Blogs

The massive cyberattack that crippled public transportation, the central bank, government offices, the state power distributor, and public firms in Ukraine on June 27 serves as a potent reminder of the havoc that can be unleashed by low-level actors, according to an Atlantic Council analyst.

“This is another reminder that low-capability actors can have a profound impact on critical infrastructure like media, finance, energy, and others,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center on International Security.

Besides Ukraine, which appears to have been hit particularly hard, symptoms of the attack were also reported from the United Kingdom, Russian oil producer Rosneft, and the Danish shipping company Maersk.

“Despite early indications, it’s unclear whether this attack was targeted against Ukraine or just happened to hit the news cycle there first,” said Woods.
The ransomware attack that shut down a number of hospitals in the United Kingdom (UK) on May 12 should serve as a wake-up call to defend critical infrastructure against cyberterrorism, according to an Atlantic Council analyst.

“I was never worried that ransomware was going to deliberately kill someone,” said Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative. Referring to hacking groups that identify as part of the Islamic State of Iraq and al-Sham (ISIS), he added, “I was worried about adversaries like Cyber Caliphate extremist groups who have the means, motive, and opportunity to take life.”

In a cyber security environment in which low-capability actors can access tools in the public domain to launch a widespread cyberattack, “there are no technical barriers to a sustained attack on any or all hospitals globally,” Corman said.
A cyberattack that has crippled 200,000 computers in more than 150 countries could have been prevented had the victims conducted a simple security update.

“One of the lessons learned here is that people just do not patch their systems,” said Dmitri Alperovitch, a nonresident senior fellow in the Cyber Statecraft Initiative of the Atlantic Council’s Brent Scowcroft Center on International Security.

“The reality is: the vulnerability that was exploited was not a zero-day vulnerability,” he said.
In March of 2003, I commanded an EC-130 Compass Call, an aircraft configured to perform tactical command, control, and communications countermeasures, over the skies of Iraq. My crew’s mission was to jam enemy communications and help allied forces preserve Iraq’s oil infrastructure. During these missions, we positioned ourselves some distance from the intended target, while an electronic warfare officer controlled jamming functions using a keyboard located in the back of the aircraft.

While this mission demonstrates how developments in cyber technology can be used to further US security interests, a little more than a decade later a young man named Junaid “TriCk” Hussain aligned himself with the Islamic State of Iraq and al-Sham (ISIS), and undertook his own form of electronic warfare. Sitting comfortably away from his targets, like my orbiting EC-130, he used a keyboard to launch attacks through cyberspace. Specifically, Hussain built “kill lists” of US military personnel and published them online. He leveraged the increasing power and reach of social media to call for terror attacks against Western interests. These brash moves quickly attracted the attention of the US government. Ultimately, an airstrike from an unmanned aircraft killed TriCk in 2015.
On March 7, WikiLeaks released a large collection of documents from the Central Intelligence Agency (CIA) with a catalogue of technical tools in the agency’s arsenal and the techniques it uses to get around privacy protections. This release has been compared to the ones facilitated by Edward Snowden and Chelsea Manning. While it is comparable in scale, are we premature in comparing their impact?

It should come as no surprise to anyone that the CIA (or indeed any intelligence agency in the world) uses hacking to conduct espionage operations. What is important here is that these methods have been forced into the open. These leaks raise several important questions that must not be derailed by alarmist analyses, mass paranoia, and clickbait content.
It is the international community’s responsibility to maintain peace and security in the face of growing cyber threats to a society that is increasingly vulnerable because of its dependence on connected technology, Henne Schuwer, the Netherlands’ ambassador to the United States, said at the Atlantic Council on February 8.

“We have to all band together to make sure that this Internet, this cyberspace… will be a peaceful movement around the world from which we all benefit,” he said.

In light of the Russia’s meddling in the 2016 US presidential elections, and concern looking ahead to upcoming elections in Europe in 2017—in France, Germany, the Netherlands, and possibly Italy—it has become necessary to establish a legal framework for the international community to understand a common set of rules of the road in cyberspace.
In light of the intelligence report unequivocally attributing cyberattacks during the US presidential election to Russia, US President-elect Donald Trump must take stock of the magnitude and implications of the Kremlin’s actions, and react appropriately, according to John E. Herbst, director of the Atlantic Council’s Dinu Patriciu Eurasia Center.

“We are facing Mr. Putin, a world leader who is determined to weaken the American position, especially in Europe, but around the world,” said Herbst, a former US ambassador to Ukraine. “It’s very important the incoming administration recognize the seriousness of the problem and take decisive action to deter Russia aggression.” 
The report leaked from the Central Intelligence Agency (CIA) on December 9 confirmed concerns raised during the election campaign: Russia interfered in the US presidential election, with the intent of bolstering President-elect Donald Trump’s campaign. While Washington continues to debate the deeper implications of the cybersecurity breaches and leaks that marred this election season, intelligence agencies and cybersecurity companies alike are confident that Russian hackers are the culprits. As the United States gears up for congressional investigations into the accusations, several European countries up for presidential and parliamentary elections next year—Germany, France, and the Netherlands—worry they will become the Kremlin’s next target. The shift from stuffing the ballots, as repeatedly seen in  elections in Russia, to manipulating cyberspace and social media has given the Kremlin alarming powers to not only help choose foreign leaders, but also to catalyze the breakdown of Western democracies’ liberal values.

While Russia’s interference in the presidential election shocked many in the United States, influence operations, such as the spread of disinformation, cyber-attacks, and cultivation of agents of influence, are a part of the Kremlin’s “nonconventional” warfare arsenal. The Kremlin has actively interfered to sway elections and policies in countries that it considers as part of Russia’s so-called “near-abroad” — the post-Soviet states that the Kremlin sees as its legitimate sphere of influence. 
Russian cyberattacks on the eve of the US presidential elections clearly benefitted one candidate—Donald Trump. How to respond to this meddling is another matter altogether.

The Central Intelligence Agency (CIA) confirmed in a secret assessment first reported by The Washington Post that Russia was involved in the cybersecurity breach of both the Democratic and Republican National Committee networks.

The release of information connected to the Democratic National Committee (DNC) was “an attempt to influence, not directly the results of our election, but reframe the narrative around them that clearly benefitted one candidate over the other,” said Alina Polyakova, deputy director of the Dinu Patriciu Eurasia Center and senior fellow with the Future Europe Initiative at the Atlantic Council.
In October, Mirai malware used default login credentials to compromise thousands of routers, digital video recorders, Internet cameras, and other Internet-connected devices. Mirai then created a botnet with the hacked hardware and targeted Dyn, a key provider of domain name services. The result wreaked havoc across the Internet, taking down several prominent websites and disrupting services for millions of users. Put another way, Mirai was a digital assassin who fired a sniper’s bullet at an essential Internet node. Speculation on the hack’s origin and purpose ranged from Russian cyber teams conducting pre-election disruption tests to Wikileaks supporters protesting against Ecuadorian authorities.

Notably, Mirai did not affect any Department of Defense (DoD) assigned Internet protocol (IP) addresses. Even more intriguing, this avoidance was by design. An analysis of the botnet’s source code shows the writer excluded DoD IP ranges. The analysis goes on to describe the likely author as “a skilled, yet not particularly experienced, coder who might be a bit over his head.” This assessment might be valid, but I find the humor short-lived.


    

RELATED CONTENT