The new weapon against Russian cyber attacks: Naming and shaming

Intelligence agencies are going public about cyber attacks and who they think is to blame. Can that help stop future attacks?
Written by Steve Ranger, Global News Director

The UK has blamed Russian military intelligence for a string of cyber attacks, the latest in a series of public moves aimed at deterring any more attacks.

The National Cyber Security Centre (NCSC) said it has "high confidence that the GRU was almost certainly responsible" for four attacks, including hacking the Democratic National Committee, the World Anti Doping Agency, and the BadRabbit ransomware, as well as an attack on a UK-based TV station.

"Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses," NCSC said.

It's hardly news that western spy agencies think that Russian military intelligence was behind the 2016 hacking of the Democratic National Committee, and the hacking of the World Anti-Doping Agency has long been blamed on the same source.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

There is some new information -- NCSC mentions an attack on a "small UK-based TV station" between July and August 2015, during which multiple email accounts were accessed and content stolen. It also confirms that the 'BadRabbit' ransonware that hit in October 2017 -- and caused disruption to the Kyiv metro, Odessa airport, Russia's central bank and two Russian media outlets -- was also down to the GRU.

The timing of the alert is probably significant, as it is only a month to the US midterm elections. According to tech security companies there is little sign that Russian hackers will try to repeat their campaign in the run up to the 2016 Presidential election, but a report like this is a handy way of reminding Russian intelligence that western spies are watching.

Western governments have in the past been cautious about explicitly blaming countries for specific cyber attacks for a couple of reasons.

It's hard to be absolutely certain online that you are pointing the finger at the right group, thanks to the shadowy nature of cyber espionage, especially when hackers will cheerfully plant evidence to make it look like another group has carried out an attack. Another reason for caution is accusing a country of a cyber attack usually means providing some sort of evidence, which can give away sources or technical details of the accusers' own spying capabilities.

Western intelligence agencies were largely caught napping during the Russian meddling in the 2016 US Presidential election, and failed to understand the potential impact of such hack-and-leak cyber attacks, which saw information stolen and then used as part of a campaign to sow dissent alongside a broader campaign of misinformation.

Since then Western governments have been trying to find a set of workable deterrents -- sanctions, indictments and naming-and-shaming -- to make it clear that this kind of meddling is unacceptable and well beyond the standard level of cyber espionage that all countries' spy agencies do.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

These intelligence agencies are now much more willing to attribute cyber attacks where they can as a way of deterring future attacks, and in doing so also provide information that can allow organisations that are potentially being targeted to better protect themselves.

Whether this is enough to stop the escalation of cyber attacks (the US recently said it would hack back at attackers) remains to be seen.

It is perhaps significant that Foreign Secretary Jeremy Hunt emphasised that the GRU's "reckless and indiscriminate" cyber attacks don't just hit western targets. "They are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences," he said.

In some ways the GRU may consider being blamed for these attacks as a badge of pride, showing their technical prowess; pointing out that these attacks can also hurt Russian companies too may make them think a little harder next time.


Editorial standards