Russian Cyber actors use plausibly deniable outlets to disguise hacks
By Philip Ingram MBE
The UK’s National Cyber Security Centre (NCSC) and US National Security Agency (NSA) have said that the Turla group, a suspected Russia-based hacking group, have been disguising their activities by adopting and using techniques used by suspected Iran-based hacking groups. Effectively masking who was really responsible for hacks. Why would a Russian based group do this?
On 27th April 2007 a massive deliberate denial of service attack was launched against Estonia, causing government webservices, banks and much more to fail. The attack lasted 3 weeks. Whilst suspicion was laid at the feet of the Russians, they denied involvement as they have done with attacks in Georgia and Ukraine. The sophistication of many of these attacks suggest the only possible perpetrator is a major actor with the resources that many believe are only available to states.
With Cyber space not being regulated in the same way as Land, Maritime, Air or space when it comes to international actions relating to war with an equivalent of the Geneva Conventions and Protocols or an Outer Space Treaty, cyberwar and state sponsored cyber attacks are unregulated in international law. To avoid political embarrassment and the possibility of political repercussions the use of a plausibly deniable outlet is key, as without substantive proof there can never be substantive repercussions.
Sun Tzu the infamous Chinese 6th century general and philosopher said in his book the Art of War, “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” The Russians have a doctrine called маскировка (maskirovka) which is all about ‘masking’ or deception and is central to all they do; they follow the philosophy laid down by Sun Tzu allowing them to interfere overseas but be able to deny it. We saw this with the attack on Sergei Skripal in Salisbury last year.
We keep hearing of cyber-attacks from Iran, a closed country with little access to western academia and training, yet they can mount some of the most sophisticated cyber incidents. We hear the same of North Korea, who should have zero access to technology, academia, and extremely controlled access to the internet. However one has to ask why in 2017, TransTelekom, a major Russian telecommunications company that owns one of the world’s largest networks of fibre optic cables and is a full subsidiary of Russian national railway operator, Russian Railways who are owned by the Russian Federation put a fast internet connection into North Korea.
Around the same time, the North Koreans went from having a small nuclear capability with short-range missiles that failed more often than not, to have a hydrogen bomb capability with ICBMs that worked more often than not. No one has explained how that technological advance happened so quickly in a country under strict international sanctions. We have to remember, North Korea got blamed for the Sony Hack and the WannaCry attack of 2017, could it have been a proxy using a plausibly deniable outlet? The why is because they can and want to maintain the ability to influence global activities without repercussions. Why do I suggest this? That is simple, they have history and a doctrine, tried and tested over many years, they also have a paranoia about anti Russian global sentiment reinforcing that inherent need to ‘do something’. Cyber space provided that perfect environment. A smudge of what could be a Russian fingerprint sits over many incidents. Not enough for real proof, but something that always seems to be there.
What is not unusual is that this technique of pretending to be someone else, using a plausibly deniable proxy identity is not that new however, we are likely to be coming more aware of it, have better analytical tools so that the intelligence agencies can be bolder at calling it out. What is of concern is using a plausibly deniable proxy identity could also be used to instigate state sponsored terrorism, especially when online recruiting and radicalisation is so prevalent.
This joint statement today is a clear message to all potential threat actors across the globe from the UKs GCHQ and the US NSA saying, “we are watching you.”
The Russian Bear leading the bald Trump eagle in a game of nuclear Jong
As the globe breathes a sigh of relief over the positive tones regarding a formal end to the Korean War and working towards a de-nuclearised Korean Peninsula, after the meeting between Kim Jong-un and Moon Jae-in, the North and South Korean leaders, we will start to see Donald Trump taking the credit for saving the world from a North Korean nuclear Armageddon. However, we have to ask is all as it seems?
It is very easy to see what we want to see, and a de-nuclearised Korean Peninsula is what we want to see in the same way George Bush and Tony Blair wanted to see Saddam Hussein’s Weapons of Mass Destruction (WMD), so they ensured the world saw that threat…….
We all know how Iraq has turned out because we didn’t open our eyes properly. The intelligence game is all about keeping our eyes open and acting as the conscience for decision makers. Sometimes they listen, often they don’t and when they don’t and it all goes wrong, the intelligence agencies get the blame, not the politicians who made the decisions.
As I look at the Korean issue, I want to start with Russia and ask some of the intelligence game questions.
65-year-old Vladimir Vladimirovich Putin (Влади́мир Влади́мирович Пу́тин) takes a long and global view of his vision to rebuild mother Russia in the image of the USSR but utilising his version of capitalist principals, not communism.
He has effectively been in power since 1999 when he was first Prime Minister of Russia, becoming President in 2000, engineering a break back to Prime Minister from 2008 – 2012 where his close ally Dmitry Medvedev became President, Putin has now been elected for his second 6-year term of this Presidency. He will be setting the conditions to ensure he can retain power long past this second term even if this means another ‘flip’ with Medvedev.
The ‘So What?’ from this is that Putin can afford to take a long-term view of what he wants to achieve for Russia and can use that longevity to bypass any sticky overseas opposition just by playing the long game. He knows perfectly well that the leaders of the countries that oppose him are in power for relatively short periods of time and have adversarial political systems which he can easily manipulate so that dealing with the Russian bear remains a relatively low priority.
Putin is an old-school Russian, almost genetically disposed to see conspiracy from the West aimed at destroying Russia. He hankers after the days of the cold war where things were easy but loves the power and wealth he has in post-Soviet Russia; he is a Russian nationalist almost to fanatical levels, but that is his role, after all, he is President.
As you would expect his politics have created domestic enemies and friends; the difference between them and western political allies and opposition is that they are on the whole hugely wealthy and in their own spheres, hugely influential. Like all wealthy influential people, they also have ambition. Those such as Roman Abramovich and Arkady Rotenberg keep their ambition in line with Putin’s and are considered as friends. Those such as Boris Berezovsky, Vladimir Gusinsky, and Mikhail Khodorkovsky are sent clear messages to toe the line or are exiled or imprisoned. That messaging, as we have seen, is delivered by Polonium 210 or Novichok.
Putin, whilst he is more than happy to ‘go it alone’ is very conscious that his fortune comes from global business and from his long-term view position and historical mistrust of the USA and other NATO countries, he wants to make political and global business alliances. He knows he can control the EU and USA from anti-Russian excesses; Trumps change of mind regarding additional sanctions against Russia whilst Nikki Haley, his Ambassador to the UN, was outlining when they would be implemented is one sign of this. Not quite the eagle has landed and more of the eagle has been warned. Germany signing a gas contract with Russia on the day they issued a statement of condemnation over the Salisbury Novichok attack is another.
Putin sees his route for alliances to be with non-NATO like-minded countries and when their economies are growing, even better. We have been seeing greater cooperation with China and India, we have seen tolerance of Iran and continued massive support for Assad in Syria, but it is China and India I am interested in here.
The South China Seas/Indian Ocean region is seeing the fastest growth of power projection military capabilities of anywhere in the world. India is developing their naval blue water capability, China is doing the same, Japan is responding with constitutional changes and expeditionary capabilities and the disputed Paracel and Spratley Islands are being militarised.
Xi Jinping’s economy continues to grow at almost 7% and he has cemented his political longevity in a way I am sure Putin is envious of. However, with only one-year difference in age, we have two P5 leaders with very long-term political stability and greater economic interaction, in 2015 Russia signed a $400 Bn 30-year natural gas supply agreement with China. They are natural global bedfellows and Russia’s courting of India makes them a natural focus for defence exports as they can pay!
Xi has been seen for a long time as Kim Jong Un’s only ‘ally’ and he is more like a great uncle trying to keep an errant, badly behaved distant nephew in check. However, Dan North from the North Korean Monitoring site 38North.org has identified a company called TransTelekom (ТрансТелеКо́m) has put a fast internet connection into North Korea alongside their older and much slower Chinese supplied connection. TransTelekom is a major Russian telecommunications company that owns one of the world’s largest networks of fibre optic cables. The company is a full subsidiary of Russian national railway operator, Russian Railways who are owned by the Russian Federation. Putin has his fingers in North Korea!
We have seen North Korea blamed for the sophisticated cyber-attack on Sony and the 2017 global WannaCry attack. At the same time, we see North Korea’s nuclear capability go from a warhead of less than 1Kt detonated in 2006 to in 2017 a warhead of an estimated 120-160 Kt exploded. His ballistic missile technology goes from short range to ICBM and failure most times to success most times, over an even shorter period of time. Where is North Korea getting its cyber training and awareness and where is it getting its newfound nuclear and missile know-how and technologies? What has Russia to gain from a relationship with North Korea? These questions have never been successfully answered.
And what of the young dictator, Kim Jong Un the man who starves his people, executes his relatives with anti-aircraft guns if he suspects them of being disloyal or if exiled, executes them in an international airport with VX, a deadly persistent military grade nerve agent? He has new friends who are helping his cyber capability and his missile technology. He has his Chinese ‘great uncle’ who has scolded him for poking Trump bald eagle with his ICBM nuclear stick. He has a need for investment and a pause in his nuclear programme, as his test site has collapsed. He has a long-term view just like Xi and Putin. He has, from his perspective, joined the ‘big boys club’ by getting the US President to come to him and showing the world his conventional and nuclear capabilities. He has given Putin an idea of what using a nerve agent as an assassins’ weapon is like. He has nothing to lose by having talks with Moon and Trump and everything to gain. He has a smug feeling in his belly.
The manoeuvring that is going on between Xi, Putin and Kim Jong Un, whilst it all seems to be separate and not interconnected, is likely to be just that, interconnected. What are Russia and China’s long-term goals and why are they playing with North Korea? There is a wider game at play here and it is probably 3 wider games, the Chinese one of global economic dominance, the Russian one of nationalistic resurgence and the North Korean one of sitting at the top table. The short-sighted view many Western countries will have of what is going on will force them to see what they want to, the cries for Trump to get the Nobel Peace Prize for ‘solving’ the North Korean issue have already started. There is a global alliance here and it may have something to do with the disputed islands in the South China Sea.
We just have to remember some recent historical examples of success and failure. The Chinese economy grows when everyone else’s recedes. Putin annexed Crimea successfully and has a strong foothold in Eastern Ukraine. He has turned Assad’s assumed demise into a winning home run. He has clearly demonstrated the power of маскировка (maskirovka) in influencing elections, referendums and political debates on both sides of the Atlantic. Kim Jong Un has got the President of the USA to come to him. We the West have a less successful record, the debacle of Iraq that resulted in the creation of ISIS and global terror, the failure in Afghanistan allowing the Taliban and ISIS-affiliated groups, to retake many of the areas soldiers blood was spilled to secure initially and Libya with the humanitarian disaster we see with refugees in the Mediterranean.
Who has the long-term vision and who sees what they want? Should we be worried? My view is, hell yes !!……….
Note: This blog is written by Philip Ingram MBE, a former British Army Intelligence Officer who has served in the Middle East and Cyprus. If you would like any further comment from Philip, please contact him by clicking HERE