Can Russian Hackers Be Stopped?

Uploaded on 2018-07-05 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

In the spring of 2015, faced with external cyber-attacks on the US of increasing frequency and severity, President Obama made a dramatic announcement. 

The level of hacking and cyber-espionage against the US had created an "unusual and extraordinary threat to the national security, foreign policy, and economy" of the country, said the President, who declared a national emergency to deal with the threat. 

This executive order allowed the administration to pursue sanctions against those who attacked US critical infrastructure or stole secrets. Since then the national emergency has been extended three times (it must be reconfirmed every year), but the attacks against the US and its allies continue.

Indeed, the ongoing state of emergency did little to deter the most spectacular anti-US hacking campaign in recent years: Russia's meddling in the 2016 US presidential election.

Russia is not alone in pursuing cyberattacks to advance its aims: The US government and its allies have long complained about the behaviour of China, Iran, and North Korea, too. Despite years of sanctions, indictments, and other attempts to combat hackers, the attacks have continued. And experts have warned it could be 20 years before the situation is brought under control. So why can't the hackers be stopped?

How can Governments Stop Hackers?
It's not that the US hasn't tried to deter cyberattacks, rather that the techniques the country and its allies have used so far haven't been very effective at stopping the bombardment.

Certainly, cybersecurity is a tough concept for politicians to get their heads around. Foreign agents sneaking into computer systems to steal secrets is crazy enough; the idea of enemies hacking into the computers which control critical infrastructure like power stations to cause destruction can seem like something out of an airport thriller, but is scarily real. Cyber-attacks are cheap, too: No need for a huge military might when all you need is a few smart people and some PCs to start a hacking campaign that can cause headaches for some of the biggest nations on the planet. For a State with few other options, cyber-attacks can be a potent weapon.

What makes cyberattacks an even more enticing option is that it's often hard to work out who is actually responsible for a particular incident, making it a handy way to cause trouble without necessarily getting caught. 

Nations often outsource these kinds of intrusions to freelancers who are adept at covering their tracks, making it harder to point the finger of blame. For example, an intrusion that took French TV station TV5Monde off the air was first thought to be the work of the "Cyber Caliphate" linked to ISIS, but is now blamed on Russia-backed hackers who deliberately left a false trail.

How does Cyber-Deterrence Work?
This is the complicated backdrop against which Western governments are struggling to build some kind of model to deter cyber-attackers. Hardening defences should be the easy part. Many of the most basic attacks, such as the Russian attacks on routers and network infrastructure that the FBI and the UK's GCHQ warned about recently, could be deflected by basic security measures like changing default passwords. However, while governments have more control over their systems, they have less ability to insist that businesses and individuals improve their own security, which is generally pretty terrible, because there are always better things to do. That means there is always a backdoor open to the hackers, and too often the front door, too.

According to one estimate, more than two-thirds of the UK's critical infrastructure bodies suffered an IT outage in the last two years, a third of which were likely due to cyber-attacks.

Few companies can survive a sustained assault by hackers, and even fewer are prepared to defend against state-backed attacks. However, finding a set of effective deterrents remains at best a work in progress.

Some state-backed hackers are looking for trade secrets, some are looking for weaknesses that could be used in future attacks, some are looking to steal money, and others want to just stir up trouble. Some want to do all of these things at once.

Each of these motivations requires a different response.
"In order to have effective deterrence from a US standpoint it's very important that we not just think about this in terms of cybersecurity defence and offence, but the cultural aspects of various nation states and their motivation," said Trevor Rudolph, a New America cybersecurity fellow who was chief of the Cyber and National Security Division at the Office of Management and Budget during the Obama administration.

Over the last half-decade, the US and its allies have tried to deter state-backed hackers with everything from publicity to sanctions and indictments, and maybe even attempts to hack back against assailants. While governments have plenty of practice at responding to a traditional armed assault because they've been dealing with that pretty much since countries were invented, calibrating a response to a cyberattack remains tricky.

"Ultimately it's not about responding to a cyberattack with cyber means, it's about looking at the full toolkit you have as a state in terms of diplomatic, economic, military, and others, and determining the right set of incentives and penalties you're going to apply to a country that's behaving in a way that is unacceptable," says Dmitri Alperovitch, CTO at security company CrowdStrike.

Cyber-Deterrence Trial and Error
The US, in particular, has been testing a variety of different deterrent strategies over a number of years. China was the first country openly tackled for its cyber-espionage when, in May 2014, a grand jury indicted five Chinese military hackers for hacking directed at companies in the US nuclear power and solar energy industries. 

A summit between President Obama and Chinese President Xi Jinping followed a year later, at which both countries promised not to use commercial cyber-espionage. Chinese attacks slowed, at least temporarily. 

But, according to the US intelligence community, China continues to use cyber-espionage to try and break into defence contractors and communications firms in particular. China is also targeting confidential business information such as pricing strategies or mergers and acquisitions data says a spokesman for FireEye.

"What we've seen pop up is Chinese groups targeting US law firms, US investment companies, and so on, stealing information in support of economic goals."

Attempts to curb cyber intrusions by Iran have also met with similar, limited, success. In March 2016 charges were announced against seven Iranians over distributed denial of service attacks against US companies; one man was also charged with unauthorised access into control systems of a US dam. In March 2018 the US Department of Justice charged nine Iranians with stealing more that 31 terabytes of documents and data from more than 140 American universities and 30 American companies.

The US also tried using sanctions against North Korea over its hacking attack on Sony Pictures in what was the first use of sanctions by the US in response to cyber-espionage.

It's possible, although still unclear, that the US may have also responded to Pyongyang's attack on Sony Pictures by taking North Korea's Internet offline for a short period of time, but even this has done little to curb North Korea's activities.
But North Korea continues to use cyberattacks to gain intelligence and in particular to steal funds to prop up the state.

"They've really veered into the crime angle," Read notes. While attempts to curb the behaviour of China, Iran, and North Korea has been limited in its impact, the biggest challenge the US faces at the moment is from Russian interference.

Russia has been blamed for the hacking of the Democratic National Committee and the subsequent leaking of emails. Kremlin-backed groups have also been accused of using disinformation campaigns across social media to stage arguments and undermine trust in the US political system during the 2016 Presidential campaign.

For its part, Russia has denied any meddling. President Putin has denied Russian state involvement in any election meddling, although he did not rule out that Russian hackers might be involved.

"If they are feeling patriotic, they will start contributing, as they believe, to the justified fight against those speaking ill of Russia," he told journalists in 2017. But then, in March 2018 Putin again denied Russian state involvement: "Why have you decided the Russian authorities, myself included, gave anybody permission to do this?" he told NBC News.

US intelligence warns that Russian intelligence and security services continue to probe US critical infrastructures, as well as target the US, NATO, and allies for insights into US policy. Attempts to deter Russian meddling seem to have had little impact.
In December 2016 President Obama responded to revelations about Russian behaviour by expelling diplomats and closing two Russian properties. President Trump added to those moves with new sanctions in March 2018, which had been approved by Congress seven months earlier, and accused Moscow of attempting to hack the US energy grid. Critics said these sanctions did not go far enough.

Indeed, deterring Russia is further complicated by Donald Trump's own response to the hacking revelations. In the Presidential race he, jokingly, invited Russia to hack Hillary Clinton, saying: "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing." And after winning the election he was initially reluctant to blame Russia for election meddling.

The Limits of Naming-and-Shaming
One tactic the US has used with some success is to be more public about Russian attacks; it has also coordinated with other countries to go public. In February 2018, seven nations, the US, the UK, Denmark, Lithuania, Estonia, Canada, and Australia blamed the NotPetya ransomware attacks on Russia, with support from New Zealand, Norway, Latvia, Sweden, and Finland. Similarly, it was the US along with the UK and Australia in April 2018 that complained about Russian interference with routers and internet infrastructure.

Creating a broader coalition makes its condemnation stronger and harder for a country to shrug off. But although naming-and-shaming may have worked against Chinese industrial cyber-espionage (at least in the short term), it doesn't seem to be particularly effective against the Russians. While the Chinese government doesn't like to be embarrassed in this way, Russia seems much less concerned.

While Moscow consistently denies conducting any of these attacks, it doesn't seem to mind the accusations too much, if only because it acknowledges the Russian state's capabilities.

Where does Cyber-Deterrence Go-Next?
There is always the chance that nation states will change their minds about their use of hacking and cyber intrusion.
As recently as 2009 Russia was keen for a treaty with the US covering the use of cyber-weapons. This would have banned countries from embedding code in the systems of other nations and imposed a ban on the use of deception to disguise the source of cyberattacks. The US wasn't interested, however. President Trump has also floated the idea in 2017 that the US and Russia create "an impenetrable Cyber Security unit" to prevent election hacking, but this didn't get very far.

It will likely take years, or even decades, for rules to finally emerge that govern cyber-espionage and cyberwarfare, so countries will continue to jockey for position for years to come until norms are established. 

A failure to establish boundaries accepted by all means that the risk of accidental escalation remains; if the rules of engagement aren't clear, then a relatively trivial hacking incident could rapidly turn into a full-on confrontation.
One further complication is that rival countries have very different definitions of national security and how to protect it, understanding these differences will be key to creating an agreed set of rules. This makes cyberwar a question of language, not computer code.

Other experts from RUSI argue thay the West's adversaries aren't playing by the same rules "so surely it makes sense to continue the conversation and at least start to explore where the boundaries lie." For example, Russia is, among other things, very concerned about the ability of the West to influence its population through the Internet in the way that it did in the past through radio stations, and sees its own election meddling as acceptable through that prism of suspicion.

"It's about continuing the conversation," said Lawson. "If it does take 20 years for norms to appear in part that will be our fault for making the decision not to engage."

But for now, many nations states will judge that using hackers to spy on, disrupt, distract, and steal from rival states remains a cheap, effective, and relatively risk-free option. Until something changes, expect to see plenty more of the same.

TechRepublic

Trump Backs Russia On Election Interference:

Russia Warns UK Against Cyber Retaliation:

 

« MSAB Joins CASE Initiative On Digital Forensics
Digital Shock: Part 1 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.

Velstadt Cybersecurity

Velstadt Cybersecurity

Velstadt's team of experienced professionals works on identifying vulnerabilities, analyzing threats, and developing strategies to ensure the highest level of security.