Can Russian Hackers Be Stopped?

Uploaded on 2018-07-05 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

In the spring of 2015, faced with external cyber-attacks on the US of increasing frequency and severity, President Obama made a dramatic announcement. 

The level of hacking and cyber-espionage against the US had created an "unusual and extraordinary threat to the national security, foreign policy, and economy" of the country, said the President, who declared a national emergency to deal with the threat. 

This executive order allowed the administration to pursue sanctions against those who attacked US critical infrastructure or stole secrets. Since then the national emergency has been extended three times (it must be reconfirmed every year), but the attacks against the US and its allies continue.

Indeed, the ongoing state of emergency did little to deter the most spectacular anti-US hacking campaign in recent years: Russia's meddling in the 2016 US presidential election.

Russia is not alone in pursuing cyberattacks to advance its aims: The US government and its allies have long complained about the behaviour of China, Iran, and North Korea, too. Despite years of sanctions, indictments, and other attempts to combat hackers, the attacks have continued. And experts have warned it could be 20 years before the situation is brought under control. So why can't the hackers be stopped?

How can Governments Stop Hackers?
It's not that the US hasn't tried to deter cyberattacks, rather that the techniques the country and its allies have used so far haven't been very effective at stopping the bombardment.

Certainly, cybersecurity is a tough concept for politicians to get their heads around. Foreign agents sneaking into computer systems to steal secrets is crazy enough; the idea of enemies hacking into the computers which control critical infrastructure like power stations to cause destruction can seem like something out of an airport thriller, but is scarily real. Cyber-attacks are cheap, too: No need for a huge military might when all you need is a few smart people and some PCs to start a hacking campaign that can cause headaches for some of the biggest nations on the planet. For a State with few other options, cyber-attacks can be a potent weapon.

What makes cyberattacks an even more enticing option is that it's often hard to work out who is actually responsible for a particular incident, making it a handy way to cause trouble without necessarily getting caught. 

Nations often outsource these kinds of intrusions to freelancers who are adept at covering their tracks, making it harder to point the finger of blame. For example, an intrusion that took French TV station TV5Monde off the air was first thought to be the work of the "Cyber Caliphate" linked to ISIS, but is now blamed on Russia-backed hackers who deliberately left a false trail.

How does Cyber-Deterrence Work?
This is the complicated backdrop against which Western governments are struggling to build some kind of model to deter cyber-attackers. Hardening defences should be the easy part. Many of the most basic attacks, such as the Russian attacks on routers and network infrastructure that the FBI and the UK's GCHQ warned about recently, could be deflected by basic security measures like changing default passwords. However, while governments have more control over their systems, they have less ability to insist that businesses and individuals improve their own security, which is generally pretty terrible, because there are always better things to do. That means there is always a backdoor open to the hackers, and too often the front door, too.

According to one estimate, more than two-thirds of the UK's critical infrastructure bodies suffered an IT outage in the last two years, a third of which were likely due to cyber-attacks.

Few companies can survive a sustained assault by hackers, and even fewer are prepared to defend against state-backed attacks. However, finding a set of effective deterrents remains at best a work in progress.

Some state-backed hackers are looking for trade secrets, some are looking for weaknesses that could be used in future attacks, some are looking to steal money, and others want to just stir up trouble. Some want to do all of these things at once.

Each of these motivations requires a different response.
"In order to have effective deterrence from a US standpoint it's very important that we not just think about this in terms of cybersecurity defence and offence, but the cultural aspects of various nation states and their motivation," said Trevor Rudolph, a New America cybersecurity fellow who was chief of the Cyber and National Security Division at the Office of Management and Budget during the Obama administration.

Over the last half-decade, the US and its allies have tried to deter state-backed hackers with everything from publicity to sanctions and indictments, and maybe even attempts to hack back against assailants. While governments have plenty of practice at responding to a traditional armed assault because they've been dealing with that pretty much since countries were invented, calibrating a response to a cyberattack remains tricky.

"Ultimately it's not about responding to a cyberattack with cyber means, it's about looking at the full toolkit you have as a state in terms of diplomatic, economic, military, and others, and determining the right set of incentives and penalties you're going to apply to a country that's behaving in a way that is unacceptable," says Dmitri Alperovitch, CTO at security company CrowdStrike.

Cyber-Deterrence Trial and Error
The US, in particular, has been testing a variety of different deterrent strategies over a number of years. China was the first country openly tackled for its cyber-espionage when, in May 2014, a grand jury indicted five Chinese military hackers for hacking directed at companies in the US nuclear power and solar energy industries. 

A summit between President Obama and Chinese President Xi Jinping followed a year later, at which both countries promised not to use commercial cyber-espionage. Chinese attacks slowed, at least temporarily. 

But, according to the US intelligence community, China continues to use cyber-espionage to try and break into defence contractors and communications firms in particular. China is also targeting confidential business information such as pricing strategies or mergers and acquisitions data says a spokesman for FireEye.

"What we've seen pop up is Chinese groups targeting US law firms, US investment companies, and so on, stealing information in support of economic goals."

Attempts to curb cyber intrusions by Iran have also met with similar, limited, success. In March 2016 charges were announced against seven Iranians over distributed denial of service attacks against US companies; one man was also charged with unauthorised access into control systems of a US dam. In March 2018 the US Department of Justice charged nine Iranians with stealing more that 31 terabytes of documents and data from more than 140 American universities and 30 American companies.

The US also tried using sanctions against North Korea over its hacking attack on Sony Pictures in what was the first use of sanctions by the US in response to cyber-espionage.

It's possible, although still unclear, that the US may have also responded to Pyongyang's attack on Sony Pictures by taking North Korea's Internet offline for a short period of time, but even this has done little to curb North Korea's activities.
But North Korea continues to use cyberattacks to gain intelligence and in particular to steal funds to prop up the state.

"They've really veered into the crime angle," Read notes. While attempts to curb the behaviour of China, Iran, and North Korea has been limited in its impact, the biggest challenge the US faces at the moment is from Russian interference.

Russia has been blamed for the hacking of the Democratic National Committee and the subsequent leaking of emails. Kremlin-backed groups have also been accused of using disinformation campaigns across social media to stage arguments and undermine trust in the US political system during the 2016 Presidential campaign.

For its part, Russia has denied any meddling. President Putin has denied Russian state involvement in any election meddling, although he did not rule out that Russian hackers might be involved.

"If they are feeling patriotic, they will start contributing, as they believe, to the justified fight against those speaking ill of Russia," he told journalists in 2017. But then, in March 2018 Putin again denied Russian state involvement: "Why have you decided the Russian authorities, myself included, gave anybody permission to do this?" he told NBC News.

US intelligence warns that Russian intelligence and security services continue to probe US critical infrastructures, as well as target the US, NATO, and allies for insights into US policy. Attempts to deter Russian meddling seem to have had little impact.
In December 2016 President Obama responded to revelations about Russian behaviour by expelling diplomats and closing two Russian properties. President Trump added to those moves with new sanctions in March 2018, which had been approved by Congress seven months earlier, and accused Moscow of attempting to hack the US energy grid. Critics said these sanctions did not go far enough.

Indeed, deterring Russia is further complicated by Donald Trump's own response to the hacking revelations. In the Presidential race he, jokingly, invited Russia to hack Hillary Clinton, saying: "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing." And after winning the election he was initially reluctant to blame Russia for election meddling.

The Limits of Naming-and-Shaming
One tactic the US has used with some success is to be more public about Russian attacks; it has also coordinated with other countries to go public. In February 2018, seven nations, the US, the UK, Denmark, Lithuania, Estonia, Canada, and Australia blamed the NotPetya ransomware attacks on Russia, with support from New Zealand, Norway, Latvia, Sweden, and Finland. Similarly, it was the US along with the UK and Australia in April 2018 that complained about Russian interference with routers and internet infrastructure.

Creating a broader coalition makes its condemnation stronger and harder for a country to shrug off. But although naming-and-shaming may have worked against Chinese industrial cyber-espionage (at least in the short term), it doesn't seem to be particularly effective against the Russians. While the Chinese government doesn't like to be embarrassed in this way, Russia seems much less concerned.

While Moscow consistently denies conducting any of these attacks, it doesn't seem to mind the accusations too much, if only because it acknowledges the Russian state's capabilities.

Where does Cyber-Deterrence Go-Next?
There is always the chance that nation states will change their minds about their use of hacking and cyber intrusion.
As recently as 2009 Russia was keen for a treaty with the US covering the use of cyber-weapons. This would have banned countries from embedding code in the systems of other nations and imposed a ban on the use of deception to disguise the source of cyberattacks. The US wasn't interested, however. President Trump has also floated the idea in 2017 that the US and Russia create "an impenetrable Cyber Security unit" to prevent election hacking, but this didn't get very far.

It will likely take years, or even decades, for rules to finally emerge that govern cyber-espionage and cyberwarfare, so countries will continue to jockey for position for years to come until norms are established. 

A failure to establish boundaries accepted by all means that the risk of accidental escalation remains; if the rules of engagement aren't clear, then a relatively trivial hacking incident could rapidly turn into a full-on confrontation.
One further complication is that rival countries have very different definitions of national security and how to protect it, understanding these differences will be key to creating an agreed set of rules. This makes cyberwar a question of language, not computer code.

Other experts from RUSI argue thay the West's adversaries aren't playing by the same rules "so surely it makes sense to continue the conversation and at least start to explore where the boundaries lie." For example, Russia is, among other things, very concerned about the ability of the West to influence its population through the Internet in the way that it did in the past through radio stations, and sees its own election meddling as acceptable through that prism of suspicion.

"It's about continuing the conversation," said Lawson. "If it does take 20 years for norms to appear in part that will be our fault for making the decision not to engage."

But for now, many nations states will judge that using hackers to spy on, disrupt, distract, and steal from rival states remains a cheap, effective, and relatively risk-free option. Until something changes, expect to see plenty more of the same.

TechRepublic

Trump Backs Russia On Election Interference:

Russia Warns UK Against Cyber Retaliation:

 

« MSAB Joins CASE Initiative On Digital Forensics
Digital Shock: Part 1 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.