Russian cyber espionage to become more aggressive The Oxford Analytica Daily Brief ® - Tuesday, December 16 2014 Russia has a large and sophisticated intelligence network combining both traditional human intelligence (HUMINT) agencies as well as signals intelligence (SIGINT) services that focus on electronic communications and eavesdropping. While more traditional forms of intelligence operations will expand in 2015, Russia will also increasingly use its cyber intelligence capabilities to gain valuable insight into Western policymakers thinking and major Western corporations commercially sensitive data. The use of cyber intelligence fits with Russias new method of hybrid warfare whereby deniable and ambiguous operations are used to support or even replace direct military means. Impact - As the economy deteriorates, Moscow will raise spending on the intelligence services. - Russian cyber attacks are an integral element of military operations, used for disruptive espionage. - Western corporations and governments will increase spending on IT security systems and anti-virus software. What next Russia cyber intelligence activities will become more aggressive and extensive in 2015. Cyber intelligence attacks will be a crucial element of Russias new tactics of asymmetric struggle with the West. While Western governments and companies will look to defend themselves with significantly reinforced firewall systems, the threat of company insiders helping to facilitate Russian cyber operations and circumnavigate sophisticated protective systems will grow. Analysis Russia has a number of key organisations that contribute to its significant cyber intelligence capabilities. The Federal Security Service (FSB) The FSB appears to have taken the lead in cyber intelligence and counter-intelligence activities since it absorbed a large portion of the former Federal Government Communications and Information Agency (FAPSI) on its dissolution in 2003. It includes four main elements: The Centre for Radio-electronic Communications Intelligence (TsRRSS) runs both electronic eavesdropping and cyber espionage operations. The Information Security Directorate (UKIB) has a similar role to TsRRSS although it focuses on defensive operations. The Institute of Cryptography, Telecommunications and Computer Science (IKSI), part of the FSB Academy in Moscow, trains computer security and intrusion specialists. The Centre for the Security of Information and Special Communications (TsBISS) also provides security against foreign cyber intrusions. However, as is usual within the Russian system, a range of other bodies also have parallel or secondary roles in cyber intelligence. This reflects bureaucratic rivalries as well as the Kremlins preference to avoid dependence on any single agency. Military Intelligence (GRU) The Sixth Directorate of the GRU (see RUSSIA: Military intelligence revival will gather pace - August 28, 2014) handles the full spectrum of technical intelligence gathering, from spy satellites to electronic interception. A growing element of its portfolio is cyber espionage. The defence ministrys Federal State Research and Test Centre for Electronic Warfare and the Evaluation of Low Observables also plays an active cyber intelligence role. SVR and GRU are primarily human intelligence agencies but will still play an important cyber intelligence role in 2015 The Foreign Intelligence Service (SVR) The SVR is essentially a HUMINT agency (running agents/sources abroad) and more generally comparable with the CIA or the UKs SIS (MI6). However, its Informatics Directorate, while originally purely responsible for information technology support and security, may also be acquiring a secondary cyber espionage role according to some sources (see RUSSIA/UK: Intelligence threat will increase - July 22, 2014). The intense rivalry and jostling for supremacy between Russias intelligence and security agencies will continue, but the SVR will probably increasingly be tasked (along with the GRU -- another predominately HUMINT agency) to recruit agents/sources to help enable cyber operations. Russias cyber intelligence capabilities are of the highest magnitude and penetrating more commercially focussed enterprises should not pose a challenge -- owing to weaker encryption levels of IT systems/data and lower levels of security consciousness among some staff members. However, penetrating highly sensitive government institutions which use military grade encryption and where staff are more alert to the threat of cyber espionage may be more difficult. Such HUMINT agencies may be increasingly tasked to help enable their cyber counterparts by recruiting agents with direct access to secure IT systems to help make the initial breakthrough if remote techniques prove unsuccessful. The Federal Guard Service (FSO) The FSO is charged with protecting senior government figures and buildings. Yet its Special Communications and Information Service (SSSI, or Spetssviaz) not only secures official voice and data channels, it also has a wider role intercepting and decoding foreign transmissions. This extends to a secondary cyber intelligence and security role. Non-official patriotic hackers will give Russia increased deniability and cyber intelligence surge capabilities Non-official Patriotic Hackers These attacks generally demonstrate considerable discipline and professionalism. Hackers tend to work 9-to-5 hours for European Russian time zones, operations run for years, and there is a distinct lack of duplication of targeting efforts. It is probable that such non-official patriotic hacker groups were involved in the 2007 mass cyber attacks against Estonia (see INTERNATIONAL: Hacktivism poses lasting threat - February 15, 2013). In 2015, as Russia continues to probe NATO defences, such non-official, deniable groups will test the alliance and what constitutes a NATO Article 5 violation. Additionally, patriotic hacking groups will help provide an invaluable surge capability if Russia needs to increase its cyber attack capabilities at short notice. Political-military-economic intelligence Cyber attacks have targeted government agencies in the hope of accessing classified information, with particular emphasis on those with a military or security role. Less evident have been intrusions aimed at accessing operational military information, such as troop locations and unit strengths. While this will be a key tactical priority for Russia, it is likely that access to strategic and long-term military secrets -- weaponry designs and NATO militaries long-term planning -- is of greater priority than such tactical military data. As the Russian economy deteriorates in 2015 and cooperation with Western firms declines as a result of the sanctions regime, Russias cyber intelligence bodies will likely be tasked with aggressively targeting major Western firms in various sectors to gain any information or expertise that could be of value. While this is nothing new, it is likely that this trend will intensify in 2015. APT28 Russia was allegedly behind a compromise of the US Department of Defense in 2008. In 2014, cyber security company FireEye reported the presence of a group called APT28, allegedly Russian and suspected of having Moscows backing. APT28, in operation since 2007, is highly sophisticated and targeted the governments of Georgia, some Eastern European governments, NATO and the OSCE. Disruption and distraction In keeping with the evolving new Russian style of warfare that depends heavily on information and political operations in support of direct action intended to slow, deter or misdirect any hostile response, operations in cyberspace carried out by or on behalf of Russian security agencies are often intended to disrupt rather than spy. A classic example would be the coordinated attack on the Estonian government and business systems in 2007 -- never officially linked to the Russian state but widely suspected to have been authorised by state actors. Also, in Ukraine during Russias annexation of Crimea, Ukrainian military communications were crashed by cyber attack. Similarly, during the Russia-Georgia war of 2008, a wide-scale cyber attack hit the Georgian government and military.
Posted on: Wed, 17 Dec 2014 11:55:18 +0000
Trending Topics
Recently Viewed Topics
© 2015