[Swiftwater Gazette] Who are Russia's cyber-warriors

Ed kroposki kroposki at att.net
Sat May 6 07:03:43 EDT 2017

Whoare Russia's cyber-warriors and what should the West do about them? Long posting, read only if interested...

RolandOliphant 6 MAY 2017
Westernintelligence services and cyber security firms say they haveidentified two particular groups involved in the hack of theDemocratic National Committee (DNC) that led to a series ofembarrassing emails being leaked to the public ahead of the US presidential election. 
Thefirst group, known as APT 29, “Cozy Bear,” or “The Dukes,”penetrated the DNC in July 2015. It is believed to be linked to theFSB, the main successor agency to the KGB, the Soviet Union'ssprawling intelligence outfit.
Thesecond, which security experts call APT 28, or “Fancy Bear,”hacked in March 2016. Crowdstrike, the security firm hired by the DNCto investigate the hack, concluded it was linked to the MainIntelligence Directorate (GRU), the Russian ministry of defence's intelligence agency.
APTstands for Advanced Persistent Threat, a term cyber security expertsuse to refer to known networks of hackers. Cozy and Fancy Bear arenot the only ones linked to national governments. APT-1, for example,is believed to be a Chinese government operation.
BothCozy Bear and Fancy Bear gained access to computers through atechnique called “spear phishing,” where attackers use carefullytailored fake emails and websites to trick target individuals intouploading malware onto their computer systems.
Butthinking of them as glorified bank scammers would be a big mistake,says Thomas Rid, the author of Rise of the Machines and an expert onespionage at King's College London.

Inthe DNC hacks, the emails they used wereso carefully targeted and convincing that they achieved a successrate of one in seven emails.
“That’snot one in seven people who opened the email or clicked a link –that’s one in seven who actually typed in their passwords – aphenomenal success rate,” said Mr Rid. “It’s extremelysophisticated. Don’t think they wouldn’t fool you.”
BarackObama orders investigation into Russian hacking during US election
Sonow Russia has divisions of nerds as well as tanks?
Noone knows. The German intelligence services have estimated thatRussia’s three main intelligence outfits – the FSB, GRU, and SVR(the foreign intelligence service, roughly Russia’s MI6) – haveup to 4,000 cyber agents. That's not an outlandish number - the United States said in 2014 it would seek to hire 6,000 such staff. 
Betweenthem they have targeted foreign political parties, the Germanparliament, defence companies, and media organisations. 
Butthat doesn’t mean there are thousands of nerds wearingshoulder-board epaulettes. Much more likely, says Andrei Soldatov,co-author of The Red Web, is the use of “informal actors” –activists, criminal groups, and possibly even legitimate cyber techfirms – who are curated by and act for the state, but hold noformal rank or position. 
Outsourcingis a tactic Russia has used elsewhere to create plausibledeniability and lower the costs and risks of controversial overseasoperations.
WhenRussian troops moved into Crimea and east Ukraine in 2014, they werepreceded by nationalist activists who insisted (and still do insist)they were acting independently.
Italso makes it difficult to build an accurate picture of the Russiancyber warfare programme. Given the information publicly available,says Mr Soldatov, it is difficult to see how intelligence agenciesare so sure Fancy Bear is definitely the GRU, for example.

Whatabout Mr Putin? 
DmitryPeskov, Vladimir Putin's spokesman, says US officials should "eitherstop talking about it or finally produce some evidence, otherwise itall begins to look unseemly."
However,it is generally believed thatsophisticated cyber operations go up to the Kremlin – and strategicdirection and final sign off on large scale operations like the onethat targeted the DNC almost certainly sits with Mr Putin or one ofhis close advisors. 
Butmost experts believe the Russian cyber programme is too big to bemicro-managed by one man.
Infact, rival agencies appear to be running rival programmes, and theymay not always be coordinating with one another.
APT29 – “Cozy Bear”, supposedly linked the the FSB – forexample, displayed a stealthy, low-profile modus operandi that youmight associate with a civilian spy agency looking to gatherintelligence.
Theyweren’t caught until APT 28 – their presumably militarycolleagues – blundered in and set alarm bells ringing.
VladimirPutin's spokesman, says US officials should 'either stop talkingabout it or finally produce some BarackObama has promised to respond, but a tit-for-tat retaliation presentsobvious risks. 
Fora start, it is not difficult to image how a war in cyberspace couldspill into a war in the real world, said General Lord Richards, aformer chief of the defence staff.
"Younever really quite know where it's going to end up. Are they going tostart having a go at our financial system, electricity?” he said onthe BBC’s Today programme.
“Youhave got to be very, very careful and that is why he has been rathercagey, I think, in choosing his words the way he has," LordRichards added.
Obamawarns America will 'take action' over Putin's hacking of election andleaking politically compromising information related to the Russiangovernment probably would not be as politically damaging to VladimirPutin as it was to Hillary Clinton. 
That’spartly because the Kremlin maintains a near monopoly on the Russianmedia landscape, and partly because many Russians have few illusionsabout their politicians. 
ThePanama Papers, which revealed one of Mr Putin’s close friends hadbeen handling suspiciously large sums of money, was largely greetedwith a collective shrug – but also with the suspicion that it was aCIA operation trying to discredit the country’s leadership. 
Ifanything, a mirror image response from Washington would confirm thosesuspicions – reinforcing the perception of Mr Putin is a strongleader defending the country against an aggressive US.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.theswiftwatergazette.com/pipermail/swiftwatergazette/attachments/20170506/e4974feb/attachment-0001.html>

More information about the SwiftwaterGazette mailing list