Further Anomalies in Russian Cybersecurity
While the debate over whether and how Russia may have used hacking to influence the U.S. election has somewhat quieted down in the past two weeks, other cyber security events seemingly related to Russia have continued.
In this briefing we will take a look at two of them: Cyber attacks against Czech government officials and the arrest of Russian cyber security experts.
Czech Republic Attacks
The Czech government has released a statement outlining a cyber attack against it which was uncovered in January. No details regarding the exact timing of methods used in the attacks have so far been made available.
The attack allegedly targeted the email accounts of government officials and diplomats - some of which contained communications with NATO officials. The highest ranking official hit by the attack is Lubomír Zaorálek, the Czech Republic foreign minister.
The Czech government states that it believes these attacks were carried out by a state actor and informal sources claim that Russian involvement suspected.
Since no information on the attacks is publicly available, and to our current knowledge all government officials implicating Russia did so anonymously, we have no data on which to evaluate the likeliness of Russian involvement. For now, we will therefore treat it as merely a claim.
That said, using cyber attacks against geopolitically weaker countries in the European east block would make sense from a Russian perspective as it would allow access to EU and NATO information at a fraction of the risk and cost of attacking a western EU nation.
We will continue monitoring this situation and share information with you as it becomes available.
Arrests of Russian Experts
Last week saw the arrests of three leading Russian cyber security experts:
- Sergei Mikhailov, deputy head of the FSB’s Centre for Information Security
- Dmitry Dokuchayev, the deputy of Sergei Mikhailov
- Ruslan Stoyanov, a cyber security researcher at Kaspersky Lab
All three were charged with treason and the arrests were widely publicized in Russian media.
So far, no details on the treason charges has been made public.
While it is possible that each of these three may / may not have committed acts of treason, Russia has historically used treason charges to both silence dissidents and cull people from positions of power.
At the time of writing, whether this is the case for these information security professionals remains unclear.
While we currently cannot determine what is happening within Russian cyber security cycles, the fact that something is happening is definite - with the most probably scenarios being either a culling is taking place or an act of treason has happened. Both scenarios are likely to have geopolitical implications as the Russian authorities continue their investigations.
We expect this story to keep resurfacing over the coming weeks as information is released by Russian officials. If and how the international media choose to report this story will be of interest to the information security community globally, particularly given the heightened (and at times misinformed) assertions surrounding Russian cyber activities allegedly influencing the recent U.S. election.
We suspect that with the media shifting from the past news of the election to the current events of the administration, there will be less reporting of "Russian Hackers" in the public domain, but this remains to be seen. We shall continue to monitor the situation and comment as justified.