Jeff Carr, internationally-known cybersecurity advisor and author of Inside Cyber Warfare: Mapping the Cyber Underworld, is in close collaboration with the Cyber Operations Unit of Ukraine’s Defense Intelligence Service (GURMO), which recently breached the three key installations.
Carr believes that these entities were chosen to show how vulnerable Russia’s cybersecurity pastures might be, both when it comes to defending its infrastructure and launching cyber attacks.
“It's possible that we give Russia too much credit from a cyber perspective,” he told Cybernews.
Ukraine is mostly alone in the field when it comes to a physical battle. However, when it comes to cyberwar, where NATO borders don't play a role, Russia fights against many allies of Ukraine. I sat down with Carr to discuss recent developments in the cyber realm.
What is the Cyber Operations Unit up to? It seems that they are on the offensive, exposing some key entities in Russia.
They are breaking some new ground in the area of cyberwarfare. The unit I am in touch with is part of the Ukrainian Ministry of Defense. They are offensive, and so the purpose, as far as I can tell, is to be able to signal to the Russian government that their cybersecurity defenses don't work, and that the most valuable assets they have can be accessed by the Ukrainian Ministry of Defense.
I think communicating that message serves the purpose of saying: “if you attack in any way that's going to create too much of an imbalance, your critical infrastructure, your most valued projects are also subject to attack.” As far as I can tell, Russia has not tried to hurt Ukraine from a cyber perspective. They haven't tried to crush any of their power or other utilities, and they don't seem to be having much success interfering with their internet access. It's possible that they have not made successful public operations from Russia against networks, and we haven't heard of them. Possibly, the strategy is an effective one. It's also possible we give Russia too much credit from a cyber perspective.
We are used to picturing Russia, along with North Korea, Iran, and China, as nations having strong state-sponsored hacking units. But when these cyber enthusiasts started hacking Russian entities, it seemed like it was too easy at times, simply due to poor cyber hygiene.
Indeed, exposing their vulnerability is a big part of it. It's possible, and what I'm hoping is that after the war is over, they'd be willing to share some information about the state of Russia's cybersecurity – at least as it was during the war, and how difficult or easy it was.
I know that the cyber unit team has an excellent skill set, so I wonder if it is because Russia's network has poor cyber hygiene, or is it simply that these are excellent hackers, and they have tools that enable them to gain access in ways that traditional defenses won't pick up.
In the Space Program, [Russian security service] FSB just arrested an IT engineer for violating the security regimen for an automated system at a launch center. The Kalashnikov company hired a new director of cybersecurity just three months ago. It's possible that they are aware of their networks' vulnerability and trying to do something about that. After this war is over, maybe they will improve their defensive capabilities.
But the other issue is, how strong are they offensively? We haven't seen that directed against Ukraine. Either it's because they have made a conscious decision not to do that, or they don’t have the ability. There are so many unknowns in this field.
I guess many people are simply hoping that Russian offensive capabilities are just as weak as their physical artillery. At the same time, seeing this massive Ukrainian IT army, Russians probably understand that if Ukraine experienced a significant cyber attack the retaliation could be massive, bearing in mind that there are no NATO borders in the digital realm, and Ukraine's many allies?
Could be – as you pointed out, it's open season. Anonymous decided to get involved and represent hackers from any country. I think it'll be very interesting to see if there is any publicly available information after this is done, regarding Russia's cybersecurity companies and their research and development from universities that specialize in information security – to see if this is a thing that they recognize and start to address.
You mentioned they might get stronger after the war is over. But can they, given that a lot of tech and cybersecurity companies are pulling out of Russia? They will have to rely only on themselves, at least for some time.
I think that's been Russia's intention for a number of years – to not rely on Western technology, because they are paranoid about back doors and other things. Frankly, they really should not have been using Western vendors for their cybersecurity. And they have some excellent companies – Kaspersky and Group IB, and I'm sure that there are others not as well known. They have some of the best universities in the world – education in Russia is wonderful. I think that they can do it without any Western help.
Maybe they need to create a better working environment or living conditions or somehow stop the corruption that seems to be rampant throughout the country. To a certain point, you have talented hackers that might, on the one hand, want to work for the benefit of Russia's networks and defend them. On the other hand, their pay is probably not very much, and the amount of money they could make as a black-hat hacker is a thousand times more.
A lot of hacking efforts seem to be just noise. I get that this might be good from a PR perspective. However, I wonder if there are more severe operations going on that we don't hear about because they can't be made public?
There are a lot of operations that are designed to be espionage-driven. That's not shared with me. In some cases, like with their Space Program, they have shared some information, but there are other parts that they are unwilling to because it's ongoing and sensitive.
They are hoping that the message is that the target is vulnerable. In the case of the Beloyarsk Nuclear Power Plant, they only accessed the business network, not the control or operational systems, but what they are trying to say is: we are in the business network and it is not that much harder to cross over into the OT [operational technology] side. Even though they are not releasing any evidence that they've been on that side, they are trying to signal that they could.
The Space Program, I think, was targeted because it's a favorite program of Putin's. He's personally committed to it, it's part of the pride of Russia, which has been an essential part of the International Space Program. I think they picked that because it hurts if your pride and joy is your technology, specifications, research, and all of that – and it's now in the hands of the Ukrainian government, and some of it is being made public.
This is a multi-pronged effort – there's espionage, there's a psychological aspect to it, and there's the communication, signaling, “don't cross this line, because we can do more.”
On the night of February 24, Russian forces invaded Ukraine. The Kremlin dubbed the aggression a 'special operation,' and calling the attack a 'war' can lead to a 15-year sentence.
In light of the attack, the hacker community started rallying to help Ukrainians. With Anonymous being the most prominent one, numerous hacker groups and researchers partake in various campaigns to help Ukraine.
Cyber activists targeted Russian state-controlled media outlets TASS, Kommersant, Izvestia, Fontanka, and RBC, pushing them offline.
The German branch of the Anonymous collective also claims to have stolen 20 terabytes of data from the German arm of Rosneft, Russia's state energy company.
The Kremlin's invasion of Ukraine prompted Western governments to sanction Russia. As a result, numerous IT-related services got blocked or left the Russian market after the invasion began.
According to the United Nations, over 2.8 million people have fled Ukraine to neighboring countries. Thousands of Ukrainian civilians have perished due to Russia's artillery attacks of urban territories.
More from Cybernews:
Subscribe to our newsletter