Two important stories on the same topic have been published recently, and I strongly recommend that you read both of them all the way through. The subject is Russian cyber-warfare, and the first one is by Terrell Jermaine Starr from a recent issue of MoJo:
Oleh Derevianko was on the road to his parents’ village in Ukraine on a bright June day in 2017 when he got a call from the CEO of a telecommunications company….Across Ukraine that day, cash registers suddenly shut down. People trying to withdraw money saw ransom demands appear on ATM screens. Lawmakers in the country’s parliament could not access their laptops. Turnstiles in Kiev’s subway stopped working, and departure boards at the airport went down. Technicians at Chernobyl, the site of the deadly nuclear disaster in 1986, had to manually check radiation levels after their computers failed.
….This was no random malware. It was an act of cyberwar—the latest digital attack from Russia….In 2015, hackers went after the electrical grid and shut off power to 225,000 Ukrainians. Another attack, in 2016, blacked out one-fifth of Kiev. And last year came the multipronged offensive that would eventually be known as NotPetya (after the Petya ransomware that it partially mimicked).
Cyberwarfare has been a key part of Russia’s grinding, multi-pronged war against Ukraine for years. Starr tells this story and sets the stage for Andy Greenberg’s terrific Wired piece that focuses solely on last year’s NotPetya attack. It turns out that there’s a Ukrainian piece of software called M.E.Doc, sort of the the equivalent of Quicken in the US. It’s very widely used, and some bright bulb in Moscow discovered that it had a bug:
In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organizations and companies. They penetrated the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data….But those attacks still weren’t Sandworm’s grand finale. In the spring of 2017, unbeknownst to anyone at Linkos Group, Russian military hackers hijacked the company’s update servers to allow them a hidden back door into the thousands of PCs around the country and the world that have M.E.Doc installed. Then, in June 2017, the saboteurs used that back door to release a piece of malware called NotPetya, their most vicious cyberweapon yet.
Here’s the big question: was this simply another front in Russia’s cyberwar against Ukraine? Or did they know perfectly well what would happen next?
The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately. “To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze NotPetya. “By the second you saw it, your data center was already gone.”
….The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its creators intended. Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft.
NotPetya broke out of Ukraine in seconds and spread throughout the world. Greenberg’s piece is mostly a portrait of how it affected Maersk, one of the world’s biggest shipping companies. Long story short, it destroyed the company’s entire IT infrastructure and shut down half its business for over a week. Only a lucky coincidence—a single backup of a critical module that miraculously happened to survive in Ghana—allowed them to eventually rebuild their systems. In all, it cost Maersk a billion dollars. The total cost of the attack is estimated at about $10 billion.
But that’s not the key aspect of this. The part we still don’t know for sure is whether this was deliberate. Was NotPetya just another attack on Ukraine that went disastrously awry? Or was it a deliberate pilot test of a devastating piece of malware that was fully expected to spread throughout the world?
Those of us who are critics of Russia—and Vladimir Putin in particular—are usually focused on Putin’s retrograde politics. Putin has shut down the press; murdered his opponents; jailed dissidents; used homophobic legislation to stoke bigotry and reactionary rage; co-opted the church to portray himself as the only reliable protector of Russian culture; killed off opposition parties; and just generally centralized authority in himself to a degree last matched in the post-Stalin Soviet era.
But there’s also his aggressive foreign policy: wars in Chechnya, Georgia, Syria, Ukraine, the annexation of Crimea, and threats against the Baltic states and others. Regional hegemons usually engage in a fair amount of military activity, so perhaps much of this can be written off as nothing all that unusual. Your mileage may vary. But Russia’s cyberwarfare is something quite different: it is destructive, highly advanced, and very definitely not restricted to the ordinary kind of hegemonic military activity, which is typically targeted at either border states or very limited engagements in proxy wars that are temporarily deemed important for some reason. Russia has made it clear that cyberwar is something it takes very seriously and is willing to use against anyone, whether they’re at war or not. That obviously includes us. And just as obviously, our current president has decided to do almost nothing about it.
Read these two pieces. They’re eye-opening if you haven’t been following this stuff closely. For most of us, we can only hope that the Pentagon and the NSA are ignoring Donald Trump and doing a good job of fighting this stuff on their own. In the meantime, the big question is: Why doesn’t Trump care? And why does the Republican Party allow him to get away with not caring?
