Information Security Today Home

New Books

Global Information Warfare: The New Digital Battlefield, Second Edition by Andrew Jones and Gerald L. Kovacich; ISBN 9781498703253
Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare by Thomas A. Johnson; ISBN 9781482239225
Conflict and Cooperation in Cyberspace: The Challenge to National Security edited by Panayotis A Yannakogeorgos and Adam B Lowther; ISBN 9781466592018
Modern Geopolitics and Security: Strategies for Unwinnable Conflicts by Amos N. Guiora; ISBN 9781466569232
The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, Second Edition by Malcolm W. Nance; ISBN 9781498706896
Industrial Espionage: Developing a Counterespionage Program by Daniel J. Benny; ISBN 9781466568143

Russia's Undeclared Cyber Wars

David E. McNabb

7.1 Introduction

Post-Soviet Russia continues to exercise a get-tough attitude toward its former possessions. With each successful foray, its treatment toward the newly independent states that were once part of the Russian Empire becomes more and more assertive if not more aggressive. Neither US sanctions nor North Atlantic Treaty Organization's (NATO's) tepid verbal reprimands seem to have had much effect in controlling Russia's aggressive foreign policy. This chapter examines some of the cyber warfare tactics Russia is suspected of supporting or actually using against its smaller neighbors and enemies. These cyberattacks have also taken place in association with armed incursions.

Marine Corps General James Cartwright, former vice chairman of the US Joint Chiefs of Staff, defined cyber war as "the deployment of cyber capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace" (Cartwright 2013). A detailed dictionary of US cyberspace concepts and accepted terms and definitions is included in Appendix I. Russia's use of these weapons goes back at least to the Yeltsin years, albeit this time, they were used in Chechnya as political weapons against Russia (Tikk et al. 2008). Chechen separatists used the Internet for delivering pro-Chechen and anti-Russian propaganda.

During the second Chechen war in 1999-2000, Russians were accused of hacking into Chechen websites. US and NATO computers were attacked from an unidentified source during the 1999 Kosovo campaign, although Russia had been an ally of Serbia and strongly objected to the war. The allegedly Russian state-sponsored hacker group APT28 was identified in an October 2014 newspaper article as the hackers behind the attacks to the governments of Georgia, the Caucasus and Eastern Europe and conducting cyber espionage with attacks on NATO and defense contractors in Western Europe (Fox-Brewster 2014).

7.2 Cyber Tactics

In 2007 and 2008, Russia conducted a series of soft and hard attacks against several of its former satellites; the first was a bloodless cyber war; the second was also a cyberwar, but this one occurred along with a shooting war. The first substantial attack began on April 26, 2007 against Estonia. The second began on August 7, 2008 against Georgia. The next documented occurrence took place in 2009 when Lithuania was hit by cyberattacks; in a case of IP spoofing, Russian flags were placed onto more than 300 Lithuanian websites, and anti-Lithuania songs were played. The last cyberattack occurred in Ukraine. Another 2009 attack that occurred began on January 28 when Kyrgyzstan's two main servers were hit with DoS attacks, essentially stopping all of its email service. Lithuania cyberspace was hit again in 2003. A new target was struck in 2014 when hackers reported to be from Russia struck again, this time against Ukraine; as had occurred in Georgia, hackers attacked in concert with more bloodletting: at a small cost to Russia, it ended with the addition of more than 18,000 square miles of Crimea to the rebuilding Russian Empire.

The attack against Estonia employed cyber weapons exclusively. It was more of an application of cyberterrorism than warfare; no shots were fired; no lives were lost on either side. The cyberattacks against Georgia were followed a day after they began with an armored invasion of Georgian territory. By any definition, Russia's invasion of South Ossetia, an integral part of the Georgian state despite its independent administration, was an act of war.

Regardless of the rationale behind the attacks or the details of the tactics used, these and the subsequent aggressive actions signaled the willingness of Russia to use whatever weapon or weapons it believed appropriate to intimidate the small sovereign states that until 1990 were components of first the Russian and later the Soviet Empires. In 2014, Russia began the next step in its plan to reassemble its former empire. This time, the victim was Ukraine.

The row of former Soviet territories in North and Central Europe for which Russia still holds a special interest includes Finland, Estonia, Latvia, Lithuania, Kaliningrad, Belarus, Moldova and Ukraine.

Putin has never hesitated to inform the West that these, together with similar newly independent states to Russia's south and east, constitute regions of special interests, and Russia will go to extreme ends to protect those interests.

The excuse given by Putin for intimidating states like Estonia, Latvia, Lithuania and Ukraine is Russia's sacred commitment to protect ethnic Russians living in those states. The relatively good minority relations between Russia and Belarus are the model that Putin would like to see expanded to other former Soviet republics, although some analysts suggest that Russia's aggression in Ukraine and annexation of Crimea have moved Belarus to question whether to continue with Kazakhstan to join Russia in formation of the Eurasian Union (Wilson 2014). The trade union between Russia and its closest neighbors is scheduled to commence in 2015. The announced institutional model for the Russian Union is the European Union (EU). One of the causes for the Maidan riots and demonstrations in Kiev was the Ukrainian president's decision to reject a trade agreement substituting a plan to join the Russian Union instead.

7.3 2007 Cyber War with Estonia

Estonia, the northernmost and smallest former Soviet Union republic on the Baltic Sea, shares a long border along with Russia. Quoting unnamed sources, Richard Clarke (Clarke and Knake 2010, p. 30) noted that some analysts were calling the cyberattacks on Estonia WWI for Web War One.

This proximity and strategic importance location on the Gulf of Finland justified Soviet colonization after regaining Estonia during World War II. As a consequence of the Soviet-era occupation, in 2014, more than 25% of the population of Estonia consisted of ethnic Russians. The map of Estonia shows its long eastern border with Russia and its northern border the Gulf of Finland, which provides maritime access to Russia's old capitol St. Petersburg. To the south, it shares a border with Latvia, the Baltic nation with an even larger Russian minority. Estonia's two northeastern provinces and the capital city of Tallinn house Estonia's largest concentrations of ethnic Russians.

These regions are also the location of Estonian shale oil and gas deposits; this important resource extends across northern Estonia and into Russia. These deposits make up most of Estonia's energy needs; only 15% of its energy comes from imported Russian natural gas.

Estonian cyberspace was invaded on April 27, 2007, shortly after the Estonian government went ahead with plans to move a memorial—the Bronze Soldier —commemorating the Red Army's liberation of Estonia from the Nazis. To the Russians, moving the memorial was seen as additional "marginalization of their ethnic identity," whereas native Estonians considered the Bronze Soldier a reminder of Soviet oppression (Herzog 2011). The memorial was to be moved from its location in central Tallinn to a less prominent nearby military cemetery. The announcement resulted in riots among ethnic Russians living in Estonia, followed by a dangerous and expensive cyberterrorism attack against Estonia's economic and government institutions.

Although the perpetrators of the attack were never identified to everyone's satisfaction, subsequent investigations point to Nash—a Russian group founded by Vladimir Putin and funded by the Russian Business Network. Security analysts agree that Russian officials encouraged the hackers' actions by accusing Estonia of "altering history, perpetrating human rights violations, and encouraging fascism" (Herzog 2011). The DoS attack targeted Estonia's largest banks, cut online access to its largest newspapers, severely restricted web traffic and shut down telephone lines used by emergency services (Shackelford 2010; Pool 2013).

Estonia has long been Europe's most wired country, relying heavily on the Internet for much of its communications infrastructure. Government functions, parliament's email, electric power grids, safety and security services and water supplies are Internet dependent; 97% of bank transactions, income tax filing and utility payments occurred online. It gave Estonia the right to claim the title of paperless government. In March 2007, Estonia allowed Internet voting for parliamentary elections, becoming the first country to do so.

As for the cyberterrorism attack on Estonia, while severe and costly—one bank alone announced losses of more than US$1 million—the consequences could have been even more damaging; the odds are high that future cyberterrorism attacks will be more damaging. One analyst predicts that In future assaults, hackers may target a state's traffic lights, water supply, power grids, air traffic controls, or even its military weapon systems.

S. Herzog observed in Journal of Strategic Security, "As the Estonian crisis indicates, the Internet has become a powerful asymmetric tool for transnational groups who view themselves as disenfranchised and seek to intimidate the nation-states and other actors presumably responsible for their grievances. This is an issue of national sovereignty, as the digital networks and critical infrastructure targeted by the hackers are the property of—or on the territory of—nation-states. "

Both the perpetrators and defenders in the Estonian cyber crisis have learned what to do next time to both improve the efficacy of their incursions and to protect against similar incursions in the future. China, which has an unenviable record of committing cybercrime against commercial and military targets, particularly in the United States, has likely joined Russia in analyzing Estonia's weaknesses and the West's responses to improve their cyber warfare capabilities. Russia has been linked to cyberattacks on Georgia in 2008 and Poland in 2009. Four organizations have some responsibility for information security or offensive applications: the Russian Security Council, the Federal Agency for Government Communications and Information, the State Technical Commission and the Russian Armed Forces. Despite the shock value of the cyberwar assault on Estonia and immediate disruption to that nation's government and banking, the consensus among military analysts is that Estonia suffered very little long-term damage from the attack (Singer and Friedman 2014).

Meanwhile, the EU, NATO and the US military have taken steps to better defend against future cyberterrorism while also developing countermeasures. In April 2008, NATO adopted a uniform policy on cyber defense and formed the Cyber Defense Management Authority to coordinate and centralize cyber defenses in all member states. In August of the same year, NATO's cyber security headquarters, the Cooperative Cyber Defense Center of Excellence, as established in Tallinn. In 2010, the EU included cyber warfare defense elements in its Internal Security Strategy.

About the Book

From Vladimir Putin and Russia's Imperial Revival by David E. McNabb; ISBN 978-1-4987-1198-2. CRC Press, 2015.

Subscribe to
Information Security Today

Bookmark and Share

© Copyright 2015 Auerbach Publications