CyberwarRussia may launch crippling cyberattacks on U.S. in retaliation for Ukraine sanctions

Published 2 May 2014

U.S. officials and security experts are warning that Russian hackers may attack the computer networks of U.S. banks and critical infrastructure firms in retaliation for new sanctions by the Obama administration, imposed in response to Russia’s actions in Ukraine. Cybersecurity specialists consider Russian hackers among the best at infiltrating networks and some say that they have already inserted malicious software on computer systems in the United States.

U.S. officials and security experts are warning that Russian hackers may attack the computer networks of U.S. banks and critical infrastructure firms in retaliation for new sanctions by the Obama administration, imposed in response to Russia’s actions in Ukraine. Cybersecurity specialists consider Russian hackers among the best at infiltrating networks and some say that they have already inserted malicious software on computer systems in the United States.

The Financial Services Roundtable (FRS), an industry group that includes some of the nation’s largest banks, is watching for any signs of cybertacttcks. “A cyber-attack is a real concern that we all need to have,” said Paul Smocer, head of the technology policy division for FRS. “Nation states’ ability to launch cyber-attacks is certainly real nowadays, and so in any conflict, I think that the possibility exists as we worry about escalation.”

Bloomberg Businessweek notes that a cyberattack by the Russian government or independent hackers may be untraceable because identities and locations of the attackers can be masked. It took security experts months to trace an eight-month series of distributed-denial-of-service (DDOS) attacks on major U.S. banks in 2012 and 2013 to Iranian hacker group, Al Qassam Cyber Fighters. The Iranian hacking was a retaliation for U.S. and international sanctions against Iran. “There’s been a history of cyber-attacks against the industry, so we’ve prepared in terms of both strong defenses and strong information-sharing,” Smocer said.

U.S. officials say Congress’ failure to pass new legislation allowing companies to share information on cyberattacks without the risk of antitrust action or shareholder liability suits has diminished efforts to improve private sector cyber defenses. In addition, the public backlash against the NSA as a result of the Edward Snowden revelations has made intelligence agencies reluctant to take more aggressive action to prevent cyberattacks.

Russia has shown no limitations in using its cyber capabilities against its adversaries. In 2007, a group of young Russian hackers launched a series of DDOS attacks on Estonia after that country planned to move a statue memorializing Soviet Second World War soldiers from the capital to a remote location. While no evidence connected the Russian government to the attacks on Estonia, the Russian military and intelligence services have improved their cyber-warfare capabilities. According to Jaime Blasco, a malware researcher and labs director for AlienVault, the 2007 Russian attack on Estonia used 100 megabytes per second, but a DDOS attack in December 2013 on unnamed companies in the United States and France used 400 gigabytes per second. “Russia could launch denial-of-service attacks against critical infrastructure in the United States,” he said. “It could be much bigger than we have ever seen.”

Arbor Networks Inc. reports that DDOS attacks have spiked so far in 2014, with a 1.5 percent increase in attacks using at least twenty gigabytes per second in 2014, compared to 2013. The largest this year has been a 325 gigabyte-per-second attack against a target in France that lasted four hours and twenty-two minutes. Dan Holden, director of security for Arbor Networks claims that a network of computers called Dirt Jumper that has been used in DDOS attacks were created in Russia. “Historically speaking, the Russians probably are the best spies in the world,” he said.

Jen Weedon, manager of threat intelligence at FireEye Inc., believes that Russian hackers have already infiltrated U.S. computer networks. “A lot of the security community is tracking specific malware campaigns targeting the energy industry and attributing them to Russian actors,” Weedon said. The malware creates “back doors” to steal network data. Weedon also believes that if freelance hackers tried to carry out destructive attacks against U.S. critical infrastructure, the Russian government would intervene. “If they were suddenly to attack U.S. assets, I think that would cross a red line,” she said. “What incentives do they have to allow that to happen or do it themselves? I think they would expect a U.S. response, and the U.S. probably would respond.”

Other security experts are less confident. Rodney Joffe, senior vice president and chief technologist for Neustar Inc. told Bloomberg that “our experience and evidence tends to support the notion that Russia is sufficiently organized and equipped to wage a very effective cyber-guerrilla campaign against the U.S. and avoid public attribution.”