It was too early for dinner by Parisian standards, it was not yet nine in the evening, as for the place was the luxurious seafood restaurant located near the Arc de Triomphe in the French capital.
Amid the clamor of conversation, the cracking of shellfish and the banging of glasses, Yves Bigot could not make out his two phones ringing, before suddenly noticing when he decided to check on them a barrage of unanswered calls, SMS messages and email notifications at an unusually high frequency.
Panicked employees at the nearby French TV5Monde offices were trying to get in touch with their boss Bigot. At that time, suddenly, the chain of channels belonging to the largest French-speaking network in the world began to stop one by one, and hundreds of broadcast screens were closed in the channel headquarters, and in the basement of the building the data of all the servers of the television network were wiped with a methodical speed to the dismay of all the workers in the network , as much as it attracted the attention of millions of followers around the world.
As Mr. Pigot was finally checking his panicked phone notifications, a video message relayed by one of his employees showed an image of the channel's broadcast, and pictures of its social accounts, but instead of the usual turquoise signs of the channel's logo, the "Islamic Shahada" was prominently written in black and white, and above it was written in French. The phrase “the cyber caliphate.. we are the Islamic state.” At first glance, it seemed that the operation was a new boom in the activities of the organization stationed at the time in Iraq and the Levant, which accounted for the lion’s share of the interests of politicians and media coverage at that time.
The penetration of the French channel and the rates of penetration of the Islamic State (Reuters)
It took an entire night of a professional team to regain control (1), and subsequent nights when everyone believed that the jihadist organization's electronic units were responsible for the unprecedented attack. But what is remarkable is that the “Islamic State” did not claim responsibility for the incident, as it is usual in such operations, and as the messages broadcast after the hack showed, so it took the intelligence agents several weeks to conduct the search and identify the perpetrators, and two months later, they submitted France's cyber security agency to Mr. Pigot has finally given its report containing the truth.
The surprise was that the attack was not the work of "ISIS" or any other jihadist group, but investigations confirmed that the responsibility lies with a group of hackers known as "APT 28", one of the most famous Russian hacking groups (2) Which had previously targeted huge and sensitive targets, starting with the former "Academy" or "Blackwater" company, through "SAIC", an American defense and intelligence contractor, to the French and Hungarian defense ministries, and some NATO military institutions NATO, the Organization for Security and Cooperation in Europe, and the US State Department.
It was not more than a year since this attack - specifically in the spring of 2016 - that "Abt 28" returned to the fore again, but this time with a more daring operation, when the same group penetrated the servers of the Democratic National Committee, and leaked thousands of files that contributed to the discredit of Democratic presidential candidate Hillary Clinton. Clinton did indeed lose the election that year to her Republican rival, Donald Trump, Moscow's favorite, leaving the United States in the midst of an unprecedented debate about the effectiveness and integrity of its democracy, and whether a group of foreign hackers have remotely succeeded in manipulating the outputs of American democracy.On the other side of that heated debate, the ghosts of the Cold War are back on the horizon. A weak Russia is back today to launch its attacks in the heart of the free world, perhaps more effectively than at any time since the end of the Soviet era, and with the least investment in military assets. And most importantly, with the slightest chance of bearing any responsibilities or consequences.
The New York Times (3) tells the story of Alexander Villaria, a 34-year-old Russian computer programmer who, until recently, believed his job was solely to protect Internet users from hackers and hackers. Villaria did not expect that circumstances would force him to flee to Finland, after his country asked him to take part in a completely opposite mission, as part of what she described as a "comprehensive reform of the Russian army".
Villaria was very specialized in protecting websites from DDos attacks, a technique to bring down websites by creating a fake heavy traffic, and among his clients were many of the country's opposition and independent newspapers and media, when he was invited in 2015 to accompany Vasily Brovko, an agent of the Russian military contracting company Rostec, is on a trip to Bulgaria to attend an introductory program for a suite of new software capable of launching DDoS attacks. At the time, Villaria was asked to take a job developing this software, which the Russians were planning to buy from Bulgaria for $1 million.
Villaria chose to decline the offer and fled to Finland for fear of repression, but later that year Bulgarian hacking software was employed in Ukraine, specifically in attacks on the Defense Ministry's website and some of the country's press centers.
The Viaria story is not an isolated incident in Russia. Over the past years, Moscow (4) has invested a lot of money in recruiting professional programmers, or university students, to form an army of decentralized teams of hacker elites who today only serve the Kremlin's goals.
The US Department of Justice hangs posters of Russian hackers wanted by the FBI (Reuters)
The establishment of this army began almost ten years ago, and today it has very developed capabilities, with a massive budget of 50 billion US dollars (5) allocated during this period to meet the requirements of the newly established military cyber structures. This cyber army is employed in structures that obscurely follow the various Russian security services, led by the Information Security Unit (TSIB), of the Federal Security Service (FSB), and the Military Intelligence Service (GRU), which in recent years have become among the largest purchasers of equipment and technology designed to carry out Electronic attacks.
On VKontakte, the most popular social network in Russia, one can spot a frequently posted clip showing a man with a military rifle on a table next to a laptop computer, before he begins writing codes on it. The clip offers an invitation to technicians and university graduates to join units known as "squadrons of science", operating in the special conditions of luxury inside the bases of the Russian army. It was not long before Moscow decided to expand its efforts to also include hackers and hackers operating outside the law in the deep web, efforts that were not in the limelight, before "Ruslan Stoyanov" detonated his own bomb in April 2017, revealing many details that have been hidden for many years.
Stoyanov, a former security expert at the Kaspersky Technical Laboratory, is currently in a famous prison in Russia for treason, after he published a controversial message, in which he claimed that the Kremlin had recruited outlaw computer hackers to help him in his various electronic campaigns. in exchange for granting them immunity from prosecution.
About a month before the Stoyanov message appeared, the US Department of Justice indicted four (6) people of involvement in the hacking of 500 million Yahoo accounts and the seizure of their data, including two known agents of the Russian Federal Security Service (FSB).
According to the accusations, the two agents used their powers to hire the services of two hackers, Alexei Bilan and Karim Baratov, to hack Yahoo with the aim of obtaining information about some Russian journalists, government officials and prominent businessmen.
Since 2009, at least 18 Russians have been placed on wanted lists in the United States for piracy-related charges. In fact, this number is considered relatively small, compared to a World Bank study confirming that Russia today has more than one million people specialized in software research and development (7), while hosting nine of the 15 best programming universities in the world, producing a huge amount of talent In this field, but with legitimate job opportunities scarce due to the country’s poor economic condition, many young programmers are rushing to break the law, and illegal Russian hackers are among the most efficient in the world, with nearly 40 large cyber groups operating within the confines of the country. The country, groups that carried out dozens of the most sophisticated electronic hacking operations globally to serve the interests of the Kremlin during the past two decades, starting with the countries of the former Soviet Union, ending with Europe and the United States itself.
Although the buzz about Moscow's cyber strategy did not appear to the public until about the last seven years (since the start of its war in Ukraine), Russia's attempts to use the Internet as a weapon actually began long ago (8). In October 1996 the Colorado School of Mining was subjected to a rare and highly sophisticated cyber attack, especially if we look at it according to the standards prevailing at the time.
The school was linked to a training contract with a US Navy agency, which required a joint connection with it through Internet servers, which hackers exploited to penetrate a server within the school’s computer servers, called “Baby Do”, taking advantage of a vulnerability in the “Sun OE4” operating system Through them, they infiltrated the servers of the Navy, and from there to the servers of the US space agency "NASA", the National Oceanic and Atmospheric Administration, the US Air Force, and many US schools and universities. For more than two years, hackers continued to collect information at night, so the operation was later dubbed "Moonlight Labyrinth", before it was finally revealed to become the first documented operation of Russian hackers, using the Internet to collect information from inside United State.
Operation Moonlight Labyrinth was a much more sophisticated interception phrase in the world of electronic espionage at the time. Over the next decade, electronic warfare was not a rich topic of discussion in the world of intelligence and military, before Moscow itself brought it to the fore again (9), not only as a means of espionage with the aim of collecting and retaining information, or even declaring it and using it to change the outcomes of the political process In the targeted countries, as happened in the hacking of the servers of the American Democratic Party Committee in the period between 2015-2016, but also as a direct means of war that contributes to destroying or disrupting the main goals, either with the aim of depriving the opponent of its capabilities, or imposing significant costs on it during the confrontation direct military.
In contrast to the direct military targeting of infrastructure, using guided missiles or warplanes, for example, which requires a special detailed plan for each target, and is often loaded with the costly consequences of military intervention, electronic warfare techniques represent a less costly way to disrupt the vital infrastructure of the opponent while fighting wars. Therefore, operators linked to Russia have carried out a variety of operations against their opponents' critical infrastructure, and Russian hackers have installed pieces of malicious code on a variety of key targets, particularly in Europe.
In this context, there are two notable cases that deserve attention. The first is the aforementioned “TV5Monde” attack in April 2015, in which hackers succeeded in gaining access to key parts of the channel’s network that are not easily accessible, and the targets included the mail system. and administrative systems, as well as broadcasting systems, causing damage estimated at €5 million, plus many times that amount of investment in new cybersecurity measures.
Le site et les antennes de TV5MONDE subissent en ce moment une attaque pirate de grande envergure.
Nos equipes sont sur le pont.
A bientôt.
— TV5MONDE (@TV5MONDE) April 8, 2015
Tweet by "TV5 Monde" saying that it is under a major cyber attack
Another example is the attack on Ukraine’s power grid in December 2015, when the “Ivano-Frankivsk” region of western Ukraine fell into complete darkness, after digital hackers manipulated about sixty switches and substations throughout the system, causing In cutting off electricity to more than 250,000 people, the hackers also launched a coordinated attack on the phone network of the electricity company itself, which made it more difficult to communicate with customers, not to mention the disruption of the company's backup generators, which left the technicians themselves in the dark. Either way, it took the hackers several months to scan the target in order to develop a custom malicious code capable of doing a great deal of damage to a wide range of its components.
These advanced and expanding operations tell us a conclusive truth, which is that Russia today has a broader concept of information warfare than the world knew before (10), which includes intelligence, counter-espionage, deception and disinformation, electronic warfare, weakening of communications, psychological pressure, information systems and propaganda. Moreover, Russia's method of conventional warfare now includes implicitly the use of information warfare. This expanded concept is consistent with current Russian military doctrine, which states the importance of “the prior implementation of information warfare measures, in order to achieve political goals, without the use of military forces.”
This new doctrine was the brainchild of the Russian Chief of Staff and current Deputy Defense Minister, Valery Gerasimov.
From the point of view of "Grassimov", and according to what he wrote in his famous article in the "Social Industrial Korea" magazine, which is interested in Russian military strategy, under the title "The Value of Science in Prediction", the Kremlin lives today in the midst of a complex world that contains political, economic and military forces and alliances that exceed the capabilities of its capabilities. Moscow at the moment.
But for Gerasimov, Russia today does not need to match the military might of Europe and the United States in order to be able to achieve its geopolitical goals.
Russian President Vladimir Putin and Chief of Staff Valery Gerasimov (Reuters)
According to what became known as the “Gracimov Doctrine” (11), most of today’s world conflicts do not require much military investment as much as they need to mix intelligence, technology, economic, diplomacy and information power, and the employment of neutral assets such as peacekeeping forces, for example, in a mixture that does not represent strength. Military has more than a fifth, or what is known as the "4:1 Grasimov mixture". This doctrine came as a reflection of the bloody experience of Chechnya in the eighties, which made the Russian military doctrine concerned, especially with the close relationship between the scarcity of information and the high costs of war.
Russia, then, differentiates between two concepts: the reality of power, and the perception of power, which means the way your power can be seen by opponents. With a militarily weak Russia compared to its opponents, and with a crumbling economy that cannot bear the burden of foreign military operations (12), this method provides effective solutions for Moscow in several ways: first, that apart from the strategic investment, it does not require a large operating cost for each operation, and secondly, it gives the impression Third, it often provides an effective way to evade international consequences, as it is difficult to link these operations definitely to government orders by tracing this complex network of hackers and financiers.
But the alliance with demons is not without consequences, too. In January 2017, for example, Kommersant, a media linked to the Kremlin, reported that the heads of Russia's information security centers "Tsyp" were under investigation and that they would soon leave their posts. Tsip is Russia's largest inspection body when it comes to domestic and foreign Internet capabilities, including hacking, and it oversees security issues related to credit data, financial information, data and social networks, and apart from its information-gathering role, Tsip is also assumed to be the The body charged with planning and directing the Kremlin's electronic operations.
One week after the report was published, longtime TTS director Andrei Gerasimov tendered his resignation, before reports emerged from several Kremlin-linked media about the arrest of TZP's top officers. The Internet (13), called “Sergei Mikhailov”, in addition to his deputy, “Dmitriy Dokushev”, and “Ruslan Stoyanov”, the chief investigator of the “Kaspersky Laboratory”, which is the main contractor for cybersecurity in Russia, was also arrested at the same time, and all of them were charged with Treason.
The trial of "Sergei Mikhailov" and "Ruslan Stoyanov"
Russian news reports said that "Mikhailov" (14) passed on classified information to US intelligence regarding investigations into the hacking of US elections, claiming that the cooperation of the Russian officer was what enabled the United States to publicly accuse Moscow of hacking its elections. But other media outlets have linked the arrests to the activity of the prominent Russian hacking circle "Shaltai Poltai", the Russian name for the character "Hompty Dumpty", which is linked to a series of high-profile hacking operations targeting senior Russian officials, in which the group was implicated in leaking emails from an account operated by an aide. President Vladislav Surkov, who oversees Russian activities in eastern Ukraine, has also previously hacked the email of former Russian Prime Minister Dmitry Meddev.
The leader of the Shaltai Poltai group, codenamed "Vladimir Anikiv", was arrested in October 2016 on charges of illegal hacking of official data. A Russian television station called Tasgrad TV claimed that the CIA sponsored a group called Anonymous International, to engage Shaltay Bultai along with Mikhailov and his team in work for Washington against Russia, and the report claims that the CIA wanted to Mikhailov and his team infiltrated one of Russia's largest financial institutions, Cyberbank, to collect data on Russians that the CIA could use to manipulate public opinion ahead of the upcoming Russian national elections.
Although there are gaps in the story adopted by Tasgrad TV, the most important of which lies in the fact that Washington itself was, until recently, a target for the operations of “Anonymous International”, the emergence of this story to the public shows the confusion that Moscow felt about the possibility of re-using its electronic circuits against its interests. , especially since most of these groups do not have real ideological allegiance (15).
In fact, Moscow is aware of the danger of working with the devil from the beginning, so it has assigned its cyber-power file to the two most powerful security agencies in the country, but at a time when Moscow is expanding the use of the Internet as a weapon, the risks of this plan backfire on its interests also rise significantly, while he tells us History is that, as good as the Russians are at recruiting demons, they always seem less adept when they need to get rid of them.
Sources
Russia mobilises an elite band of cyber warriors
APT28: A Window into Russia's Cyber Espionage Operations?
How Russia Recruited Elite Hackers for Its Cyberwar
Hackers for hire: Ex-Soviet tech geeks playing outsized role in global cyber crime
Russias increasing cyber capabilities underestimated
Untangling the Web of Russia's Cyber Operations
Russian Cyber Strategy – The New Battle Zone
Russia and Cyber Operations: Challenges and Opportunities for the Next US Administration
Timeline: Ten Years of Russian Cyber Attacks on Other Nations
Russian Cyber Capabilities, Policy and Practice
The 'Gerasimov Doctrine' and Russian Non-Linear War
A very short introduction to Russia's cyber strategy
3 people, including two intelligence officers, charged with high treason in Russia
Making Sense of Russia's Cyber Treason Scandal
Russia's rise to cyberwar superpower