Pages

Saturday, December 19, 2020

The Cyber Shadow War

Russia is not as powerful as they like to project to the world. But have no doubt that the Russians can cause harm. Cyber-war is one domain that seems to be a constant battlefield.

Russian hackers penetrated government and corporate systems using "supply chains" to propagate their intrusion:

Russian hackers have breached networks belonging to the US government and private organizations worldwide in a widespread espionage campaign that uses the global software supply chain to infect targets.

This started back in the spring, the article states. I posted on that news at the time:

Some of our counter-intelligence people say the Russians are tracking our supply chain problems during the Wuhan Flu response just in case they might need to know vulnerable areas during war[.]

And didn't I warn that Russia's purchase of 20% of American uranium supplies--approved by Secretary of State Hillary Clinton--could give them deep insights into our nuclear supply chain? I wasn't happy with our sale of 20% of our uranium supply to Russia:

We are improving cyber-war focus but more needs to be done. Supply chain security is one area. Honestly, that is the aspect of the Hillary Clinton-approved uranium deal with Russia that worried me--not putting 20% of our uranium supply under Russian corporate rule. What could Russia do with the inside knowledge of that vital supply chain?

My worries on that extend back in time:

The idea that the sale to Russia of 20% of our uranium supply (apart from any Clinton corruption involved) is unimportant because no uranium has been sold overseas is nonsense. How much does Russia learn about our nuclear material processing and system because they are now part of it? Might that not come in handy someday?

Given that we were aware of this issue back in the spring, I don't know if this new hacking story is as significant as it appears. Are cyber security people really "reeling" at the extent when it was public knowledge in the spring?

Why is the government talking about this now? Is it really as bad as some stories are indicating? It just seems odd. The stories note the Russian effort has been going on since the spring. But they seem to imply that we didn't know about it back then. But we did. I read the stories. I posted about them. How did we let the Russian run wild if we had identified them in the spring?

Or did we stop the Russians from doing damage? Did we turn the attack back on the Russians by watching them and inserting our own cyber-espionage programs into their systems but the Russians finally caught on, so that is why we talked about it again? And that is why we are claiming significant scope and damage? I just don't know.

This shadow war never stops, that I know. 

UPDATE: So what am I to make of this?

On Sunday, Russian President Vladimir Putin left his COVID-19 bubble to speak at the 100th anniversary of the SVR's founding, and amid his general praise for Russian security services and the SVR specifically, he slipped in some laudatory words for counterintelligence operations, according to a translation shared by the Kremlin.

Putin denied responsibility for the hacks. Is his praise really a sly way to take credit for the hack? 

Or is it a way to conceal that the hack wasn't as successful as our media (and government sources) is making it out to be?

My gut instinct is that the Russians did not succeed. Russia has a history of energetically pretending to be stronger when it is weak. They've done it about nuclear weapons, so why not cyber exploits?

I just don't know whether I should worry or not from this month's stories. The shadows within shadows in a cyber war make it difficult to see the reality.

UPDATE: Some thoughts on the threat. The Russians aren't as good as you might think because they relied on sloppy company defenses to get in. And this is what I've been saying:

Because so many US government organizations and Fortune 500 companies use SolarWinds to track their own internal processes, SolarWinds’ data could help an adversary better understand economic and government processes at an extremely granular level. As I have explained elsewhere, information granularity allows adversaries to develop and execute exquisite strategies that would be impossible without granular information.

There will be another article to explain more, hopefully including whether this was as bad as the media is saying.

UPDATE: Unless my speculated misdirection is simply breathtaking, I have to conclude that the Russian hack was really bad. How is that possible given that we figured out they were up to something back in the spring?

UPDATE: This seems pretty bad.

UPDATE: The part two after the first update's link. One advantage Russia--the prime suspect--got was making Western governments and businesses less effective using the SolarWinds-enabled processes and by diverting money to fixing the breaches and shoring up their cyber defenses to stop further breaches.