Science and Tech

Actions

Inside Russia's Cyberattack Capabilities After The SolarWinds Hack

It started with Russian authorities choosing to tap into a criminal hacker network that formed after the Soviet Union fell.
Posted

Soon after taking office, President Joe Biden ordered the intelligence community to investigate a cyber incident. Officials and experts call the SolarWinds hack a Russian espionage operation, penetrating numerous government agencies.

"It certainly fits Russia's long history of reckless, disruptive cyber activities," President Joe Biden said days before inauguration.

Some lawmakers question whether the effort amounts to an act of war. But how did Russia become a formidable threat in the digital world? It’s a story of recruiting, training, — and then attacking.

The Russians chose to tap into a criminal hacker network that formed after the Soviet Union fell — a network that investigative journalist Andrei Soldatov says was made up of the sons and daughters of unemployed military engineers.

"By the 2000s, Russian intelligence and security services understood that in technical capabilities, they were no match to Western security services," Soldatov says. "The Russian security services understood that actually they had this big asset. They can talk to these people. They can recruit them and then they can redirect those activities abroad."

Soldatov says Russia also took advantage of a cooperative relationship with the U.S. and U.K., which were sharing intelligence on bad cyber actors.

"The Russian security services used this information to approach criminal hackers and tell them basically, 'Look, you have a choice. Either you go to jail or you go work for us,'" hey says.

Today, a pipeline of students from technical universities join the ranks of cyber troops. IT companies face their own pressure, which grew more acute after losing Western contracts because of sanctions: 

"The Russian military came to help — they actually started giving these companies big military contracts," Soldatov says.

Russia has taught their own how to conduct some of the world’s most destructive spear phishing, malware, and hack and leak campaigns. 

"It pays to think of Russia as a reconstituted surveillance security state. A lot of resources go into the intelligence services."

Under President Vladimir Putin, who was a KGB officer, their budgets and powers increased. And according to Michael Weiss of the Free Russia Foundation, so did the desire to weaken adversaries blamed for the country’s ills.

"They see the West as the enemy," Weiss says. "They see Western actors as there to be co-opted, countermanded or in certain cases, because I certainly count Ukraine as part of the West, especially now, defeated and eliminated on the battlefield."

Sometimes the tradecraft is paired with psychological and information warfare. And sometimes their work is used against them.

"The guys who are inventing it don't necessarily know how to control what they've invented. They're creating Frankenstein's monster," Weiss says.

Experts say the Solarwinds software breach went undetected since March. Reverse engineers spent countless hours following paths of malicious code that led to dead ends. 

"When we found out, we got to the root of it and found out how deep this problem went, we were blown away," says John Hultquist, vice president of Mandiant FireEye Threat Intelligence.

Renowned cybersecurity firm FireEye alerted the world in December. Hultquist says the targets hackers went after are one way Russia shows its hand.

"We're consistently discovering new victims. This isn't over by a long shot," he says.

Moscow denies being behind the operation. But analysts say Russians will feed the gleaned information from American agencies and businesses to their leaders and policymakers — proving especially useful as the Biden era begins.

"There will be numerous new conflicts and they're going to want the upper hand," Hultquist adds. "This could very well be the most impactful cyber espionage incident we've ever seen."