view counter

The Russian connectionTracing the sources of today’s Russian cyberthreat

By Dorothy Denning

Published 29 September 2017

Cyberspace is an active battleground, with cybercriminals, government agents and even military personnel probing weaknesses in corporate, national and even personal online defenses. Some of the most talented and dangerous cybercrooks and cyberwarriors come from Russia, which is a longtime meddler in other countries’ affairs. Over decades, Russian operators have stolen terabytes of data, taken control of millions of computers and raked in billions of dollars. They’ve shut down electricity in Ukraine and meddled in elections in the U.S. and elsewhere. They’ve engaged in disinformation and disclosed pilfered information such as the emails stolen from Hillary Clinton’s campaign chairman, John Podesta, following successful spearphishing attacks. Who are these operators, why are they so skilled and what are they up to?

Beyond carrying all of our phone, text and internet communications, cyberspace is an active battleground, with cybercriminals, government agents and even military personnel probing weaknesses in corporate, national and even personal online defenses. Some of the most talented and dangerous cybercrooks and cyberwarriors come from Russia, which is a longtime meddler in other countries’ affairs.

Over decades, Russian operators have stolen terabytes of data, taken control of millions of computers and raked in billions of dollars. They’ve shut down electricity in Ukraine and meddled in elections in the U.S. and elsewhere. They’ve engaged in disinformation and disclosed pilfered information such as the emails stolen from Hillary Clinton’s campaign chairman, John Podesta, following successful spearphishing attacks.

Who are these operators, why are they so skilled and what are they up to?

Back to the 1980s
The Russian cyberthreat dates back to at least 1986 when Cliff Stoll, then a system administrator at Lawrence Berkeley National Laboratory, linked a 75-cent accounting error to intrusions into the lab’s computers. The hacker was after military secrets, downloading documents with important keywords such as “nuclear.” A lengthy investigation, described in Stoll’s book “The Cuckoo’s Egg,” led to a German hacker who was selling the stolen data to what was then the Soviet Union.

By the late 1990s, Russian cyberespionage had grown to include the multi-year “Moonlight Maze” intrusions into U.S. military and other government computers, foretelling the massive espionage from Russia today.

The 1990s also saw the arrest of Vladimir Levin, a computer operator in St. Petersburg. Levin tried to steal more than US$10 million by hacking Citibank accounts, foreshadowing Russia’s prominence in cybercrime. And Russian hackers defaced U.S. websites during the Kosovo conflict, portending Russia’s extensive use of disruptive and damaging cyberattacks.

Conducting advanced attacks
In more recent years, Russia has been behind some of the most sophisticated cyberattacks on record. The 2015 cyberattack on three of Ukraine’s regional power distribution companies knocked out power to almost a quarter-million people. Cybersecurity analysts from the Electricity Information Sharing and Analysis Center and the SANS Institute reported that the multi-staged attacks were conducted by a “highly structured and resourced actor.” Ukraine blamed the attacks on Russia.