Russia revamps its infosec strategy
Russia revamps its infosec strategy
From a western perspective Russia's cyber-activity is mostly seen as one of threat – whether engaged in espionage, organised crime, or hacktivists either supporting or opposing their country's foreign and domestic policies.
But for Russians, the threats in cyber-space are exactly the same as in the West - even though the government has a radically different set of views about who and what constitutes a threat, including a different perspective on individual liberty versus the interests of the state. Consequently, the Russian government is now taking action to fight cyber-crime and identity theft as well as ensuring information security through the introduction of a new cyber-strategy. It is interesting to consider where points of common interest and potential cooperation may lay, and also what differences are likely to be unbridgeable.
The primary aims of the new strategy are to protect Russian web resources and internet activity from attack by hackers, cyber-terrorists and foreign cyber-spies. A key focus is protection of public networks and state internet-resources. As part of the new strategy, the government intends to consider cyber-attacks on its websites and resources as attempts to seize power, hence they will incur strict criminal liability.
The new strategy is expected to be implemented as part of a decree, “Principles of State Policy of the Russian Federation in the field of international information security for the period up to 2020” signed late last year by Russia's President Vladimir Putin.
The decree was jointly drawn up by the Russian Security Council, the Ministry of Foreign Affairs, Ministry of Defence, Ministry of Communications and the Ministry of Justice.
Russia has a serious problem with organised cyber-criminals. Some reports suggest that at best there is an official indifference to Russian criminals targeting foreigners, making international enforcement against Russian suspects difficult, and at worst, it has been suggested that there may be direct collusion between the Russian state and organised crime groups acting on the state's behalf.
Among the local crime groups alleged to have strong political connections is the Russian Business Network (RBN) which has been described by VeriSign, as “the baddest of the bad”, offering web hosting services and internet access to all kinds of criminal activities, with individual activities earning up to £100 million in one year. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.
In a Wikipedia report, summarised here, it is described as a multi-faceted cyber-crime organisation, specialising in personal identity theft for resale. It is the originator of MPack and an alleged operator of the now-defunct Storm botnet.
One known activity of the RBN is delivery of exploits through fake anti-spyware and anti-malware, for PC hijacking and personal identity theft. McAfee SiteAdvisor tested 279 “bad” downloads from malwarealarm.com, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper. According to a now-closed Spamhaus report, RBN is “among the world's worst spammer, malware, phishing and cyber-crime hosting networks. It provides ‘bulletproof hosting', but is probably involved in the crime too.”
The intention to create a cyber-strategy was first announced by Vladimir Putin at the beginning of 2000, as a result of a perceived rapidly growing criminal and terror threat on the internet.
According to an official representative of Russia's Presidential Administration, following the September 11, 2001 terrorist attacks in the United States, the methods used by terrorists have changed dramatically, forcing the Russian government to come up with new security measures to tackle them.
An (unnamed) official representative of Russia's Presidential Administration comments: “The ever growing popularity of social networks and micro-blogs has contributed to a massive spread of terror ideology on the internet. Modern computer technologies have provided an opportunity for terrorists to recruit suicide bombers. At the same time the number of cyber-criminals has also increased and in particular those that steal personal information online and hack into electronic payment systems. The new strategy should help us to raise the level of information and IT security in the country and to start to more actively fight cyber-criminals.”
The new strategy outlines four main information and cyber-security threats faced by Russia.
One is the use of information and communication technologies as information weapons used to achieve national objectives, with the aim of carrying out hostile and aggressive acts.
The second one involves the use of information technologies for terrorist purposes.
The third threat is the ever growing number of cyber-crimes, which involve illegal access to computer information, as well as the creation and distribution of malicious programs.
The fourth threat is distinctively Russian and involves the use of internet technologies for intervention in internal state affairs, disturbing public order, stirring up national hatred (which is viewed as a very big problem in Russia, given its many regional groupings) and state subversive propaganda.
Impact of Arab Spring
According to sources in the Russian government, the main reason for the existence of the fourth threat in the bill is a result of recent political events and massive unrest in parts of the Middle East following the ‘Arab Spring', which demonstrated the potential of the internet (especially social networks) to be used to organise and coordinate anti-government action.
Implementation of the strategy is intended to happen on both an internal and international level. In the latter case, the government plans to implement the strategy in cooperation with its allies, and especially the countries that are members of the Shanghai Cooperation Organisation, Collective Security Treaty Organisation, and the BRICS states.
In addition, Russia hopes to see several of its key international information security initiatives adopted by the United Nations, creating a convention on ensuring international information security, developing an internationally accepted code of conduct in cyber-space, as well as internationalising the internet management system, and establishment of an international legal regime of non-proliferation of information weapons.
To date most Western countries have opposed Russia's information security initiatives, viewing them as being primarily to strengthen state control over the internet. However in recent years the Russian government has made strenuous efforts to overcome this view. This includes what is described as an ‘unprecedented' agreement, signed last year by the Presidents of Russia and the US in Northern Ireland with the aim of preventing cyber-incidents escalating into international conflicts. These agreements are considered as very important in Russia, and are viewed as comparable with the ‘hotlines' between the USSR and the US during the cold war designed to prevent nuclear war and military conflict.
As part of the agreement, information security cooperation by the signatories will be based on the National Centres for Nuclear Risk Reduction, established in both countries in 1987. These centres operate around the clock, allowing the countries to notify each other of any missile tests, so they are not perceived as acts of aggression, as almost happened in 1983, when prior to the NATO Able Archer military exercises a false alarm in the Soviet warning system reported about a nuclear attack on the Soviet territory.
Under the terms of the agreement the centres'facilities will be used for mutual reports and notifications of attacks on critical information infrastructure of both countries. In addition, two special channels will be created for the exchange of information about computer incidents and cyber-crimes.
UN cyber-crime convention mooted
The first of these channels will be used for communication by the national security agencies of both countries regarding information security, while the second emergency readiness channel for computer incidents will specialise in the monitoring of malicious activities on the internet.
The Russian government plans to accelerate negotiations with other NATO countries in the near future with the aim of signing similar agreements.