Russian Cyberwarfare Is Much Worse Than You Think. Donald Trump’s Indifference to It Is Much More Criminal Than You Think.

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

Two important stories on the same topic have been published recently, and I strongly recommend that you read both of them all the way through. The subject is Russian cyber-warfare, and the first one is by Terrell Jermaine Starr from a recent issue of MoJo:

Oleh Derevianko was on the road to his parents’ village in Ukraine on a bright June day in 2017 when he got a call from the CEO of a telecommunications company….Across Ukraine that day, cash registers suddenly shut down. People trying to withdraw money saw ransom demands appear on ATM screens. Lawmakers in the country’s parliament could not access their laptops. Turnstiles in Kiev’s subway stopped working, and departure boards at the airport went down. Technicians at Chernobyl, the site of the deadly nuclear disaster in 1986, had to manually check radiation levels after their computers failed.

….This was no random malware. It was an act of cyberwar—the latest digital attack from Russia….In 2015, hackers went after the electrical grid and shut off power to 225,000 Ukrainians. Another attack, in 2016, blacked out one-fifth of Kiev. And last year came the multipronged offensive that would eventually be known as NotPetya (after the Petya ransomware that it partially mimicked).

Cyberwarfare has been a key part of Russia’s grinding, multi-pronged war against Ukraine for years. Starr tells this story and sets the stage for Andy Greenberg’s terrific Wired piece that focuses solely on last year’s NotPetya attack. It turns out that there’s a Ukrainian piece of software called M.E.Doc, sort of the the equivalent of Quicken in the US. It’s very widely used, and some bright bulb in Moscow discovered that it had a bug:

In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organizations and companies. They penetrated the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data….But those attacks still weren’t Sandworm’s grand finale. In the spring of 2017, unbeknownst to anyone at Linkos Group, Russian military hackers hijacked the company’s update servers to allow them a hidden back door into the thousands of PCs around the country and the world that have M.E.Doc installed. Then, in June 2017, the saboteurs used that back door to release a piece of malware called ­NotPetya, their most vicious cyberweapon yet.

Here’s the big question: was this simply another front in Russia’s cyberwar against Ukraine? Or did they know perfectly well what would happen next?

The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately. “To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze Not­Petya. “By the second you saw it, your data center was already gone.”

….The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its creators intended. Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It ­crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft.

NotPetya broke out of Ukraine in seconds and spread throughout the world. Greenberg’s piece is mostly a portrait of how it affected Maersk, one of the world’s biggest shipping companies. Long story short, it destroyed the company’s entire IT infrastructure and shut down half its business for over a week. Only a lucky coincidence—a single backup of a critical module that miraculously happened to survive in Ghana—allowed them to eventually rebuild their systems. In all, it cost Maersk a billion dollars. The total cost of the attack is estimated at about $10 billion.

But that’s not the key aspect of this. The part we still don’t know for sure is whether this was deliberate. Was NotPetya just another attack on Ukraine that went disastrously awry? Or was it a deliberate pilot test of a devastating piece of malware that was fully expected to spread throughout the world?

Those of us who are critics of Russia—and Vladimir Putin in particular—are usually focused on Putin’s retrograde politics. Putin has shut down the press; murdered his opponents; jailed dissidents; used homophobic legislation to stoke bigotry and reactionary rage; co-opted the church to portray himself as the only reliable protector of Russian culture; killed off opposition parties; and just generally centralized authority in himself to a degree last matched in the post-Stalin Soviet era.

But there’s also his aggressive foreign policy: wars in Chechnya, Georgia, Syria, Ukraine, the annexation of Crimea, and threats against the Baltic states and others. Regional hegemons usually engage in a fair amount of military activity, so perhaps much of this can be written off as nothing all that unusual. Your mileage may vary. But Russia’s cyberwarfare is something quite different: it is destructive, highly advanced, and very definitely not restricted to the ordinary kind of hegemonic military activity, which is typically targeted at either border states or very limited engagements in proxy wars that are temporarily deemed important for some reason. Russia has made it clear that cyberwar is something it takes very seriously and is willing to use against anyone, whether they’re at war or not. That obviously includes us. And just as obviously, our current president has decided to do almost nothing about it.

Read these two pieces. They’re eye-opening if you haven’t been following this stuff closely. For most of us, we can only hope that the Pentagon and the NSA are ignoring Donald Trump and doing a good job of fighting this stuff on their own. In the meantime, the big question is: Why doesn’t Trump care? And why does the Republican Party allow him to get away with not caring?

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate