Russian hackers plan new attacks on Western military and civil infrastructure

News by Eugene Gerden

SC's Russia correspondent has been told by sources in the Russian Federal Security Service that Russian hacker groups are planning new attacks on the military and civil infrastructure of some Western countries.

A spokesman for the Russian Federal Security Service told that Russian hacker groups Energetic Bear, Dragonfly and some others are considering engaging their activities against selected Western countries. The current financial crisis in Russia, seen locally as having been caused by Western sanctions, has resulted in massive job cuts in the Russian IT industry, which in turn has resulted in an increase in the number of hacker groups in Russia.

In addition, there is reported to have been a significant growth in demand for hacker services in recent years from some entities affilated with the Russian government.

Oleg Demidov, a senior consultant of PIR Center, an independent non-governmental organisation, which carries out research activities in the field of cyber-security, told SC that in recent year Russian hackers have started to pose a serious threat to critical elements of the military and civil infrastructure of Western countries, while their schemes of attack differ from those used by hacker groups from China and other countries.

Oleg Demidov comments: "Russian activities in cyber-space are very different, compared to those of the Chinese. The majority of Chinese hackers are viewed as of a relatively low skill level with a focus on non-stop investigation of hundreds of thousands of web-sites in the United States and other Western countries, concerning their vulnerability. Russian hackers  mostly concentrate on conducting special operations to steal sensitive data, mostly of defence and military-political origin. The attacks by Russian hackers are usually based on a combined approach, with the use of cyber-means, and the "human factor." For example, according to Joel Brenner an expert on cyber-security and a former member of the US administration of George W Bush, Russian hackers and special services stuffed infected flash drives to the offices of the NATO coalition in Afghanistan, which exfiltrated all their sensitive information."

Analysts at PIR-center told SC that as usual among the potential targets of Russian hackers could be the US Pentagon and other US military entities. In July this year hackers already conducted a series of attacks on the Pentagon, which resulted in a break-in of the Pentagon's computer system and the theft of personal correspondence of employees of the department that had not been classified as secret. According to an official spokesman of Pentagon, the attacks were conducted from Russia.

In the meantime, the ever growing activities of Russian hackers poses a threat not only to Western countries, but also to Russia itself. According to official data of the Russian Federal Security Service, last year about 74 million cyber-attacks on state bodies were conducted in Russia.

If in the past the majority of Russia's hacker groups were affilated with the Russian government, whereas it is claimed that in recent years the situation has significantly changed.

The report that Russian hackers are hacking the west is not new, but that sources in Russia suggest the Russian government is seeking to distance itself from the hacks is unusual.  In China elements of the PLA (People's Liberation Army) cyber-warfare units are believed to be not entirely under government control and engaging in corrupt illegal activity for personal gain, while in the west Anonymous is attacking groups on ideological grounds, from being anti-Japanese dolphin hunts to opposing beheading for Saudi disidents. Now it seems the Russian government is also saying that its citizen-hackers are working independently.

That may be the case as independent hackers are reported to have joined Russian government activity during conflicts in both Ukraine and Estonia, plus public opinion in Russia is currently largely pro-government.  However, while 'independent' anti-western hacking likely does exist, at this stage the suspicion remains that most act with either explicit or implicit government support, as has been seen with exposed cyber-criminal groups that remain untouched. The analogy for Russian cyber-criminals robbing from the west has long been that of British pirates given free reign to attack Spanish ships in the days of Drake - but privateer cyber-espionage would be new. Seeking plausible deniability when caught would not. Attribution isn't getting any easier.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews