On Recent Russian Hacking

On December 14th, Reuters published a short “one minute read” titled “Suspected Russian hackers breached U.S. Department of Homeland Security sources.” The article argues that this breach was part of a massive Russian hacking campaign to penetrate the U.S. departments of Treasury and Commerce. As the hackers were able to gain access into the Department of Homeland Security’s internal communication, there is definite speculation on what information was compromised. Overall, it is important to recognize that the Department of Homeland Security is a massive bureaucracy that oversees many important national responsibilities. These include border security, cybersecurity, and most recently, the secure distribution of the COVID-19 vaccine.

 

While not much more can be said about this particular incident, it is important to recognize that this breach was part of a months-long hacking campaign by the Russian group known as APT29, or Cozy Bear, according to the Washington Post. Despite the seemingly unprofessional name, Cozy Bear works for the Russian foreign intelligence service, the S.V.R.

 

While the F.B.I. provided no official comment, its investigation into the group has so far suggested that Cozy Bear’s hacking campaign could have begun in early spring. This corroborates the idea that the group was well enough organized, as well as resourced enough, to pull off a months-long cyberattack.

According to FireEye, a cybersecurity group that was itself a victim of the attack, Cozy Bear’s victims included various government agencies, as well as consulting, technology, telecom, and oil and gas companies from North America, Europe, Asia, and the Middle East. While the Russian Embassy in Washington quickly released a statement rejecting the claims as “baseless” since the attacks contradict Russia’s official policy of non-aggression, examinating past Russian actions erodes this claim’s validity. During the Obama Administration, for example, Cozy Bear was responsible for an attack on both the State Department and White House email servers. As for the claim that Russia’s foreign policy “does not conduct offensive operations,” a quick look at the 2014 Crimea crisis proves that this is not the case.

FireEye was able to provide some additional insight into the nature of the cyberattack. The company noted that the attack was made through an update in the network management system of the firm SolarWinds. SolarWinds responded with a statement on December 20th suggesting that its newly-updated product, released in March and June of 2020, was weaponized through a “highly sophisticated attack… by a nation-state.” All of this is extremely concerning. SolarWinds’s products are used on a global scale by many diverse organizations, including all five branches of the United States Military, the Pentagon, State Department, Justice Department, N.A.S.A., the Executive Office of the President, and the National Security Agency. The top 10 U.S. telecommunication companies also rely on SolarWinds’s products. Ultimately, this attack was incredibly serious and may even trigger a United States response.

The general rule for cybersecurity is that it is easier to hack something than to defend a file. However, considering the scope and sheer aggressiveness of this attack, the United States will need to respond and demonstrate that Russian interference in its affairs is unacceptable. I suspect the U.S. will levy sanctions against Russia, but I cannot condone this course of action, considering the detrimental effects sanction campaigns have on uninvolved civilians.

 

While there is no sign that the hacking campaign intends to leak information or compromise vital infrastructure, it did grant Russia the ability to freely root around its victims’ systems. Overall, the scenario seems to reflect the general rule of the digital age – nothing is truly “secret” anymore. We need to recognize the dangers of this new age, wherein information connected to the internet has become increasingly difficult to keep classified.

Related