How Russian and Chinese hackers are different
With all
the arrows pointing at Moscow, the fact remains that the Chinese are also
engaged in cyberattacks on the US government
After a
closed-door meeting with Senate members on February 17 concerning alleged
contacts between aides to Donald Trump and the Russians, there are signs that
whatever FBI chief James Comey said has further motivated support for an
investigation.
These
alleged contacts prior to and after the election are part of a broader
Congressional effort aimed at revealing the nature of Trump’s ties to Russia –
if there are any – and any evidence of Russian hacking of the US election. No
details of what was said during this FBI meeting have been disclosed, but
demand for an investigation by the Senate Select Committee on Intelligence is
gaining traction.
Democrat
Senator Mark Warner of Virginia who serves as vice chair of the Select
Committee expressed his confidence that it could carry out a proper
investigation.
“Election
integrity is essential in the world’s leading democracy; it is part of our
‘critical infrastructure’ and threats to our electoral system must be addressed
with seriousness and urgency,” David J Hickton, founding director of the
University of Pittsburgh Institute of Cyber Law Policy and Security, said in an
interview just a few days ago after a panel discussion at the university
on February 2 entitled, Russian Hacking: What Do We Know and How Is This
Different?
With all
the spotlights turned on Russia, the fact remains that China has also
engaged in cyberattacks on the US government, and these incursions have been
successful to date. That said, there are noticeable differences between how
Russian and Chinese hackers operate.
Hickton,
a former US Attorney, ranks as one of most experienced federal prosecutors of
cyber criminals in the US. He successfully prosecuted five Chinese military
officers, members of the People’s Liberation Army’s Unit 61398, who are now
featured on wanted posters in their PLA uniforms. These five PLA officers were
accused of hacking into several US companies and indicted in a US court, but
have yet to face trial.
Hickton
has been a part of numerous multinational investigations and gone after many
individuals and criminal enterprises all over the world. He has worked closely
with the US Department of Justice’s National Security Division Counterespionage
Section and the DOJ’s Criminal Division’s Computer Crime and Intellectual
Property Section.
“The
Chinese hackers are more proliferative. They wake up in the morning, put on
their uniforms and go to work in an office building,” Hickton said. “The
Russian hackers are more likely to be linked to organized crime.”
This
potential organized crime dimension of the Russian interference campaign aimed
at the US is something he is very familiar with. In July, 2015, after busting
the PLA officers, Hickton was instrumental in “Operation Shrouded Horizon,”
which led to the the prosecution of 12 people for computer fraud conspiracy.
The US along with law enforcement personnel in 20 countries, took down a
computer hacking forum known as “Darkode,” which was extremely sophisticated and
yet only one of roughly 800 criminal internet forums operating worldwide at the
time.
“Through
this operation, we have dismantled a cyber hornets’ nest of criminal hackers
which was believed by many, including the hackers themselves, to be
impenetrable,” said Hickton in 2015.
The
Chinese hackers are more proliferative. They wake up in the morning, put on
their uniforms and go to work in an office building. The Russian hackers are
more likely to be linked to organized crime.
Darkode
was a virtual bazaar where cyber criminals bought, sold and traded “malware,
botnets and personally identifiable information used to steal from US citizens
and individuals around the world,” said the DOJ in a release.
The
release added: “Darkode was an online, password-protected forum in which
hackers and other cyber criminals convened to buy, sell, trade and share
information, ideas, and tools to facilitate unlawful intrusions on others’
computers and electronic devices.
“Before
becoming a member of Darkode, prospective members were allegedly vetted through
a process in which an existing member invited a prospective member to the forum
for the purpose of presenting the skills or products that he or she could bring
to the group.”
Does
Darkode serve as a blueprint for Fancy Bear or Kozy Bear, two of the Russian
hacker groups implicated in the recent Russian cyberattacks? That remains
unclear, and yet, there are some signs that the Russian hacker groups engaged
in a competitive pursuit of their objectives.
Andrei
Soldatov, a Russian investigative journalist who specializes in security
services experts, and cofounder and editor of Agentura.ru, was one of the
participants in the University of Pittsburgh panel discussion. He described how
groups of hackers in Russia, using a range of tactics and techniques, have
evolved steadily. Email hacking is often used by the Russians.
In 2015,
a new level of technology and sophistication was in evidence during the flood
of cyberattacks on Ukraine. As in the case of the hack of emails from the US
Democratic National Committee, two hacker groups spent seven months trying to
figure out how to break into the Ukraine system, said Soldatov.
Because
there is no conventional chain of command, this not only allows for a denial by
the Russian government of any direct or indirect involvement, it also makes it
almost impossible for journalists to find any hard evidence.
However,
at the same time, Soldatov described how by operating outside of the existing
bureaucratic structure, these groups of hackers may actually benefit in the
form of being able to maintain much closer links to the Kremlin. Staying in
close contact with the Kremlin has not always been viewed as the best way to
proceed by these criminal hacker groups, said Soldatov.
Still,
unlike the bureaucracy there, this degree of informal access removes barriers
and restrictions imposed by any bureaucratic rule, thus making the hackers
“more dangerous, adventurous and flexible.” In the end, the tactics and
techniques used by the Russian hackers are all about seizing information, and
then disclosing it or threatening to do so. The Russians can be secretive as
one might expect, but the political leverage they attain is all about timing,
impact and disclosure.
“[The
Russian hackers are] unlike the Chinese who are very good at hacking, but not
publicizing it,” said Soldatov.
Panelist
Ellen Nakashima, national security reporter at The Washington Post, reminded
everyone that the intercepts obtained by US intelligence of Russian officials –
not the hackers themselves – congratulating themselves was very critical to
understanding the ties to the Kremlin.
Luke
Dembosky – a former Deputy Assistant Attorney General for National Security and
former DOJ representative at the US Embassy in Moscow – spoke on the
sophistication of the Russian hacking apparatus which focused on a set of
criminal actors who excelled at getting money out, and setting up networks. As
for the ongoing threat, he was very clear.
“Do we
want people running for office who worry about their daughter’s email being
hacked?” he asked. Later, he spoke about joint counter-terrorism efforts and
how this area of shared concern ensures that the Kremlin remains at the table
with the US.
Just over
five years ago in late January 2012, Mike McConnell, former director of
national intelligence, issued a stern warning that has now struck home.
Not
suspecting that Russia would be so bold or go so far as to unleash a
cyberattack on the 2016 US electoral process, McConnell warned during an
interview with Reuters that
it would take “a banking collapse” or the country’s electric power grid
shutting down for a number of weeks “or something of that magnitude, we’re
likely just to talk about it and not do much. There will be a thousand voices
on what is the right thing to do, and it will probably require a crisis to
reach consensus.”
A retired
US Army General and former Supreme Allied Commander of the North Atlantic
Treaty Organization, Philip Breedlove, who testified before the US Senate
Foreign Relations Committee on February 9, said the US had still not defined
the threat let alone how it would respond.
As for
the prior Russian hacking in Ukraine, and which is now spreading to Germany and
the Netherlands as well as other nations, he described it as a form of
sophisticated, hybrid and below the line warfare. He talked about DIME or the
diplomatic, informational, military and economic muscle that nations can apply
to a variety of situations.
Breedlove
went a step further and said the reticence of President Barack Obama’s
administration to provoke the Russians was the reason why it did not respond
earlier to the Russian influence campaign. This reluctance or unwillingness to
confront the Russians and the consequences of this inaction will be debated for
years to come.
In 2014,
Russian hackers snatched some of President Obama’s emails from the White
House’s unclassified computer system causing one senior official to confide to
The New York Times that the sophistication of the attack was noteworthy, while
another official described the Russian link to the attack as “worrisome.” The
Times’ description of that troubling event was indeed ominous.
“While
Chinese hacking groups are known for sweeping up vast amounts of commercial and
design information, the best Russian hackers tend to hide their tracks better
and focus on specific, often political targets. And the hacking happened at a
moment of renewed tension with Russia – over its annexation of Crimea, the
presence of its forces in Ukraine and its renewed military patrols in Europe,
reminiscent of the Cold War,” said the Times.
However,
a more ominous development involves a further evolution of Russian prowess as
they proceed down this path. They executed their cyber warfare plan of attack
of the US on an immense scale – one not seen before.
While
experts point to Russia’s seeming reliance in the past on a decidedly
decentralized organizational structure with firm ties to organized crime, one
prominent member of the US Senate’s Select Committee on Intelligence told PBS
Newshour on February 14 that Russia carefully assembled a huge group of hackers
to carry out its highly successful influence campaign against the US,
unleashing an unprecedented amount of fake news during the latest election
cycle, among other things.
“There
were literally 1,000 internet trolls working at a single location in Russia
seeking to interfere in our election,” said Senator Warner.
Thus, the
Russians appear to be embracing the practices of the PLA who have maintained a
“hacker hotel” in the suburbs of Shanghai – unless they have recently relocated
– filled with PLA officers who are very good at what they do. And they are
getting better at it each day.
Asia
Times
No comments:
Post a Comment