Hacking Russia was off-limits. The Ukraine war made it a free-for-all.
Experts anticipated a Moscow-led cyber-assault; instead, unprecedented attacks by hacktivists and criminals have wreaked havoc in Russia
By Joseph Menn
May 1, 2022 at 6:00 a.m. EDT
For more than a decade, U.S. cybersecurity experts have warned about Russian hacking that increasingly uses the labor power of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.
Prolific ransomware groups in the last year and a half have shut down pandemic-battered hospitals, the key fuel conduit Colonial Pipeline and schools; published sensitive documents from corporate victims; and, in one case, pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine.
Yet the third month of war finds Russia, not the United States, struggling under an unprecedented hacking wave that entwines government activity, political voluntarism and criminal action.
Digital assailants have plundered the country’s personal financial data, defaced websites and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open Web in March than information from any other country.
The published documents include a cache from a regional office of media regulator Roskomnadzor that revealed the topics its analysts were most concerned about on social media — including antimilitarism and drug legalization — and that it was filing reports to the FSB federal intelligence service, which has been arresting some who complain about government policies.
A separate hoard from VGTRK, or All-Russia State Television and Radio Broadcasting Co., exposed 20 years of emails from the state-owned media chain and is “a big one” in expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work on dangerous hacking circles.
The broadcasting cache and some of the other notable spoils were obtained by a small hacktivist group formed as the war began looking inevitable, called Network Battalion 65.
But perhaps the most important victim of the wave of attacks has been the myth of Russian cyber-superiority, which for decades helped scare hackers in other countries — as well as criminals within its borders — away from targeting a nation with such a formidable operation.
“The sense that Russia is off-limits has somewhat expired, and hacktivism is one of the most accessible forms of striking at an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets, which validated and published the regulator and broadcast troves, among others.
While many of the hackers want to inform the public about Russia’s role in areas including propaganda and energy production, Best said a secondary motivation post-invasion is “the symbolic ‘pantsing’” of Putin and some of the oligarchs.
“He’s cultivated a strongman image for decades, yet not only is he unable to stop the cyberattacks and leaks hitting his government and key industries, he’s the one causing it to happen.”
The volunteer hackers have gotten a first-of-its-kind boost from the government of Ukraine, which endorsed the efforts and has suggested targetsthrough its IT Army channel on Telegram. Ukraine government hackers are assumed to be acting directly against other Russian targets, and officials have distributed hacked data including the names of troops and hundreds of FSB agents.
Ordinary criminals with no ideological stake in the conflict have also gotten in on the act, taking advantage of preoccupied security teams to grab money as the aura of invincibility falls, researchers said.
Read the rest: