Euro Security Watch with Mathew J. Schwartz

Data Loss Prevention (DLP) , Governance & Risk Management , Incident & Breach Response

No Shock: Russia Confirms 'Cyber War' Efforts

Russian Information Warfare Teams Keep Catching Opponents Flatfooted
No Shock: Russia Confirms 'Cyber War' Efforts
Russian Defense Minister Sergey Shoigu has confirmed that the country has "information operations forces." (File photo)

A funny thing happened on the way to "Cyber Pearl Harbor." The Russians attacked, but few noticed - at least at first.

See Also: ISO/IEC 27001: The Cybersecurity Swiss Army Knife for Info Guardians

The Russian government, of course, has succeeded in waging information warfare campaigns against numerous countries, many of which worried about defending themselves against a military-style cybersecurity first strike that might, for example, have crashed power grids and the internet as a prelude to a ground invasion.

But few seemed to have plans in place for defending against having their democratic processes getting hijacked by leaking stolen data to "dox" targets or seeding fake news.

Now, the Russian government appears to be doubling down on its success, publicly confirming for the first time that is has a "cyber army" designed to wage a propaganda war, according to a report from Russian news agency TASS, which is owned by the Russian government.

"The information operations forces have been established, that are expected to be a far more effective tool than all we used before for counter-propaganda purposes," Russia's Defense Minister, Sergey Shoigu, told Russian lawmakers last week, TASS reported.

"Propaganda should be smart, competent and effective," he added.

Russia's Information Warfare Superiority

Russia has well-honed - and constantly evolving - information warfare expertise. "They rightly claim that they're superior to their adversaries, something that is obvious to any observer," says the security researcher known as the Grugq in a Tumblr post.

Indeed, the story of how Russian information warfare efforts added a large dollop of chaos into last year's U.S. presidential election, and potentially influenced the election - "an amazing influence operation entirely within the cyber domain," according to the Grugq - is now well known. The operation counted among its victims the Democratic National Committee, Hillary Clinton's campaign chairman John Podesta and former Secretary of State Colin Powell.

"Last year, there is no doubt in my mind that the Russian government tried to undermine and influence our elections. They broke into political institutions, invaded the privacy of private citizens, spread false propaganda and created discord in the lead up to an historic vote," U.S. Rep. Michael McCaul, R-Texas, the chairman of the House Homeland Security Committee and an original co-chair of the Cybersecurity Caucus, said in a keynote speech earlier this month at RSA Conference 2017 in San Francisco.

"I was briefed on the situation starting in the springtime," he said. "I pushed both the Obama Administration and then candidate Trump to take public and forceful stands on the issue. But I was disappointed in their response. The crisis was the biggest wake-up call yet that cyber intrusions have the potential to jeopardize the very fabric of our republic."

Muddled Response

But it's unclear how, exactly, targets of Russian propaganda should respond. To date, for example, U.S. cybersecurity defense planning hasn't included counting the country's media outlets as a piece of critical infrastructure that might be disrupted by foreign governments for political effect.

Such questions aren't limited to the United States. In recent months, there have been reports that Russia has been targeting France, Germany and other countries.

"European officials across the board are saying that they're seeing Russian intelligence agencies hacking into political parties; that they're using bots, fake identities on social media, to spread and propagate disinformation to affect their election outcomes," former U.S. counterterrorism official Richard Clarke told NPR on Feb. 17. "This is happening in France every day. It's happening in Germany. And we're seeing reports from other countries of Russian hacking, including Norway and Poland and of course Ukraine."

This is far from the first time that a country has attempted to influence other countries' political processes. "Modern intelligence services have been involved in propaganda for a very long time and they have many names for it: information warfare, political influence operations, disinformation, psyops," says Jonathan Stray, a data scientist at Columbia Journalism School, in a blog post.

"Whatever you want to call it, it pays to study the masters."

Redefining 'Information Warfare'

Russia defines its "information warfare" doctrine in much more expansive terms than the West, which tends to focus on "cyber warriors" and defending critical infrastructure against attack, according to Russian military expert Keir Gile, an associate at Chatham House, a U.K. think tank.

"Information warfare in the Russian conception should not be measured against more recent Western concepts of information operations, or information activities," Giles writes in a NATO report titled "The Next Phase of Russian Information Warfare."

"The entry for 'information war' ('informatsionnaya voyna') in a glossary of key information security terms produced by the Military Academy of the General Staff makes a clear distinction between the Russian definition - all-encompassing, and not limited to wartime - and the Western one - limited, tactical information operations carried out during hostilities," Giles writes.

Apply Two-Factor, Anti-Phishing

Russia has been applying this doctrine in both large and small ways, Giles tells the BBC, including targeting individual solders via their social media accounts, pretending to be someone they trust.

Russia has also weaponized data breaches for information warfare purposes. "Hacking and leaking - which is one of the more effective ways to dox someone - has become a propaganda tactic," Columbia's Stray says.

Any organization or government that doesn't want to get caught out needs to up its information security game, starting with adding two-factor authentication as well as learning to recognize phishing attacks, he says, noting: "I suspect this would prevent 70 percent to 90 percent of hacking and doxxing attempts. It would have saved John Podesta."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.