Secure Data 2016: 'Lessons to be learnt from Russian cyberwar'

News by Max Metzger

Sensepost's CSO Charl Van Der Walt, addressed a crowd at the science museum yesterday to explain exactly what Russian warfare doctrine can tell us about protecting the enterprise.

A picture of Donald Trump's grin stretched across the Science Museum's IMAX screen as Charl Van Der Walt, chief strategy officer of SensePost, began his presentation. He recalls the feeling on November 9th, when the question of who exactly would be the 45th president of the United States was bluntly answered for him and his wife: “Like many of you here, we were shocked”, said Van Der Walt, adding, ““the result flew in the face of everything we were told to expect”.

How had not only the Van Der Walts but a great deal of the world, called the result so wrong? In the world of security, a couple of theories emerged. Some said that voting machines had been hacked, pointing not only to their demonstrable insecurity, but to the similarly demonstrable histories of certain countries meddling in certain elections.

The finger was, of course, directed eastward, towards Russia, and Vladimir Putin's regime whose history of electoral interference is widely suspected, if not proven.

The election day was certainly not the first time Russian fingerprints were suspected in some electoral scandal. The Democratic National Committee Hack, which dethroned the party's chair, Debbie Wasserman Schultz, exposed the favouritism of party officials towards Hillary Clinton, as opposed to Bernie Sanders, her opponent in the party's hotly contested primaries.

Michael S Rogers, director of the NSA and US Cyber Command, made his opinions quite clear at the time: “this was a conscious effort by a nation state to attempt to achieve a specific effect”.

Soon after senior Clinton adviser John Podesta's emails were hacked with Podesta, perhaps predictably, claiming that the Russian government was at work in.

This interpretation was further strengthened by Donald Trump's public declarations of his esteem for Vladimir Putin and the fact that a senior member of Trump's campaign had worked for former Ukrainian leader Viktor Yanukovych, widely regarded as a Russian puppet..

If Russia is the cyber-superpower that many suspect then, Van Der Walt thinks that there are lessons to learn, and even behaviours to emulate here.

Alleged interference in the US election and the use of cyber-power in the Russian annexation of Crimea highlight a useful tactic, not just for geopolitics, but network security.

The wars of information that Russian forces have deployed in the US election and in eastern Ukraine sit somewhere between full blown admission and plausible deniability. Then again, that's the point; obscuring what's true and what's false paralyses adversaries, disabling the enemy from ever understanding what the next clear move is.

This is quite well established Russian military doctrine said Van Der Walt. Arms of the Russian state will quite often attempt to influence public opinion, or leverage facts in misleading contexts to keep a chokehold on any perceptible truth.

It's all actually quite familiar to us, said Van Der Walt, “we call it Fear, Uncertainty and Doubt, or FUD”.

In August this year, a group calling itself The Shadow Brokers, loudly proclaimed its possession of NSA hacking tools. The group offered up part of the dump for free, and attempted to sell the other part for a steep price.

It was Edward Snowden who speculated that The Shadow Brokers were linked to the Russian state, in an attempt to publicly remind the US government that it wasn't just the Kremlin that liked to hack other people. These kinds of cyber-squabbles make us all unsafe said Van der Walt.

“We are made more unsafe as a result of these shenanigans”, said Van Der Walt.He thinks that it's these battles which are at fault for our growing vulnerability to cyber-attack. There is a cycle of industrialisation that attends these squabbles, marked firstly by an escalation  or cyber-arms race between opposing states. In turn a profession grows up around research into exactly this, exploits are then commoditised and before you know it the process has become an industry.

“More than anything,” said Van Der Walt, “the effect of government policy is probably the single thing that's impacting our industry the most”, it has led to “ a complete subversion of how we used to understand our space”.

Until recently, Van Der Walt thought insurance was the only solution, ready to “accept the fact there is no technical defence to this kind of force”.

It's out of this seemingly hopeless situation, however, than a new school of thought has arisen. In the face of a state entity, with formidable expertise and a near limitless war chest, what have others done?

Well, they took to the hills and fought guerilla wars. If there is one advantage that a guerilla force has against the legioned planes and tanks it is that the Guerilla knows his own space, and is known within it. The attacker does not and is not: “The massive thing the adversary has got against him is he doesn't know where he is.”

Russian military doctrine employs the same ignorance to hamstring its foes. Van Der Walt encouraged the audience to start thinking like their enemies and use the fog of war to distract and deter them. Visibility, or an adversary's lack of it is, after all, a function of control.

Neither you, nor your adversary ever has a perfect picture of what's going on but by introducing deception with things like honeypots, “the attacker can't tell what's real and what's false”.  ‘Kill the noise', the title of yesterday's event doesn't apply here so much as, ‘use the noise'.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews