The Crimean Cyber-Troubles Ramp Up
The intensified Crimean crisis has seen cyber-warfare as one of its main drivers. Dozens of networks in the Ukraine are infected, government systems among them, with malicious software that secretly performs surveillance, sustains privileged access to networks and databases and may even opt to shut systems down altogether. Alongside this advanced of malware, DoS and DDoS attacks continue to overwhelm servers hosting public and governmental platforms. Confirmed reports claim Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks. More disturbing is that attacks that have not been registered yet are posing the biggest threats.
Forensic analysis of the malware now known as Snake provides indications that the source destination is near Moscow, owing to instances of Russian language and a time stamp deduced from its programming. This many-headed monster previously surfaced in successful attacks on military systems in the U.S. Its signature has since been listed in antivirus software. Despite receiving a status of notoriety and having been discussed in Foreign Affairs magazine under its referral name Agent BTZ, the makers have been able to elude protective measures by bringing in new components. As we speculated in the previous post, in the Russian Federation professional cyber criminals apparently act as mercenary forces supporting the Kremlin by directing their malware tools to Ukrainian systems.
The cyber-aggression is not entirely one-sided, given that Anonymous #OpRussia continues to leak state documents. The Americans will actively monitor the impact of the Snake. In private circles they may even welcome a further escalation, all the while watching and learning what the intentions and capabilities of Putin’s henchmen are. Quite plausibly, the NSA will be directed to employ its book of tricks, and this time vis-à-vis a sizeable and worthy opponent.
Meanwhile, NATO is posturing. A partnership with Ukraine that included exchanges of cyber security practices would make NATO a player that is privy to inside information. Dutch Defense minister Hennis – Plasschaert recently stated NATO was close to including cyber-attacks within the territory of member-states as an Article 5 casus belli. Facts on the ground show Lithuania is being hit hard by attacks attributed to Snake, meaning that a cyber-intervention shouldn’t be too far away. Yet this is obviously not going to happen. Even it were somehow possible to jump in the middle of that arena, nothing could be done short of physical destruction of Russian hardware.
‘Everyone more exposed’
In such a stalemate, the risks for Western Europe escalate. Measures, if only symbolic, will need to be taken and NATO may get its way with an emboldened mandate to patrol the cyber domain. U.S. military and financial dominance within the organization will provide a blueprint as to what can be expected. In short, NSA’s monitors will return, and this time they’ll bring an invite.
Beyond what effect such a move may have in terms of privacy and civil liberties, it will negatively obfuscate the information security market. When a small selection of vendors are privy to critical information about security issues, which under the guise of Official Secret Acts cannot be shared, it will hinder the security community from becoming sufficiently knowledgeable. Sharing attack vectors, best-practices and lessons learned are the fuel for our security engine, and hence, our security.
But all may not be lost. Not yet, anyway. There is more to it than hoarding information. An information overload generally results in a lack of clear intelligence on which to act. In crisis situations one should not be mesmerized by the snake’s eyes while it’s constricting your room for maneuver to crush you. Therefore, make sure to monitor your systems, upkeep patching and keep your ear to the ground, but don’t miss the chance to be proactive in activating your organizational landscape. Preparation is key. Contact your security vendors on how they plan to deal with the Crimea issues, keep in touch with your supply chain and partner organizations on whether anything out of the ordinary occurs, and even lobby your political representative to fill this gap in national security.
All these actions may help close the information gap: not sharing the information is not a matter of policy or bad intentions, but a habit.
Your organization will definitely be at a disadvantage when it is multinational, since cyber defense is molded in the frame of nation states. In this case you may be at the mercy of NATO’s blue helmets. And don’t forget about the NSA, you won’t find a more attentive listener.