Robert Hackett writes: A report out of Arlington, Va.-based cyber security firm Lookingglass reveals a cyber campaign, allegedly Russian, waged against Ukrainian targets, such as the government, law enforcement, and military. The purpose of the state-sponsored espionage has apparently been to gather intelligence on its adversary, bolstering Russian war efforts.
The researchers dubbed the campaign “Operation Armageddon”. “For the most part the technologies were not advanced,” says Jason Lewis, chief collection and intelligence office at Lookingglass. “It’s not super sophisticated, but it’s certainly persistent.”
Lookingglass researchers worked with neither Ukraine nor Russia in its investigation, sourcing its materials rather from proprietary methods and through sites like VirusTotal, a public database where people can upload and scan files for known viruses.
Often, the researchers found, the hackers stole documents relevant to the outside conflict from victims’ machines, and then used those files to compromise future targets.
Once Ukraine’s interim President announced the start of an “anti-terrorist operation” against pro-Russian separatists in mid-April 2014, the conflict’s cyber activities significantly increased. From this point onwards, waves of cyber attacks from the Russians directly correlated with the timing of military events and were geared towards gathering intelligence to empower themselves on the physical battlefield – a digital method of espionage in its truest of forms.
The Lookingglass researchers, convinced that Russia is the culprit, agree with the Security Service of Ukraine (SBU) that the Russian Federal Security Service (FSB, descendant of the KGB) is to blame. (SBU, too, has called out FSB as being responsible for recent phishing attacks.) “We’re highly confident that the claims the SBU made are accurate,” Lewis says. “We didn’t find any evidence to the contrary to dispute those claims.”
That nation states are using cyber attacks to achieve geopolitical ends should come as no surprise.
Last year, CrowdStrike associated Chinese cyber espionage campaigns with China’s movement into disputed territory in the South Pacific as well as with an ISIS-led takeover of an Iraqi oil refinery. The security firm FireEye FEYE -1.07% found state actors using attack methods similar to those outlined above to target rebel forces during conflict in Syria. The security firm Cylance recently implicated Iran as having probed critical U.S. energy infrastructure, just prior to nuclear negotiations. And then, of course, there are the claims about Sony Pictures Entertainment and North Korea.
Espionage and cyber attacks can give countries that engage in the practice an upper hand in international affairs. “Nation states need to be able to asses how seriously people will take their threats and what they’ll do as result of a threat,” says Adam Meyers, vice president of intelligence at the security firm CrowdStrike, presenting a rationale for digital incursions. “It puts them in a better position to make a credible threat if they know what the response is going to be.”
Indeed, recent reports suggest that Russian spies have penetrated deep inside Ukraine’s intelligence apparatus.
