Actionable news
All posts from Actionable news
Actionable news in FEYE: FireEye, Inc.,

Cyberspace Becomes Second Front in Russia’s Clash With NATO

Russian computer attacks have become more brazen and more destructive as the country grows increasingly at odds with the U.S. and European nations over military goals first in Ukraine and now Syria.

Along with reported computer breaches of a French TV network and the White House, a number of attacks now being attributed to Russian hackers and some not previously disclosed have riveted intelligence officials as relations with Russia have deteriorated. These targets include the Polish stock market, the U.S. House of Representatives, a German steel plant that suffered severe damage and The New York Times.

U.S. officials worry that any attempt by the Russian government to use vulnerabilities in critical infrastructure like global stock exchanges, power grids and airports as pressure points against the West could lead to a broader conflict, according to two people familiar with the debate inside government and who asked to not to be named when discussing intelligence matters. When NATO officials met last week, they voiced alarm about Russia’s rapid involvement in Syria, including the firing of cruise missiles, and vowed the biggest reinforcement of their collective defense since the end of the Cold War.

A policeman stands guard outside of the TV5Monde building after the cyber-attack in Paris, on April 9, 2015.

The Warsaw Stock Exchange is but one example of the heightened cyber-activity. Hackers who rifled the exchange last October, in a breach that set off alarms among Western intelligence agencies, proclaimed they were Muslim militants angry over Poland’s support for a bombing campaign against the Islamic State.

"It’s beginning," the group posted online in a file-sharing site called Pastebin, heavily used by the cyberunderground. "To be continued! Allahu Akbar!"

While stealing some data, the attackers also made dozens of client logins public, opening the exchange’s systems to additional chaos from cybercriminals of all stripes. It was sabotage by crowd-sourcing.

Except the infiltrators weren’t Islamic militants at all. Behind the smokescreen was a group of hackers with ties to the Russian government, according to three people familiar with the Polish investigation. The incident was viewed by Polish investigators as a stark warning to the country, a member of the North Atlantic Treaty Organization intent on driving a strong alliance response to Russia’s moves in eastern Ukraine.

The attack on the exchange, which said in a statement to Bloomberg News that the trading platform wasn’t affected, has prompted the Polish government to begin an upgrade of computer systems in government offices, the financial sector and hospitals, said one of the people.

As in other domains, Russians acting directly for the government or with its approval are testing the boundaries of the cyberbattlefield, according to an assessment by U.S. intelligence agencies. The attacks are often called state sponsored by security companies working to arrest the damage, though it is difficult to ascertain which ones might have been done by intelligence agencies and which ones by criminals with access to sophisticated tools hoping to curry government favor.

"They have let loose the hounds," said Tom Kellermann, chief security officer at Trend Micro, a Tokyo-based security firm.

Dmitry Peskov, a spokesman for the Kremlin, rejected suggestions that Russia is behind the attacks. "These are absolutely unsubstantiated allegations, which are often absurd," he said. "We also have been the targets of attacks, which again shows that everyone can just as easily be subject to such attacks. International cooperation is required to expose and deal with these threats. But unfortunately, we don’t always see a constructive approach on this issue from our partners."

Possible Miscalculations

Russia is called America’s biggest cyberthreat by U.S. Director of National Intelligence James Clapper, and it appears more willing than ever to push up against U.S. doctrine, which holds that destructive hacking attacks could be considered acts of war. So far, the U.S. has not made any public response to the suspected acts.

Cyberspace is a messy arena for fighting. Miscalculations, even by skilled operators, are common, fueling concerns about what could happen to essential infrastructure. And Russia is one of the few nations that intelligence officials say can successfully mask its identity in cyberspace, even from the U.S. National Security Agency.

The attacks, though, are mounting, leaving officials looking for ways to redraw lines that have already shifted significantly over the last 18 months.

Raising alarms in Europe, Russian hackers damaged a blast furnace early last year at a plant in Germany owned by ThyssenKrupp AG, the country’s biggest steelmaker, according to four people familiar with the...