Russian Cyber Campaign Continues to Penetrate NATO Ministries

BAE found malicious code in ten countriesIt shouldn’t be easy to shut down a European ministry for days, depriving bureaucrats of access to e-mail and the web. Someone, however, has managed to do just that to Belgium’s foreign ministry, which had to quarantine its entire computer system last Saturday and only managed to restore the work of the passport and visa processing systems on Thursday. Similar attacks seem to be taking place elsewhere in Europe, as Belgian Foreign Minister Didier Reynders told the Belga news agency after meeting with a senior French diplomat that “everyone (on the European level) notes at this moment a very powerful pickup in hacking activity probably coming from the east and in any case having to do with Ukraine.”

The local press reports that a Russian program called Snake caused the disruption in Brussels. If that is true, the Belgians have made the acquaintance of one remarkable serpent. Under the name Agent.BTZ — a generic one, automatically generated to classify a then-unknown piece of malicious code – it hit the U.S. Department of Defense back in 2008. The attack became public knowledge two years later, after Deputy Defense Secretary William J. Lynn III described it in a Foreign Affairs article as a “significant compromise” of the DoD’s classified computer networks. Someone had coupled a flash drive to a military laptop at a Middle Eastern base, and the malware spread from there, prompting a huge policy response that culminated in the creation of the United States Cyber Command.

Given the attack target’s clout and resources, one would have expected the U.S. and its NATO allies to thoroughly study and block the malware. That didn’t happen. Defense conglomerate BAE Systems wrote in a recent report that “the operation behind the attacks has continued with little modification to the tools and techniques, in spite of the widespread attention a few years ago. . . .”

Snake and its variants have been extensively deployed by whoever made that investment. BAE Systems collected a total of 32 samples of the malicious code from Ukraine, where most of them appear to have been installed since the Maidan protests started in Kiev last year; 11 from Lithuania; four from the U.K.; two from the U.S. and another six from other countries. . . .

There must be entire agencies in NATO countries that need the same procedure. All it takes is for one ignorant bureaucrat to click on an enticing link in an e-mail or plug in an unverified thumb drive, and the entire computer network becomes a giant hydrant blowing information to some server in Moscow, or wherever Snake’s control center is.

Image: BAE found malicious code in ten countries (graphic: NATO)