7 Reasons Why China Isn't The World's Biggest Cyber Threat (And Who Is)

When it comes to threats in cyberspace, conventional wisdom and expert commentary assign the number one slot to the country with the most failed operations. A failed operation is defined within the intelligence agencies of most countries as a compromised operation; i.e., one whose existence was discovered. It's important to note that the attribution of any specific country to any specific attack is an untrustworthy mix of art and science based upon IP address, who was victimized, technical evidence in the code, and what "feels right" to the person or team investigating. Based upon this formula, China has been ceded the top position as the number 1 cyber threat in the world.


Instead, I propose that you put aside the marketing hype, the questionable attribution methods, and the upside-down formula of # of failed ops = greatest threat and re-evaluate the cyber threat landscape through a more rational lens. To that end and in the hopes of stimulating some informed discussion on the topic, here are 7 reasons why the Russian Federation should replace the Peoples Republic of China as the world's most dangerous cyber adversary.

1. Russia is the only nation that has engaged in a military action with a cyber warfare component: The Russia-Georgia War of August, 2008.
2. Russia is the only nation that has engaged in a cyber attack which crippled components of an entire nation's critical infrastructure sporadically over a three week period: The Estonia Cyber Attacks 2007
3. Russia's Prime Minister formerly ran industrial espionage operations for the KGB and still considers such operations an asset to the country.
4. Russia has built a parallel military and civilian information warfare infrastructure that it actively uses against internal and external adversaries. For example, the Federal Security Service's 16th Directorate which is responsible for the interception, decryption, and processing of communications has been recently been identified as Military unit (VCH) 71330.
5. The Russian government funds organizations like the Nashi which engage in cyber attacks and other malicious acts.
6. Individuals closely aligned with the Russian government are prominent venture capitalists who invest in the world's largest social network companies and in U.S. technology startups as a self-funding open source intelligence operation.
7. Unlike China, Russian cyber operations are rarely discovered, which is the true measure of a successful op.

-------------
For full disclosure, my company provides this type of research to corporate clients so that they can better gauge their risk among the world's threat actors.

Add to Cart View detail

The Kremlin's Online Hit Squad - The Nashi - Attacks LiveJournal.com

The popular Russian blogging site LiveJournal.com has been under heavy DDoS attacks from at least two different botnets over the last couple of weeks targeting high profile political dissident and anti-corruption blogger Alexey Navalny as well as other controversial sites. Maria Gamaeva of Kaspersky Labs provides a list of the targets that they were able to pull from one of the botnets used in the attack (the Optima/Darkness botnet).

This apparently all began when Navalny began attacking the current ruling political party (United Russia) by calling them the party of swindlers and thieves. Retaliation followed in the form of spamming Navalny's blogs with derogatory comments. At least one advertisement was found online which offered $14,000 rubles per month for individuals to continue the campaign against Navalny, according to Maria Antonova writing for the AFP news agency. Antonova wrote that many bloggers suspected the Nashi to be responsible for the attacks against Navalny and LiveJournal.

The Nashi was the brainchild of Vladislav Surkov, Chief Ideologue and First Deputy Chief of Staff of the President of the Russian Federation Dmitry Medvedev. Shortly after the Russia Georgia War of 2008, Surkov reportedly told a roomful of Russian spin doctors that "August, 2008 was the starting point of the virtual reality of conflicts and the moment of recognition of the need to wage war in the information field too."("Information Warfare Chronicles" (Yevropa, 2009)).

As I wrote in my book "Inside Cyber Warfare", Surkov intends to use Nashi to enforce the Kremlin’s will regarding RUNET communications, i.e., “Ensure the domination of pro-Kremlin views on the Internet” (published by The New Times Online in Russian, 16 Feb 09). In March, 2009, Surkov
organized a conference with about 20 key people in the Russian blogging community, as well as leaders of the aforementioned youth organizations, some of whom include:
• Maksim Abrakhimov, the Voronezh commissar of the Nashi movement and blogger
• Mariya Drokova, Nashi commissar and recipient of the Order for Services to the Fatherland Second Class medal for her “energetic” work in the area of youth policy
• Mariya Sergeyeva, leader of the United Russia youth wing Young Guard
• Samson Sholademi, popular Russian blogger
• Darya Mitina, former state duma deputy and Russian Communist Youth Union leader

Other attendees included Russian spin doctors who specialize in controlling the messages communicated via the blogosphere. The objective was to work out a strategy for information campaigns on the Internet. It is formulated like this: “To every challenge there should be a response, or better still, two responses simultaneously.” A source who is familiar with the process of preparations for the meeting explained:

• If the opposition launches an Internet publication, the Kremlin should respond by launching two projects.
• If a user turns up on LiveJournal talking about protests in Vladivostok, 10 Kremlin spin doctors should access his blog and try to persuade the audience that everything that was written is lies.

The Nashi is run by the office of the Federal Agency of Youth Affairs' chairman Vasily Yakemenko, who is also the co-founder of the group. Yakemenko's office provides partial funding and is an activist himself. In fact, he's not able to travel in the EU after being declared "persona non grata" by Estonia after organizing a blockade of the Estonian embassy in Moscow in 2007.

The Nashi's other powerful financial supporter is none other than Alisher Usmanov, the largest single shareholder of Facebook investor DST-Global, Inc. who's chairman is Silicon Valley's favorite Russian venture capitalist Yuri Milner. Nashi members have been involved in numerous organized cyber attacks against both external and internal targets which oppose the interests of Russia's leadership. A Nashi commissar claimed responsibility for the Estonia 2007 attacks and numerous cyber attacks as well as physical demonstrations have been mounted against Georgia and Georgian activists in 2008 and 2009.

I expect to see an increase in Nashi attacks as the RF Parlimentary elections in December draw closer. In the meantime, a LiveJournal.com support rally is scheduled for tomorrow April 8th at the SUP offices to encourage bloggers to find other ways to communicate in spite of the LJ outages.

UPDATE #1 (7 APR 2011): AFP reports that President Medvedev posted a condemnation of the attacks against Live Journal today.

UPDATE #2 (8 APR 2011): Novaya Gazeta reports a massive DDoS attack today. The paper often publishes articles critical of the United Russia party. In November 2008 it fired Russian Security Services writer Andrei Soldatov of Agentura.ru for unknown reasons although political pressure is suspected.

Add to Cart View detail