ^ Sputnik (6 September 2007). "Estonia has no evidence of Kremlin involvement in cyber attacks". 
  8. ^ Siobhan Gorman (18 August 2009). "Hackers Stole IDs for Attacks". WSJ. 
  9. ^ "Georgian cyber attacks launched by Russian crime gangs". 
  10. ^ "Russia behind hack on German parliament, paper reports". Deutsche Welle. Retrieved 30 January 2017. 
  11. ^ Wehner, Markus; Lohse, Eckart (11 December 2016). "Wikileaks: Sicherheitskreise: Russland hackte geheime Bundestagsakten". Frankfurter Allgemeine Zeitung. Retrieved 30 January 2017. 
  12. ^ "Vor Bundestagswahl: BND warnt vor russischen Hackerangriffen". SPIEGEL ONLINE. Retrieved 30 January 2017. 
  13. ^ "Was bedeuten die neuen Cyberangriffe für die Bundestagswahl?" (in German). 1 November 2016. Retrieved 30 January 2017. 
  14. ^ "BND-Präsident warnt vor Cyberangriffen aus Russland". Retrieved 30 January 2017. 
  15. ^ "BfV: Russia is trying to destabilise Germany". AlJazeera. Retrieved 30 January 2017. 
  16. ^ The Christian Science Monitor (12 March 2014). "Russia's cyber weapons hit Ukraine: How to declare war without declaring war". The Christian Science Monitor. 
  17. ^ Mazanec, Brain M. (2015). The Evolution of Cyber War. USA: University of Nebraska Press. pp. 221–222. ISBN 9781612347639. 
  18. ^ Ukraine's military denies Russian hack attack , Yahoo! News (6 January 2017)
  19. ^ "Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units". CrowdStrike. 22 December 2016. 
  20. ^ Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software, Interfax-Ukraine (6 January 2017)
  21. ^ "Malware Found Inside Downed Ukrainian Grid Management Points to Cyberattack". Motherboard. 
  22. ^ "SANS Industrial Control Systems Security Blog - Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered - SANS Institute". Retrieved 1 August 2016. 
  23. ^ "First known hacker-caused power outage signals troubling escalation". Ars Technica. 
  24. ^ "Ukraine power grid attacks continue but BlackEnergy malware ruled out". 
  25. ^ "U.S. government concludes cyber attack caused Ukraine power outage". 25 February 2016. Retrieved 1 August 2016 – via Reuters. 
  26. ^ "BlackEnergy malware activity spiked in runup to Ukraine power grid takedown". The Register. Retrieved 26 December 2016. 
  27. ^ Evan Perez; Shimon Prokupecz (8 April 2015). "How the U.S. thinks Russians hacked the White House". CNN. Retrieved 17 December 2016. Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation. 
  28. ^ CNN, Evan Perez and Shimon Prokupecz. "Sources: State Dept Hack the 'worst ever'". CNN. Retrieved 2017-02-05. 
  29. ^ Ignatius, David (18 January 2017). "Russia's radical new strategy for information warfare". The Washington Post. Retrieved 22 March 2017. 
  30. ^
  31. ^
  32. ^ Corera, Gordon (22 December 2016). "Can US election hack be traced to Russia?". BBC. Retrieved 23 December 2016. 
  33. ^ Gallagher, Sean. "Did the Russians "hack" the election? A look at the established facts". arstechnica. Retrieved 23 December 2016. 
  34. ^ Savage, David (18 December 2016). "'How much and what damage?' Senators call for a special committee to investigate Russian hacking". LA Times. Retrieved 20 December 2016. 
  35. ^ Nakashima, Ellen (22 December 2016). "Cybersecurity firm finds evidence that Russian military unit was behind DNC hack". Washington Post. Retrieved 22 December 2016. 
  36. ^ Eilperen, Juliet &, Entous, Adam (30 December 2016). "Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say". Washington Post. Retrieved 31 December 2016. 
  37. ^ url=
  38. ^ Mazanec, Brain M. (2015). The Evolution of Cyber War. USA: University of Nebraska Press. pp. 235–236. ISBN 9781612347639. 
  39. ^ " Grigory Svirsky Anastasya. A story on-line (Full text in Russian)
  40. ^ (Russian) Eye for an eye
  41. ^ "F-Secure - The Dukes". 
  42. ^ The Dukes Whitepaper
  43. ^ "Press Release Archive".