At the 47th Munich Security Conference in February, cybersecurity emerged as a key issue for the entire world. Regrettably, too much discussion focused on rules of cyber-engagement, a takeoff on The Hague or Geneva Conventions. Many experts are skeptical of this approach because on the Internet, actors and intentions can be hidden in the cyber-mist, a dodge that Russia often uses.
Moscow refuses to sign the only promising agreement, the European Convention on Cybercrime, which has been open for signatures since 2001. The Kremlin does not want to cooperate with foreign law enforcement officials looking into something like the 2007 cyberattacks on Estonia, and it is surely does not want to risk exposure of its links to the thugs who run cybercrime syndicates such as the Russian Business Network (RBN).
As a diversion, Moscow has a treaty proposal of its own. The thrust of its proposal would be to ban media or Internet broadcast of any information that could "distort the perception of the political system, social order, domestic and foreign policy, important political and social processes in the state, spiritual, moral, and cultural values of its citizens." Radio Free Europe/Radio Liberty would be one of Moscow's first targets under such an approach.
Cultivating Talent
During the era of President and then Prime Minister Vladimir Putin, one of Russia's top priorities has been to control information and media networks as well as foreign involvement in the information field. In 2003, Putin reorganized Federal Agency for Government Communications and Information (FAPSI), and its assets and functions were distributed among the Foreign Intelligence Service (SVR), military intelligence (GRU), the Federal Security Service (FSB), and the Federal Protection Service (FSO). The FSB's 16th Directorate is believed to control Russia's reserve force of hackers.
The FSB and the FSO monitor telegraph, telephone, Internet, satellite uplinks and downlinks, and wireless communications. Internet traffic is copied by a system called SORM-2 (System of Operation Research Measures). Internet service providers (ISPs) are even required to train FSB officers to use that equipment to spy on their clients.
And there is no shortage of personnel. After the fall of the Soviet Union, many Russian scientists and mathematicians moved into the commercial world, which includes legitimate business and also cybercrime rackets and clandestine services for the Russian state. Russia has become known for its high-standard, openly advertised hacker schools. Often, fees are covered by unspecified sources. In Voronezh, for example, FAPSI -- as many still call it -- runs what is possibly the biggest and best hacker school in the world. And, in a country where any publication unacceptable to the government is harassed or closed, "Khaker: Computer Hooligan Magazine" thrives. There is no clear law against cybercrime, and it is even semiofficially encouraged -- so long as hackers do not attack the Russian state.
...And Making Mischief?
Russia views cyber-capabilities as tools of information warfare, which combines intelligence, counterintelligence, maskirovka, disinformation, electronic warfare, debilitation of communications, degradation of navigation support, psychological pressure, and destruction of enemy computer capabilities.
The first concrete results of this approach came in cyberespionage. For example, in 1999, the London "Sunday Times" reported that U.S. officials believed that Russia had stolen U.S. military secrets, including weapons-guidance systems and naval-intelligence codes. The cyber-theft was so sophisticated that John Hamre, then-U.S. deputy secretary of defense, wondered whether the United States was losing the world's first cyberwar.
RBN is still a prime suspect in a 2003 attack on Pentagon and U.S. Treasury Department computers. And cyberspies have penetrated the U.S. electrical grid, leaving behind programs -- trap doors --that could be used to disrupt these systems later.
Closer to home, Russia is eager to rebuild a privileged sphere of influence in the former Soviet states and to push the West out. Traditionally, there have been three mutually reinforcing avenues toward this objective. The first is dirty tricks -- energy manipulation, economic embargoes, blackmail, extortion, political subversion, and so on. The second is keeping the post-Soviet space economically dependent on Russia. And the third, as Georgia learned in August 2008, is direct military invasion.
Are We Ready?
Cyberwarfare, of course, is a cost-effective and stealthy fourth way to attempt to subdue the countries on Russia's periphery. Considering the political situation surrounding Estonia's 2007 decision to move the Soviet Bronze Soldier statue from downtown Tallinn, it is incredible that the ensuing cyberattacks came from Peruvian or Vietnamese teenage hackers. Russia, of course, denied any involvement.
Then it was Georgia's turn. The 2008 cyberattacks were a bit more sophisticated. They were coordinated with a kinetic attack and invasion, and, this time, Russian organized crime did little to hide its involvement.
Western computer-security researchers found clear evidence that the attackers used the same attack commands, computers, and botnets -- multiple computers surreptitiously roped together to churn out messages -- used by RBN for criminal activities. RBN was (and probably still is) a group of cybercriminals said to be tied to Putin's inner circle. It has been linked to phishing, malware distribution, malicious code, denial-of-service attacks, and child pornography. After the war on Georgia, RBN evaporated into the ethernet, but the group and its ilk will always find benefactors -- criminals or aggressive states. Some experts believe that RBN was also involved in the cyberoffensive against Estonia.
We must assume that they have learned and applied the lessons of 2008. Russian cyber-capabilities today are better than they were then. In February 2010, Russia published its new Military Doctrine, outlining its objectives in modern military conflicts, including: "The prior implementation of measures of informational warfare in order to achieve political objectives without the utilization of military forces."
In sum, cyberwarfare is here, and it is here to stay. Unless and until there is fundamental change in Moscow, Russia will be ready. Will we be ready?
Khatuna Mshvidobadze is a senior associate at the Georgian Security Analysis Center of the Georgian Foundation for Strategic and International Studies (GFSIS). The views expressed in this commentary are the author's own and do not necessarily reflect those of RFE/RL
Moscow refuses to sign the only promising agreement, the European Convention on Cybercrime, which has been open for signatures since 2001. The Kremlin does not want to cooperate with foreign law enforcement officials looking into something like the 2007 cyberattacks on Estonia, and it is surely does not want to risk exposure of its links to the thugs who run cybercrime syndicates such as the Russian Business Network (RBN).
As a diversion, Moscow has a treaty proposal of its own. The thrust of its proposal would be to ban media or Internet broadcast of any information that could "distort the perception of the political system, social order, domestic and foreign policy, important political and social processes in the state, spiritual, moral, and cultural values of its citizens." Radio Free Europe/Radio Liberty would be one of Moscow's first targets under such an approach.
Cultivating Talent
During the era of President and then Prime Minister Vladimir Putin, one of Russia's top priorities has been to control information and media networks as well as foreign involvement in the information field. In 2003, Putin reorganized Federal Agency for Government Communications and Information (FAPSI), and its assets and functions were distributed among the Foreign Intelligence Service (SVR), military intelligence (GRU), the Federal Security Service (FSB), and the Federal Protection Service (FSO). The FSB's 16th Directorate is believed to control Russia's reserve force of hackers.
The FSB and the FSO monitor telegraph, telephone, Internet, satellite uplinks and downlinks, and wireless communications. Internet traffic is copied by a system called SORM-2 (System of Operation Research Measures). Internet service providers (ISPs) are even required to train FSB officers to use that equipment to spy on their clients.
And there is no shortage of personnel. After the fall of the Soviet Union, many Russian scientists and mathematicians moved into the commercial world, which includes legitimate business and also cybercrime rackets and clandestine services for the Russian state. Russia has become known for its high-standard, openly advertised hacker schools. Often, fees are covered by unspecified sources. In Voronezh, for example, FAPSI -- as many still call it -- runs what is possibly the biggest and best hacker school in the world. And, in a country where any publication unacceptable to the government is harassed or closed, "Khaker: Computer Hooligan Magazine" thrives. There is no clear law against cybercrime, and it is even semiofficially encouraged -- so long as hackers do not attack the Russian state.
...And Making Mischief?
Russia views cyber-capabilities as tools of information warfare, which combines intelligence, counterintelligence, maskirovka, disinformation, electronic warfare, debilitation of communications, degradation of navigation support, psychological pressure, and destruction of enemy computer capabilities.
The first concrete results of this approach came in cyberespionage. For example, in 1999, the London "Sunday Times" reported that U.S. officials believed that Russia had stolen U.S. military secrets, including weapons-guidance systems and naval-intelligence codes. The cyber-theft was so sophisticated that John Hamre, then-U.S. deputy secretary of defense, wondered whether the United States was losing the world's first cyberwar.
RBN is still a prime suspect in a 2003 attack on Pentagon and U.S. Treasury Department computers. And cyberspies have penetrated the U.S. electrical grid, leaving behind programs -- trap doors --that could be used to disrupt these systems later.
Closer to home, Russia is eager to rebuild a privileged sphere of influence in the former Soviet states and to push the West out. Traditionally, there have been three mutually reinforcing avenues toward this objective. The first is dirty tricks -- energy manipulation, economic embargoes, blackmail, extortion, political subversion, and so on. The second is keeping the post-Soviet space economically dependent on Russia. And the third, as Georgia learned in August 2008, is direct military invasion.
Are We Ready?
Cyberwarfare, of course, is a cost-effective and stealthy fourth way to attempt to subdue the countries on Russia's periphery. Considering the political situation surrounding Estonia's 2007 decision to move the Soviet Bronze Soldier statue from downtown Tallinn, it is incredible that the ensuing cyberattacks came from Peruvian or Vietnamese teenage hackers. Russia, of course, denied any involvement.
Then it was Georgia's turn. The 2008 cyberattacks were a bit more sophisticated. They were coordinated with a kinetic attack and invasion, and, this time, Russian organized crime did little to hide its involvement.
Western computer-security researchers found clear evidence that the attackers used the same attack commands, computers, and botnets -- multiple computers surreptitiously roped together to churn out messages -- used by RBN for criminal activities. RBN was (and probably still is) a group of cybercriminals said to be tied to Putin's inner circle. It has been linked to phishing, malware distribution, malicious code, denial-of-service attacks, and child pornography. After the war on Georgia, RBN evaporated into the ethernet, but the group and its ilk will always find benefactors -- criminals or aggressive states. Some experts believe that RBN was also involved in the cyberoffensive against Estonia.
We must assume that they have learned and applied the lessons of 2008. Russian cyber-capabilities today are better than they were then. In February 2010, Russia published its new Military Doctrine, outlining its objectives in modern military conflicts, including: "The prior implementation of measures of informational warfare in order to achieve political objectives without the utilization of military forces."
In sum, cyberwarfare is here, and it is here to stay. Unless and until there is fundamental change in Moscow, Russia will be ready. Will we be ready?
Khatuna Mshvidobadze is a senior associate at the Georgian Security Analysis Center of the Georgian Foundation for Strategic and International Studies (GFSIS). The views expressed in this commentary are the author's own and do not necessarily reflect those of RFE/RL