Cybercrime Links To Russian State Hackers

Uploaded on 2016-09-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

In 2015, there were over one million cyber-attacks on individuals and companies every day, and that is why even the strongest US response to the theft of the Democratic National Committee emails will do little to deter future state-sponsored attacks, cybersecurity experts say.

The sheer volume and increasing sophistication of network attacks provide plausible deniability to state-sponsored groups, like the APT 28 and APT 29 thought to be behind the DNC hack, says Christopher Porter, of cybersecurity company FireEye.

“One of the key factors that makes these Russian operations doable is that sophisticated criminal groups have APT-like capabilities and go after similar targets,” said Porter, whose company first documented APT 29’s ties to the Kremlin in 2014.“The best criminals use some of the same tools that lower-end states might use.”

Recognizing the valuable cover this provides, the “Russian government has been intentionally blurring the lines between cyber activists, criminals and state-paid hackers,” said Jarno Limnell, vice president for cybersecurity at Insta Group Oy.

This makes it hard to conclusively attribute an attack to a particular government, and all but impossible to respond firmly. So Western countries have thus far remained “fairly quiet” in the face of various Russian provocations, and that has only emboldened Moscow, Limnell said.

“The increase in state-sponsored cyber-attacks of Russia is the result of a perception that there is not a significant ‘price to pay’ for such activities,” he said. “Russia will keep pushing more aggressive and sophisticated cyber operations as long as the West doesn’t push back.”

The restrained US response to the DNC theft fits that pattern. When asked about the motives behind the attack, President Barack Obama deferred to the ongoing FBI investigation, and simultaneously acknowledged the reality of Russia’s aggressive online behavior.

“What we do know is that the Russians hack our systems, not just government systems but private systems,” Obama told NBC in a recent interview. “What the motives were in terms of the leaks, all that, I can’t say directly. What I do know is that Donald Trump has repeatedly expressed admiration for Vladi­mir Putin.”

Russia’s information warfare, efforts to create a positive image of itself while “breaking the internal coherence” of its adversaries with tactics ranging from shutting down Ukraine’s power grid to deploying online troll armies to shape public opinion, is the central thread knitting together the country’s theory of Next-Generation Warfare, according to a review of the strategy published last year by the Institut Francais des Relations Internationales.

“The informational campaign is an uninterrupted (bezpriryvnost) strategic effort,” wrote Dima Adamsky, the study’s author and a professor of government, diplomacy and strategy at the Interdisciplinary Center Herzliya in Israel. “It is waged during ‘peacetime’ and wartime, simultaneously in domestic, the adversary’s and international media domains and in all spheres of new media.”

The US government’s response to the DNC leak is unlikely to curtail the Russians’ use of offensive cyber campaigns, said Tobias Feakin of the Australian Strategic Policy Institute. Cyber-attacks and other informational manipulations of the socio-political landscapes are too well integrated into the Russian doctrine.

“The chances are that a strong public response would lead to Russian activity dropping for a short time, but more often than not this would pick up again once they felt the storm had passed, and they had developed new means of achieving the same goals,” said Feakin, the director of ASPI’s International Cyber Policy Center.

Longer-term solutions require a more comprehensive and serious approach, said Porter, who heads FireEye’s strategic intelligence and forecasting arm. Governments must tamp down sophisticated cyber-crime and deny state-sponsored attackers their camouflage. “A lack of attention to cyber-crime has enabled this to be something that’s doable,” he said. “Large-scale cyber-crime needs to be recognized as a national security issue.”

DefenseOne: http://bit.ly/2bbKb7l

 

« Anatomy Of Cyber Jihad
Benefits of Penetration Testing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.