As Ukraine invasion stalls, Putin looks to cyber for revenge attack on US

Russian President Vladimir Putin’s invasion of Ukraine has severely affected his country’s economy. Not only is it costing his country an estimated $20 billion a day, according to Center for Economic ReformBut sanctions imposed by the West have plunged the Russian economy into crisis.

Putin has responded by calling the sanctions a “declaration of war” and indicating that he wants to avenge his country’s alleged abuses faced by the West. Still, as Russia is now largely cut off from the world economy, with some allies coming to its aid, the Kremlin has few financial avenues in which to seek retaliation.

Colorado Congressman Jason Crowe, who serves on the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said Putin may turn to one of his few remaining tools as he seeks revenge. Cyber ​​Attack.

,[Putin] Will use the tools at his disposal to respond, and he has the largest cyberattacks, so I think we can fully expect that there will be cyberattacks on the United States and our allies in the coming weeks and months ” newsweek, “I think we can expect Putin to come into our financial system and some of our critical infrastructure.”

A girl watches Russian President Vladimir Putin’s address to the nation on the website of Russian TV Channel One on November 29, 2007. Russia’s cyber capabilities are one of its few remaining strengths.
Photo by Dmitry Kostyukov/AFP via Getty Images

In 2020, unnamed US officials told major media outlets that Russia was a potential suspect for a cyberattack on software company and government ally SolarWinds, which potentially allowed hackers to access government data for months. Moscow denied responsibility for the attack, yet the Biden administration imposed sanctions against Russia in response.

Crowe said Putin believes in “proportionate” responses, so if Russia launches an attack in response to new sanctions involving Ukraine, a likely target will be America’s financial system. Banks, private financial companies and major economic sectors can all become targets. Because these attacks can come at any time and through a variety of means, Crowe said the priority should be to shore up vulnerable institutions.

Hackers launching a cyberattack often target smaller firms tied to larger institutions to achieve their goals, Crowe said, as he did in the SolarWinds hack. Through a practice called “island hopping”, malicious actors breach the security of small businesses that are contracting to larger firms, and work their way through related digital systems to their primary goal. Let’s use that “door”.

Adam Levine, a cyber security expert and host of What the Hack? podcast, told newsweek That an example of this approach was the 2013 attack on retail giant Target, in which a small heating and air conditioning company contracted by hackers to steal payment information of Target’s customers was breached.

Levin warns that if Russia orders its hacking force to attack, small contractors and even individual workers may be the first targets.

“When you look in the mirror, you feel like you’re looking at yourself, and you look regular,” Levine said. newsweek, “But when a hacker looks at you, they’re looking at The Rock, they’re looking at Sharon Stone, Jay-Z, Beyoncé, Adam Levine, because you have what they want.”

You have the data,” he said, “and the data is valuable.”

China-Technology-Hacking
This photo taken on August 4, 2020 shows “Prince”, a member of the hacking group Red Hacker Alliance, using a website monitoring global cyber attacks on his computer at his office in Dongguan, China’s southern Guangdong province He refused to give his real name. , Cyber ​​attacks intensified during the start of the COVID-19 pandemic as millions began working from home.
Photo by Nicolas Asfuri / AFP via Getty Images

Individuals have access to financial institutions, companies and businesses with which they work. Levine says it can be “more effective for a hacker to go through the side door than the front door,” meaning that a government entity or a global company is only as strong as its weakest link. can.

In the SolarWinds case, its CEO Sudhakar Ramakrishna said, “A SolarWinds email account was compromised and used to programmatically access the accounts of targeted SolarWinds personnel.”

Crowe said the federal government needed to get better at defending against this type of attack. In November 2021, Crowe’s bill to assess the Small Business Administration’s (SBA) cyber security infrastructure and create a plan known as the SBA Cyber ​​Awareness Act passed the House, and has bipartisan support in the Senate. .

Crowe said it was an example of how the government could protect its weakest links.

“(SBA) has data for small businesses that may not have good cyber security, and are themselves a government system that is not necessarily on the front lines of national security,” Crowe said. newsweek,

“It’s those small companies that are sometimes a weak link or backdoor in our national defense system,” he said, “so we have to make sure we’re protecting them.”

However, with many different avenues for a skilled hacker to infiltrate, Crowe acknowledges that there must be a line for responding to cyber attacks launched by Russia or by hackers within the country’s borders.

But it can be difficult to differentiate in that line.

Senate Impeachment Trial Of President Donald Trump
Rep. Jason Crowe (D-Colo.), who serves on the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, has warned that Russia could launch cyberattacks. Here, he speaks during the impeachment proceedings against US President Donald Trump in the Senate at the US Capitol on January 23, 2020 in Washington, DC.
Photo by Senate Television via Getty Images

James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS), told newsweek That cyber has long been seen in the realm of intelligence and espionage. With that comes a different set of rules, he said.

A country will not conduct a ground attack on an act of espionage, yet with cyberattacks becoming more within their scope, such as attacks against the Colonial Pipeline and Southern California hospitals, the US should consider what it should do in the future. How to respond to attacks. which could endanger the lives of its citizens and the functioning of its economy.

While these attacks don’t give the same scene as a military offensive, Lewis said it’s easier for governments to figure out who’s behind them, and then target the perpetrators. The United States has begun to emphasize accountability for this type of attack, and international rules have been created. However, as Russia and the US were negotiating what should be the punishment for such cyber crimes, discussions were suspended.

“We’ve spent almost 20 years coming up with excuses for inaction, and it’s turned into this administration. This administration said a lot to the Russians ‘whether you need to shut it down or not,'” Lewis pointed out. newsweek, “But we don’t know what will lead to it, because Putin has decided to invade Ukraine, so talks are stalled.”

Russian officials have indicated they would like to resume those discussions. Andrey Krutsikh, special representative of the Kremlin for cooperation in the field of information security newsweek In an excerpt published Tuesday, “A cyber attack, whether accidental or intended, involves [one] That, under a false flag, could easily escalate tensions between states, leading to full-scale conflicts.”

“Ensuring international information security becomes one of the key factors directly affecting strategic stability,” he said.

Lewis is skeptical about when or if talks with Russia on cyber warfare will resume, let alone whether they will lead to progress, especially in light of the Ukraine war. In the meantime, however, Crowe said the US should be prepared to respond to any attacks Russia may launch in the coming months.

“We need to develop principles for (cyberspace), and the international community needs to set standards for what would constitute an act of war or an act of aggression, which would require a response,” Crowe said. newsweek,

“Certainly a lot more restrictions can be imposed,” he said. “There’s no doubt about it. There are more banks and more individuals.”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: