Beware the Russian cyber bear

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.post-gazette.com/opinion/Op-Ed/2014/05/04/lt-div-class-libPageBodyLinebreak-gt-The-Russian-cyber-bear-lt-div-gt/stories/201405040018

When U.S. officials warn of the threat foreign cyber spies pose to American
companies and government agencies, they usually focus on China, which has
long been home to the world’s most relentless and aggressive hackers. But
new information shows that Russian and Eastern European hackers, who have
historically focused on crime and fraud, now account for a large and
growing percentage of cyber espionage, most of which is directed at the
United States.

Individuals and groups in Eastern Europe, particularly in Russia and
Russian-speaking countries, are responsible for a fifth of all cyber-spying
incidents in the world, according to a global study of data breaches
recently released by Verizon.

The spies are targeting a range of companies as varied as the global
economy itself and are stealing manufacturing designs, proprietary
technology and confidential business plans. The cyber spies steal
information on behalf of their governments in order to manufacture cheaper
versions of technologies or weapons systems, or to otherwise give their
home country’s corporations a leg up on their foreign competitors.

Last year, Verizon attributed nearly all incidences of cyber espionage — 96
percent — to sources in China. This year, the report’s authors say the
increase in spying attributed to Russia and Eastern Europe is partly the
result of new sources of information that reveal more than was previously
known about the long reach and sophistication of hackers in those countries.

It’s difficult to know precisely how much cyber espionage by Russia had
gone undetected in the past — Russian hackers have gone to great lengths to
cover their tracks, unlike their counterparts in China, who have generally
been easier to detect, said Alan Paller, a cyber security expert at the
SANS Institute. But that Russian spying is on the rise seems clear, experts
said.

This may come as unsettling news for Obama administration officials, who
have been watching warily as Russian forces in Ukraine have incorporated
cyber spying and warfare alongside conventional military strikes in their
swift takeover of Crimea and what looks like an increasingly likely
invasion of eastern Ukraine.

The report offers new and compelling evidence that Russia is just as
interested as China in using cyberspace to steal secrets from governments
and corporations. And viewed alongside Russia’s successful cyber operations
in Ukraine over the past few months, it suggests that Moscow is
aggressively ramping up its efforts to dominate cyberspace both for spying
and military purposes.

“Intelligence services, as well as cyber criminals, operating in Russia
have an interest in collecting information on our government, industry and
economy,” said White House spokesperson Laura Lucas Magnuson. “These
threats are not going away. We are addressing them by improving our network
defenses, sharing information on known vulnerabilities with the private
sector, and implementing the president’s executive order on improving cyber
security for U.S. critical infrastructure.”

The Russian forces in Ukraine have integrated cyber operations and
conventional military tactics in seamless fashion, current and former U.S.
officials and experts say. As soon as Russian forces moved into Crimea,
they took over the state-owned telecommunications provider and jammed cell
phone signals and severed Internet connections between the peninsula and
the rest of the country. Customers across the region lost phone and
Internet service, effectively shutting them off from the outside world. Two
Ukraine government Web sites also went offline, presumably the targets of
Russian hackers trying to stifle the flow of official information out of
Kiev.

The Russian military then began a series of conventional and cyber
operations against Ukraine’s military. As commando troops took up positions
in Crimea and seized official buildings, Russian naval vessels that carry
radio and cell phone jamming equipment were spotted in the port of
Sevastopol. Eventually, the Russians cut off Ukrainian forces in Crimea
from their command and control systems, NATO commander Gen. Philip M.
Breedlove told the New York Times. It was textbook operation that combined
centuries-old combat tactics with cyber-age assaults.

U.S. intelligence agencies were largely caught off guard by the Russian
invasion. The occupying forces limited their use of radios and cell phones
and went mostly undetected by the United States’ surveillance networks,
current and former officials said, an indication of the Russians’
technological savvy.

“It looks like the Russians learned from Osama bin Laden and used
couriers,” Joel Harding, a former military intelligence officer who worked
for the Army’s intelligence command and has experience in surveillance
operations, said in a recent interview. “They held access to those with a
need to know and exercised strict discipline in communications security.
That is the best professionalism I’ve seen from them ever.”

The Russian success is especially stinging for the United States because
these types of blended attacks — cyber strikes launched alongside military
operations — are what U.S. military and intelligence officials have for
years said will be the hallmarks of America’s future way of fighting a war.
Indeed, the U.S. military is spending billions of dollars to integrate
cyber warfare into military combat and intends to train a force of 6,000
cyber warriors by the end of 2015, Defense Secretary Chuck Hagel has said.

Also worrying for U.S. officials is the extent to which criminal hackers in
Eastern Europe are forging alliances with the Russian government,
effectively acting as cyber mercenaries. “I do think there are probably
groups in Eastern Europe that not only dally in financially motivated
crime, but also espionage,” said Chris Porter, a co-author of the Verizon
report.

How much that’s actually happening is hard to ascertain, because there’s
limited objective data, Mr. Porter said. But what is certain is that the
United States doesn’t hire criminal hackers to attack foreign governments
on its behalf. That puts the United States at a disadvantage if other
countries are willing to employ more aggressive tactics and hire skilled
criminals to do their bidding.

The Verizon report found that cyber spying is on the rise around the world,
not just in Russia and Eastern Europe. The number of spying incidents in
the new report was three times last year’s, which can partly be attributed
to having more and better sources of information. But even accounting for
those new data sets, the number of espionage cases grew since last year.

Russian and Eastern European hackers appear to be interested in stealing
the same kinds of information as their Chinese counterparts and are
targeting generally the same industries, the report found. Classified
military and intelligence information held in government computers tops the
spies’ list of targets. Hackers are also trying to infiltrate utility
companies, mining companies and law firms.

The Verizon report doesn’t specify what types of information the hackers
have stolen from those companies. But security experts have documented an
increase in espionage campaigns in the past few years targeting information
about how U.S. oil and natural gas pipelines are designed and controlled,
as well as where American companies are looking for new sources of fuel.
The hackers have also infiltrated law firms to gain insights into where
American companies are attempting to gain rights to drill for oil and mine
precious minerals. Given that Russia’s economy is largely dependent on
energy, that kind of information would be of extraordinary value to the
Russian government and energy companies.

The vast majority of all cyber espionage — 87 percent — was attributed to
“state-affiliated” groups, the report found. That could include hackers
working directly for a government or with its clandestine support but still
largely taking their marching orders from state officials.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!