The Russia-NATO Cyber War Is Escalating Fast

Fears are rising that the boundaries of the cyber war between Russia and NATO could soon spread beyond Europe.

Eight cybersecurity authorities from the so-called “Five Eye” nations (United States, United Kingdom, Australia, Canada and New Zealand) released a joint statement on Thursday warning that more malicious cyber activity is on the way as Russia’s invasion of Ukraine continues to undermine geopolitical stability.

Before we look at the statement in any depth, an important five-pronged caveat is needed:

  • Both the US and the UK are among the primary antagonists in NATO’s ongoing war with Russia;
  • They both have significant offensive cyber war capabilities of their own;
  • US intelligence agencies, at Obama’s behest, have drawn up a list of potential overseas targets for cyber attacks;
  • Both countries have surreptitiously conducted vast surveillance programs, targeting not only their own populations but also citizens and government leaders of other countries;
  • The world right now is in the grip of the biggest information war of this century.

As such, any information coming out of the Five Eyes’ intelligence services should be treated with a healthy dose of skepticism. That having been said, here are the first three paragraphs of the missive:

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory. The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.

The document also emphasizes the frontline role likely to be played by Russian state actors, including the Russian Federal Security Service (FSB), the Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), GRU’s Main Center for Special Technologies (GTsST) and the Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM) of the Russian Ministry of Defense. Clearly, Russia has the capability to launch a barrage of cyber attacks against the west; the question is: does it want to?

The authors of the document urge critical infrastructure organizations to take immediate steps to protect against cyberattacks. Those steps, they say, should include patching known exploited vulnerabilities, updating software, enforcing multi-factor authentication, securing and monitoring remote desktop protocol (RDP) and other “potentially risky” services, and providing end-user security awareness and training. As The Register, a British technology news website, notes, if any of these recommendations come as a surprise to critical infrastructure operators, “we’re screwed”.

The warning from the “Five Eye” nations comes just days after NATO began (as Bloomberg puts it) “the largest and most complex ‘live-fire’ cyber defense exercises” ever conducted. More than 2,000 people from 32 nations were expected to participate in the war game, which began on Tuesday in Tallinn, Estonia. They include representatives of five to 10 large global financial institutions, including Santander and Mastercard.

This is all happening as fears rise that the boundaries of the cyber war between Russia and NATO could soon spread beyond Europe, where attacks have been registered not only in Ukraine and Russia but also Poland and Finland. On March 21, President Joe Biden warned American businesses to prepare themselves for cyberattacks. Russia is likely to deploy cyber attacks as a form of retaliation against US sanctions, Biden said, adding that Russia has “a very sophisticated cyber capability,” which Putin “hasn’t used… yet” but which forms “part of his playbook.”

Cyber War Reaches Latin America?

Over the past week, two Latin American countries, Costa Rica and Puerto Rico, have suffered major cyber attacks targeting key national infrastructure. In Costa Rica a wave of attacks on Wednesday temporarily disabled websites belonging to the Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunication, the Costa Rica Social Security Fund, the National Meteorological Institute (IMN) and the Costa Rican Radiographic Institute (Racsa).

Following the attack the Ministry of Science’s Director of Digital Governance, Jorge Mora, noted that the digitization of governmental activities creates risks as well as benefits. As for who was responsible, Mora said a US$10 million ransom demand had been posted on the dark web by the Conti Group, a pro-Russian ransomware gang that has threatened to deploy retaliatory measures if cyberattacks are launched against Russia. The Costa Rican government has ruled out paying a ransom, which prompted Conti Group to issue one last ultimatum: pay up or all the data gets released.

Costa Rica is a curious choice of target given the country, like Mexico, follows a policy of neutrality regarding foreign wars. In fact, Costa Rica has not had an army for 73 years. That said, the Costa Rican government is one of a small number of Latin American countries to have agreed to apply US and EU sanctions against Russia within its financial system. It has also suspended broadcasts of Russian state-backed media outlet RT.

Puerto Rico, being a so-called unincorporated territory of the United States, is a more obvious choice of target. In the past few days the country’s electronic toll collection system was brought down by a cyber attack. Local media reported Tuesday (April 19) that the attacks had begun over the weekend and had affected a mobile application, the collection systems at toll plazas, and a website. The website was up and running again by Tuesday but users were still reporting service irregularities as of this writing.

Puerto Rico’s Interior Secretary Noelia García said the hackers have demanded a ransom to restore the system, which the government says it will not do. García also insisted that users’ encrypted data such as credit card details are safe. According to Ngai Oliveras, the Puerto Rican government’s chief of security, the FBI is investigating the attack, which it is believed could be linked to the war in Ukraine.

This is not the first major cyber attack to target key public infrastructure in Puerto Rico in recent months. In January, the website of Puerto Rico’s senate as well as its internet provider and telephone systems were temporarily taken out. In October 2021, the capital’s electricity provider fell victim to a DDoS attack that resulted in a power outage affecting more than a million people. In a DDoS attack hackers inundate a website with so many bots connecting to it all at once, they render it inaccessible. Servers are not breached, data is not stolen but it can still cause lots of disruption.

The Digital Side of Russia-NATO War

Both sides of the NATO-Russia conflict took the battle to the cyber sphere from day one. In the case of Russia, it has been attacking Ukrainian targets since mid-January, weeks before the war even began. At the very onset of its invasion of Ukraine, “U.S. intelligence and military cyber warriors were advocating the use of American cyberweapons on a scale never before contemplated.” That was according to a February 24 report out of NBC titled “Biden Has Been Presented with Options for Massive Cyberattacks Against Russia.”

In an interview with MSNBC two days earlier, Hilary Clinton praised hacker group Anonymous’ for launching coordinated cyber attacks on Russian targets.

“There were reports overnight that Anonymous, a group of hackers, took down Russian TV. I think that people who love freedom, who understand that out way of life depends upon supporting those who believe in freedom as well, could be engaged in cyber support for those in the streets of Russia. We did some of that during the Arab Spring when I was secretary of state. I think we could also be attacking a lot of the government institutions, and you know the Oligarchs and their way of life through cyber attacks.”

 

 

The hacktivist group DDoSecrets, which specializes in hacking and then publishing compromising data, has also been busy since the war began. According to Micah Lee, an operational security analyst at The Intercept, the group has so far amassed seven Russian datasets from March and a further 20 from April. Among its targets are Roskomnadzor, an agency that monitors and censors mass media; Transneft, the world’s largest oil pipeline company; Rosatom, the state nuclear energy agency; the Russian Orthodox Church’s charitable wing and the Russian Central Bank.

On the other side of the conflict, cyber attacks have played a constant, if somewhat muted, role in Russia’s invasion. The targets in Ukraine have included government websites; the mobile apps and ATMs of the country’s largest banks; and the websites of non-profit organizations, tech companies, the Ukrainian military and Security Service (SBU).

“We are now witnessing the first real cyberwar,” Natalia Tkachuk, the head of Ukraine’s Information Security and Cybersecurity Service, told The Record, a cyber security news publication belonging to Recorded Future, a Massachusetts-based cybersecurity firm:

[M]any cyber attacks on government institutions and critical infrastructure are coordinated and planned by the Russians in order to cause maximum damage to Ukraine. Most of the attacks are now aimed at government agencies, energy, telecommunications and banking sectors. In most cases, the main purpose of the attacks is to destroy information using various data wiper malware.

We can’t say that there is necessarily an increase in the number of the attacks, rather we can note the increased coordination of efforts in the preparation of attacks on a particular sector. Such targeted and dangerous attacks come in waves, amid the static noise caused by a large number of overall cyber incidents and small attacks.

Fake News and Bank Runs

Concerns are also rising about potential attacks on financial institutions, particularly in Europe. On April 1, the European Banking Authority issued a warning about the risk of fake news triggering a run on European banks. Per Reuters:

“As market sentiment remains highly volatile and driven by news flow, banks’ liquidity levels can become vulnerable due to spread of inaccurate information,” the European Banking Authority said in its latest “risk dashboard”, which focused on exposures to Russia and Ukraine.

“Such campaigns that spread inaccurate information may result in deposit outflows from targeted banks,” EBA said.

EBA said exposures of banks in the bloc to Russia are too low to threaten financial stability, but economic fallout from the war in Ukraine and cyber attacks could hit the profitability of lenders.

EU banks had exposures totalling 76 billion euros ($84 billion) to Russia and 11 billion euros to Ukraine in the fourth quarter of 2021, mainly among Austrian, French and Italian lenders.

“Based on the EBA’s initial assessment, direct exposures to Russia, Belarus and Ukraine are limited, but second-round effects may be more material from a financial stability perspective,” it said.

Second-round effects include direct economic fallout of the war such as the fiscal impact, the impact of sanctions, elevated risks from cyber attacks, and the longer-term impact on supply chains in the global economy, EBA said.

The EBA’s warning bears a striking resemblance to a scenario featured in a 10-country simulation of a major cyberattack organized by the Israeli government in December 2021. As Reuters reported at the time, the simulated cyber attack, dubbed “Collective Strength”, took place over 10 days, “with sensitive data emerging on the Dark Web along with fake news reports that ultimately caused chaos in global markets and a run on banks.”

Participants in the Collective Strength simulation included treasury officials from Israel, the US, the UK, Austria, Switzerland, Germany, Italy, the Netherlands, the United Arab Emirates and Thailand, as well as representatives of the IMF, the World Bank and the Bank of International Settlements, the central bank of central banks. The participants discussed a range of policies for responding to the simulated crisis, including a coordinated bank holiday, debt repayment grace periods, SWAP/REPO agreements and coordinated delinking from major currencies.

The simulation took place after a string of cyber attacks last year caused serious disruption to banks and other financial institutions in Pakistan, Ecuador, New Zealand and Venezuela. Interestingly, Venezuela’s government laid the blame for the IT outage suffered by Banco de Venezuela, the country’s largest bank, on the US government, which Venezuela’s vice president Delcy Rodríguez accused of launching an “intense and aggressive” cyber attack against the bank’s IT system.

Cyber Attacks Were on the Rise Long Before Russia’s Invasion of Ukraine

Cyber attacks have been a growing problem for a number of years as more and more aspects of human communication, work and business operations have migrated online, particularly following the pandemic-induced lockdowns of 2020. Ransomware-related data breaches have doubled in the US for the past two years, according to the Identity Theft Resource Center’s 16th Annual Data Breach Report. Supply chain attacks, like DarkSide’s ransomware attack on Colonial Pipeline, are also on the rise.

There are many reasons for this. One is that large companies that fall victim to ransom attacks tend to pay up. And the ransoms tend to be big. Colonial Pipeline paid a $4.4 million ransom payment to regain access to its files.

The rising threat is also being driven by the increasing technological sophistication and capability of hackers. At the same time, banks and companies’ IT systems have grown more vulnerable due to the explosion in use of electronic financial services during the pandemic as well as the rise in remote working by employees, as reader Vlade commented on a previous article:

The problem with the home front is that most people are treating home IT as “just put it there”, and not thinking about security until it’s way too late. Using open wifi, not changing default passwords or admin users etc. etc. – but TBH, I have seen the same behaviour within large corpos too.

Still by far the easiest hacking attack is via a mole (i.e. human element), and that’s very hard to prevent. And, as they are right now, since the companies are looking at their employees as interchangeable cogs in a machine, recruiting moles is likely getting easier and easier.

This may well have been the case with the recent cyber attack against Colonial pipeline, which took down the largest fuel pipeline in the country, leading to fuel shortages along the East Coast, and was pulled off with a single compromised password.

US Infrastructure At Risk?

As Russia gets bogged down in its war with Ukraine (and, of course, NATO & friends) and its sanctions-ravaged economy spirals deeper and deeper into depression, an increasingly desperate Vladimir Putin may resort to digital warfare against US targets. That is the scenario being depicted by some mainstream media outlets. A recent CBS News report, citing the same US intelligence officials that helped produce the Five Eyes missive, warns that cyber attacks against US infrastructure are growing increasingly likely.

“We have to assume that there’s going to be a breach,” said Jen Easterly, US Director of the Cybersecurity and Infrastructure Security Agency (CISA), a US federal agency that operates under Department of Homeland Security oversight. “There’s going to be an incident.”

Caveat #2: US intelligence agencies are not exactly the most reliable sources of information. Intelligence officials already told a big porky when they recently warned that Russia might be preparing to use chemical agents in Ukraine. As it turns out, they had no evidence Russia had brought any chemical weapons near Ukraine; they were apparently just trying to deter Russia from using the banned munitions. This is part and parcel of Washington/NATO’s disinformation war against Russia, as even NBC News recently admitted:

It’s one of a string of examples of the Biden administration’s breaking with recent precedent by deploying declassified intelligence as part of an information war against Russia. The administration has done so even when the intelligence wasn’t rock solid, officials said, to keep Russian President Vladimir Putin off balance.

In other words, they lied, just as they lied about Iraq’s weapons of mass destruction. As Caitlin Johnstone notes in an article for Consortium News, they may contend that they lied for a noble reason but they still lied: “They knowingly circulated information they had no reason to believe was true, and that lie was amplified by all the most influential media outlets in the western world.”

Now, we are being told by the intelligence agencies of not only the US but also its fellow Five Eye partners that a Russian cyber attack against critical infrastructure is all but inevitable. But as I noted at the beginning of this article, they are not exactly trusted sources.

Print Friendly, PDF & Email

44 comments

  1. Tor User

    In the non-cyber realm:

    https://www.theguardian.com/world/live/2022/apr/22/russia-ukraine-war-satellite-images-appear-to-show-mass-graves-near-mariupol-zelenskiy-says-ukraine-needs-7bn-a-month-in-aid-live

    “Russian military official: plans to take full control of Donbas and southern Ukraine, open gateway to Transnistria”

    A Russian military official is being quoted this morning saying that it intends to control the whole of southern Ukraine.

    And in a line that will be concerning to Chișinău, he is also reported to have said that control of Ukraine’s south will give Russia another gateway to Moldova’s breakaway region of Transnistria.

    “Control over the south of Ukraine is another way to Transnistria, where there is also evidence that the Russian-speaking population is being oppressed,” Tass quoted Minnekayev as saying at a meeting in Russia’s central Sverdlovsk region.

    1. timbers

      Interesting. Would have thought Russia would not have gone past Donbas at start of the war, but the Western response has become such a complete total 100% denial of Russia’s right to exist in any except under total obedience to Western dictates enslavement and surrender, and has completely ruled out any diplomacy, and so freely handed out arms…can’t say anything against this.

      The one and only thing stopping the West IMO is Russia’s military power. Sad but true. Not negotiating let alone talking to “enemies” has become completely accepted standard operating procedure in the West.

      1. NotTimothyGeithner

        Countries with wmds or an equivalent, Iran, China, Russia, North Korea.

        Countries without WMDs: Iraq, Libya, Syria, the multitude of African countries where launch drone and special forces wars, Afghanistan. This is just the last 20 years.

    2. Kouros

      The general is lying. The majority population of Transnistria (+30% Russians and +30% Ukrainians) are not being oppressed by the minority Moldavians, since they control the territory since early 1990s. But in whole honesty, that land historically was never Moldavian…

  2. Colonel Smithers

    Thank you, Nick.

    Soon after the invasion, UK regulators organised a call for City firms to warn of such activity. There are follow ups monthly, but these include discussions of the economic impact of the war and sanctions. Calls are organised with groups and on an individual firm basis. City firms are expected to update on their overseas affiliates, too, and have been asked to inform on peers, clients etc. busting sanctions. There’s no honour amongst banksters.

    Sometimes, we get sent on wild goose chases, usually after Bill Browder, Bell End Cat, Catherine Belton or Carole Cadwalladr put out stories that Putin banks in London, owns Mayfair and Belgravia etc, and have to check our records.

    1. Thuto

      ByThank you CS.

      Speaking of Russians in London, are the oligarchs whose assets have been frozen being hyperbolic when they claim they’re being asked to subsist on meagre stipends and can hardly afford to even pay for a meal at a restaurant? The vengeful nature of the act in this case notwithstanding, I do wonder when a government appropriates the right to administer an individual’s finances, would such an asset freeze take into account one’s prior lifestyle when calculating the stipend allowed to trickle out of the frozen accounts?

  3. Acacia

    You know Anonymous has gone totally pear shaped when Hillary Clinton is praising their actions.

    1. Aaron212

      Agreed. I was wondering the other day what Anonymous was up to regarding the war and unfortunately I now know the answer. :/

    2. Nikkikat

      You know anonymous has gone totally pear shaped when Hillary Clinton praises their actions.
      Yes, I must say that I have been quite surprised at their uptake of Zelensky and his Nazi buddies. Now Hillary praises them. What the hell happened to them. Thought they were the good guys. Appears that they are in fact tools

    3. Greg

      I have friends who have gone all in on the hobbyist hacker assault on Russia since day 1 of the invasion. Curiously, where previously they have been extremely skeptical of US government propaganda, for this war they are buying anything sold by Zelensky and his amplifiers without question.

      The thing that I can’t believe Anonymous don’t understand, is that the logical nation-state response to large numbers of amateurs in a hostile country attempting to DDoS national web assets is to just straight up block access from whole countries.
      Ie, this will speed up the balkanization of the internet, while having minimal impact on the operations within the target country itself (once they untangle the dependency-ridden modern web app structure if they’ve gone down that route).

      For an organization ostensibly committed to freedom of information above all else, destroying the global internet seems like a bit of an odd mission for Anonymous. I’m sure they’ll be super happy in their all-US-pysops all-the-time walled garden version.

    4. Lena

      Do you think, the real “Anonymous” still exists?
      Anonymous was radical. Then there was a crackdown on Anonymous. Now Anonymous is pro-Imperialist. This smells to me.
      I think the relevant people were captured and the US is just using their good name to do bad deeds (like it’s doing with many other NGOs etc.)

  4. The Rev Kev

    ‘Now, we are being told by the intelligence agencies of not only the US but also its fellow Five Eye partners that a Russian cyber attack against critical infrastructure is all but inevitable. But can we believe them?’

    Seriously? Is there to be no mention of the wealth of files released by Edward Snowden showing the programs used in the west to surveil their own populations with – at a minimum. Here is a quick reminder-

    https://www.businessinsider.com/snowden-leaks-timeline-2016-9

    I have no doubt that in London and Washington that there is discussion as to what would happen if the west launched a cyber-attack against Russia and if they would dare retaliate. Well, I think that we know the answer to that but they might just be stupid enough to try. And then blame Russia for their counter attack as them doing it first. The thing is, the software that our society depends on should be solid and safe but it is not. Why? because our very own intelligence agencies have for decades did everything that they could to ensure that the encryption algorithm standards that we use were deliberately weakened and backdoors installed into our security programs. You think that the Russians or the Chinese do not know this and have not mapped it all out? In the months ahead, just remember the golden rule – there is always enough time to do a full backup of your data.

    1. Nick Corbishley Post author

      You’re right, RK. An important oversight on my part. Have added an extra couple of caveats (highlighted in bold) to the second paragraph, which now reads as follows.

      Before we look at the statement in any depth, an important five-pronged caveat is needed: both the US and the UK are among the primary antagonists in NATO’s ongoing war with Russia; they both have significant offensive cyber war capabilities of their own; US intelligence agencies, at Obama’s behest, have drawn up a list of potential overseas targets for cyber attacks; both countries have  surreptitiously conducted vast surveillance programs, targeting not only their own populations but also citizens and government leaders of other countries; and the world right now is in the grip of the biggest information war of this century.

      Have also slightly amended the ending, which as a little bit rushed. As always, thanks for the feedback.

      1. The Rev Kev

        Make no mistake, it is an excellent post. In reading it however I saw the same pattern by us in the west where we plan on doing some dastardly deed but first we blame the other side for doing it beforehand. An example. Learning from experience with all those so-called chemical attacks in Syria, the Russians saw one shaping up in the Ukraine and came out in public and said that this was going to happen and identified the towns that were going to be the subject of these “attacks”. They even, if memory serves me correct, identified western handlers that were helping to mount this attack. So they were able to short-circuit this attack before it got started. Same thing here. It looks like the west is thinking of mounting cyber attacks within Russia so are accusing Russia first of doing it. If Russia reacts to one within their country, the west will claim that the Russians are doing it first. That playbook is so old now it has got a long, white beard on it.

      2. David

        I think it’s important to distinguish between surveillance programmes, communications interception and actual offensive cyber operations. The first has existed ever since there were telephones, but really these days is largely targeted at analysis of mass data to find patterns or identify individuals. The second has really been around since the invention of radio, but really came into its own during and after WW2. For generations now major powers have been targeting diplomatic communications by other nations, as well as military communications where possible. (There’s a discipline called Radio Traffic Analysis which enables you to get a good idea of what military units are doing, even if you can’t read their communications.) Nowadays, of course, the fact that everybody has a mobile phone opens up a whole lot of other possibilities.

        None of this, to repeat, is new, and most so-called “cyberwar” attacks are just rebadging of what has been going on for a long time. As you say, most offensive use of the internet (DDoS etc) has been by hacker groups for criminal purposes. Even then, getting access to files and stealing passwords is technically described as an “attack”, but not in the sense of something that could be militarily or strategically useful. As to whether an actual cyber attack on western critical infrastructure is coming, I think all one can say is that it’s technically possible: the question is whether the Russians would feel it was worth it. A lot of specialists will tell you that “cyber warfare” is often just a complicated way of doing simple things. If you want to target critical systems , especially military ones that tend to be relatively well protected, then you do what the Russians have done so far: you hit them with a missile, which requires more than just a reboot of the system. Obviously that’s not possible outside Ukraine as things stand.

        I can see one use for offensive cyber attacks, which would be a way of directly bringing home the war to western publics, much more obviously than fuel shortages. My two favourite targets would be banks and power distribution (not generation). Banks, both CS and vlade have already commented on: you can cause real havoc relatively straightforwardly, not least because so much is dependent on trust. (There are still people who don’t realise that if everybody went to their bank to get money out at the same time, there would be trouble: CS may like to comment on that …) My favourite would be to attack power distribution systems, because, to a far greater extent than most people realise, daily life is impossible without power. You wouldn’t even be able to get through the door of your local supermarket, for example. I’m sure we have some electrical engineers here who could say more.

        In any event, the capability exists: it’s simply a question of whether the Russians believe it’s in their interests to use it. One interesting and unresolved question is whether a cyber-attack counts as an “attack” under the Geneva Conventions, which say firmly that “only military targets may be attacked”: the definition of military targets is pretty restrictive as well.

        1. The Rev Kev

          Good material in that comment. I would add an attack on billing as well as a possibility. The Colonial pipeline ransom attack last year, if I recall correctly, was not an attack on the controls but on the billing part of the software. Everything still worked but as the corporation could not bill for the fuel going through that pipeline, they themselves shut things down. How many other corporations would do the same if they could not bill their customers?

        2. tegnost

          I miss vlades comments. He was always notably circumspect regarding anything relating to eastern europe. I hope he is doing well, and comes back someday…

        3. Ignacio

          Is it possible that Russians, did not pound down Ukrainian smartphone networks, because they thought they could obtain better advantages (info, data) compared with those they would obtain blocking the same.

        4. Ignacio

          To those worries you mentioned I would add the state owned networks and systems for tax declaration and presentation, wouldn’t that create an epic mess?

        5. Colonel Smithers

          Thank you, David.

          I imagine you meant me, not Chris Sheldon…

          I agree with you about banks. A hack of payment and settlement systems and ATMs, which tend to be old and are patched up, would not be difficult to organise and could be hidden (and excused) as just the expected wear and tear of (1980s) systems that can’t cope with modern demands.

          I don’t know about power distribution, but can imagine that antiquated systems, cost cutting and neglect would be similar to banks. David is right to emphasise the distinction between power distribution and power generation. If banking is any guide, I reckon distribution is the weak link.

          In addition, banks and power companies have often outsourced operations to third parties, often overseas. There’s little or no vetting of who is hired by these third parties. High turn over of staff is the norm. Infiltration would be easy to arrange. (Just ask Rishi Sunak’s wife and in laws.)

          We saw bank runs in 2008. It would not take much to spark another. Readers in the UK may remember people queueing for their money at Northern Rock and Bradford & Bingley, mainly in the north of England. There were queues outside RBS / NatWest in Kent, but the Brown government sat on BBC to prevent the local news getting out. If much bigger RBS / NatWest saw a run, the other banks would not have been immune. There would have been contagion.

          I have some input into cyber security and operational resilience at my employer (and had at my last) and confess that, although the techies are good, these things are seen as a cost and not a path to promotion, so are not given the attention and resources that they need. Few managers understand the technicalities and implications, unlike NC’s Clive and Vlade.

          Last November, the Bank of England offered me a job to deal with this sort of thing. I really wanted to accept, but could not make it work financially. That tells you about how serious the authorities take these things.

          Let me conclude that it’s interesting that David mentions power supply. I recall my father, then serving with the RAF, explaining how the Russians could knock out UK power and communication systems when learning physics at school in the 1980s.

          1. Nick Corbishley Post author

            Thanks, David and Colonel, for your comments. They have certainly enriched the debate. It is a shame you didn’t take that job offer, Colonel. Lord knows our central banks need honest, competent, unconflicted people who are capable of dealing with some of the big challenges coming our way. Perhaps you could have hired Clive and Vlade to help out with the more technical aspects ;-)

            1. Colonel Smithers

              Thank you, Nick.

              I would have certainly approached the pair.

              In the interviews, I emphasised that a lack of interest and understanding on the part of senior management made the situation worse.

              The Bank is worried about the dominance of US cloud providers and their one size fits all approach that does not take into account key infrastructure and susceptibility to US government pressure. The likes of Mrs Sunak’s family firm are another, scary story.

          2. David

            Ah, yes, the famous Electro-Magnetic Pulse, which is a byproduct of nuclear explosions. In the Cold War, it was generally expected that a relatively limited nuclear strike would essentially fry everything electrical, including basically anything plugged into an electrical circuit. The likely consequences ranged from the serious to the downright terrifying, depending on which sets of assumptions you used. (It was hard to be sure without doing it for real). For that reason, military HQs and some government and buildings were “EMP-hardened”, as was a lot of battlefield equipment in case battlefield nuclear weapons were used.

            The last time I looked into this, the fears were the same, but protection is now almost non-existent. As someone pointed out to me, the best use the North Koreans, for example, could make of a nuclear warhead would be to stick it on a missile and fire it straight up. The more dependent a nation is on electronics, the more it would suffer. That said, I think it’s still the case that there’s no agreement on what the exact effects would be (because it’s so dependent on assumptions) but ton the other hand civilisation as a whole relies far more on all things electronic than it did thirty years ago.

            The big prize, if it can ever be made to work, is strategically useful non-nuclear EMP, which would be a game changer and a war winner. NNEMP weapons do exist but on a small scale and for largely tactical objectives. No doubt there are research programmes to make them bigger and better.

            1. Colonel Smithers

              Thank you, David.

              Dad thought an explosion over the North Sea would do the trick.

    2. Thuto

      I made a similar comment earlier that was eaten by the machine. If anything the threat situation is the exact reverse and its Russia that should be fortifying its systems against possible western cyber attacks. Let’s not forget that at the beginning of this conflict a report was making the rounds that suggested that over 150k volunteer hackers and cyber experts had been mobilized around the world to launch a cyber war against Russia, and we saw evidence of this when Russian government websites, banks and media outlets like RT and Sputnik came under persistent DDOS attacks. With the level of mistrust between adversarial nations and geopolitical blocs at an all time high, the era of truly global enterprise software companies that deliver mission critical applications for governments, corporations, military and intelligence services, aviation, backhaul telecoms capacity etc may be over. For nations considered great powers, the prospect of foreigners owning the core technology that makes 21st century nation states function and that can be turned off with the click of a button by an adversary is a bona fide national security risk, that’s why Putin himself recently ordered the Russian government and associated agencies to rid themselves of foreign made software within five years.

      1. Colonel Smithers

        Thank you, Thuto.

        There are UK bureaucrats who think your final sentence is the way forward, but politics and career prospects mean that such heresy is muted.

        1. Thuto

          Thank you CS.

          I guess when a bureaucrat’s career prospects and pension are pitted against the future sovereignty of the UK (no less than the UK’s sovereignty is at stake here), being a heretic is a much less enticing proposition.

  5. Tor User

    Thinking ahead:

    https://iz.ru/1324297/maksim-talavrinov/glonass-ne-dogoniat-rosaviatciia-gotovit-avikompanii-k-poletam-bez-gps

    The Federal Air Transport Agency recommended that airlines prepare for flights without the use of the American global navigation satellite system (GPS). This is due to its possible shutdown, as well as “jamming” of GPS signals and spoofing attacks….

    Interesting that they don’t advocate GLONASS but INS instead. GLONASS even works better in the far north than GPS. A guess could be that a lot of the aircraft are western made and this use GNSS receivers that use GPS as the certified system.

    After all back in 2013 ICOA accepted the Russian request to certify GLONASS along with GPS for precision navigation.

  6. Zephyrum

    Russians and Americans have different motivations here. The US cyber warfare people are feeling left out and want to show what they can do while the conflict is hot. Meanwhile the Russians may have unchained some of the private cyber gangs, but it’s very unlikely that the government is directly attacking anyone. Showing off is an American trait, not a Russian one. The Russians probe and prepare, and if they feel the need to attack will take out a whole lot of infrastructure all at once. Each mode of attack only works for a short time, so any “demonstrations” only strengthen the adversary.

    1. lyman alpha blob

      According to Michael Lewis’ book Flash Boys, the US banking system had to hire a number of Russian or Eastern European computer experts to keep the whole shaky infrastructure up and running. Either they were the only ones who understood the legacy code well enough, or they were willing to work cheaper than US counterparts, perhaps both. Banks were loathe to do a comprehensive upgrade due to the costs involved, so basically kept things running with duct tape and string.

  7. lyman alpha blob

    “…a Russian cyber attack against critical infrastructure is all but inevitable.”

    I hope it will not come in the form of Jesus jerkoff memes again. The horror, the horror…

    And while I’m not generally in favor of hacking, having seen a bit of it up close and personal that made my job more difficult to deal with, I will say that pipeline hack from a year or two ago where the perpetrators targeted the billing system of the company and not the pipeline itself was absolutely hilarious. For those who missed it, the pipeline company could not bill its customers properly and the company itself had to shut down the pipeline lest its customers get free gas. Again, the horror….

    1. jrkrideau

      Have you no sympathy for the poor, downtrodden, directors who might have had their bonus cut? Shame!!

  8. rfdawn

    A perennial reason why IT security is never all it could be is the constant internal demand for remote access because reasons. The past two years of Covid and working from home may have not have improved matters.
    .

    1. Yves Smith

      Makes total sense. Plus security was never good, between corporate clients not being willing to pay for it, too much reliance on consumer-grade software as workhorses, and too many upgrades because forced obsolescence.

  9. Skippy

    Disheveled Marsupial here … coughs ..

    Has any one considered the big thingy about sea access is not about ports and the abilities to move commodities, but, in the digital world of wealth [M-M] the control of undersea cables that facilitate that dynamic is the key asset of digital wealth flows through it.

    Please entertain me for a moment … the physical is no longer a driver of financial markets, no more than crypto, its just investors dog piled on investors and the symbology of numbers has no attachment to the real world that clay tablets it was all build on.

    Hence rather than a nuclear apocalypse one would only need to black out some cables …

  10. JayTe

    I must say that I was quite interested in the article until you came up with the random fact free narrative of the Russians being bogged down in Ukraine. I had to suppress a giggle since anyone with functioning brain cells can clearly see the Russians are doing everything that they said that they were going to do.
    1. Destroy Ukrainian Military – Check
    2. Eliminate Neo Nazi elements in Ukraine – Almost finished.
    3. (Not explicitly stated) Solve security problem by extending and connecting the Russian Federation to the Russian speaking world in south and eastern Ukraine along with Transnistria in Moldova. Leaving a rump Ukraine full of Neo-nazis for the EU (who are rushing through their EU candidature) to deal with (Here my dear!)

    And it is all being done by flipping the conventional notions of how wars are fought. (i.e. Instead of 3:1 advantage in troops, having a 3:1 disadvantage AND sparing as much as possible the civilians and civilian infrastructure of the country).

    As for the other part of your comment, “its sanctions-ravaged economy spirals deeper and deeper into depression, an increasingly desperate Vladimir Putin may resort to digital warfare against US targets”, I’m not even sure that we live on the same planet. I guess that you don’t actually pay attention to the facts but blindly follow what MSM acolytes regurgitate from their intelligence or political masters. Here is the facts. Russia is awash with cash. They have been making more than $1 billion per day over the last month and a half just from their energy products!!! As well, within 6 months to 18 months all the products that they were getting from the west will be replaced. And those products are not even critical to the Russian economy. They already produce all essentials like food internally and what they don’t need for themselves they export to others (like wheat). I would also suggest that you actually look at a world map to see those who actually support sanctioning Russia. Glenn Greenwald was nice enough to provide us with one. Note how small is the part of the world actually supporting sanctions against Russia. North America (i.e. Canada and the US), Western Europe, Japan and South Korea to a certain extent but not too much because they depend on Russia for energy and other raw materials to keep their economies going. For the rest of the world? They cannot be bothered. They see the collective west for what they really are. Arrogant, ignorant of how the world works and blatantly racist of all things Russia.

    If that sounds like losing a war and being bogged down with a suffering economy to you, I have a couple of bridges to sell you!

  11. Watt4Bob

    I had my most trusted network expert in the other day because I had replaced a bunch of hardware and had run into a dead-end in mopping up the inevitable unintended consequences.

    The guy is a military-trained security expert among other skills.

    He tends to be on the side of Ukraine because of friendships with people on the ground, one of which was his teacher in the Army’s language college.

    I usually try to be considerate of his politics when we talk, and approach sensitive topics carefully, so I was a little surprised that he seemed to think it a strong possibility when I speculated that there must exist an agreement at very high levels amongst our multi-national ruling class not to engage in ‘serious’ cyber warfare, as it’s every bit as dangerous, possibly more dangerous to the world economy than kinetic warfare.

    He shook his head and said; “Yeah”.

    He is the guy most responsible for my understanding of how insecure the planet’s infrastructure is, so, coupled with our long established agreement that we have a more or less totally corrupted ruling class, it seems strange to both of us that no major banking center has been hit by anything like a catastrophic cyber attack.

    IOW;

    “We’re making a lot of money here, let’s not muck it up.”

    Smells like “Professional Courtesy” to me

  12. Sin Fronteras

    One unmentioned aspect of cyber security is that the US intelligence agencies participating on the standards committees that created the modern internet continually obstructed efforts to harden the standards, and pushed for leaving back doors in.

    My source for this is Tim Bray, who is one of the standards writers for XML. He complained about this in one of his blog entries 10 or 15 years ago.

    I would buy a Huawei phone to evade some of this, but I can’t count on the phone being usable once the US starts in on China.

  13. Nick Corbishley Post author

    JayTe,

    Did you not read the sentence after the one you cite? I very clearly state that this is a scenario depicted by certain mainstream media outlets. What’s more, I spend the next four paragraphs (as well as a paragraph in the opening section of the article) discrediting the sources, in the US intelligence agencies, of the claims that Russia is preparing to escalate the cyber war. Lastly, I am fully aware of the fact that the vast majority of the global community does not support sanctions against Russia, having written a number of articles for this very site about the fierce opposition to them even among many traditional US-aligned countries in Latin America, including Mexico.

Comments are closed.