Fake LightShot Website goes Typosquatting

Perspectives on Russian hacking

Russia is an endlessly fascinating subject both in and around infosec. Recent years have shifted attention away from pure malware capabilities, to psyops, social engineering, and an endless slew of mind games designed to destabilize and keep nations ever-so-slightly off balance.

Security firms in some countries claim Russia would “win” in a so-called cyber war; elsewhere, whole nations seemingly throw up their hands and admit defeat, while…helpfully?…suggesting potential targets of interest. One hopes those are false flags diverting attention from the juicier strike points, but when even the Russian experts themselves seem to slip up in spectacular fashion, it seems anything is possible.

In fact, the US and UK have just released a joint statement which highlights Russian hacking (state-sponsored attacks) on network infrastructure devices over the last three years. With hack attacks bubbling under the surface, and endless concerns present about everything from referendum tampering to election interference, the subject has never been more prominent.

SCMagazine recently talked to a number of people working in security fields, myself included, on this very subject. While many areas of concern were raised, the main takeaways are as follows:

Bots and social media

The social media landscape has been irrevocably changed, in terms of what a nation state can potentially achieve with a troll/bot farm. “You’re a Russian bot” on Twitter has almost become the de-facto explanation for anyone you might happen to disagree with. Indeed, Russian shenanigans on said platform are so prolific that Twitter had to start sending out “So you dealt with a bot” style messages in January.

How many? Roughly 1.4 million notifications for anyone found to have interacted with the IRA (Internet Research Agency) during the 2016 US election. This includes:

  • People who directly engaged during the election period with the 3,814 IRA-linked accounts were identified, either by retweeting, quoting, replying to, mentioning, or liking those accounts or content created by those accounts
  • People who were actively following one of the identified IRA-linked accounts at the time those accounts were suspended
  • People who opt out of receiving most email updates from Twitter and would not have received our initial notice based on their email settings.

I never received a message myself, so either my Opsec game is on point or I spend too much time tweeting about chocolate.

There is an ongoing investigation into how many Russian bots dabbled in the UK’s EU referendum, also from the same year. Social media is an amazingly powerful platform for disinformation, and more often than not corrections either never take place or gain far fewer eyeballs than the original mistruth.

Who, what, when…you know what, just stop the attack

With the rise of APT attacks (“advanced persistent threats”), there has been huge focus on which nation state is doing what terrible and sneaky thing online. This is the case even when APTs typically turn out to be not very advanced at all—infected spreadsheet or basic phishing email, anyone?

All the same, being able to track down an attack and trace it back to country x is a huge headline grabber. The problem is that in many cases, the best you can do is make an informed guess.

Pin the tail on the nation state donkey was a big deal at one time; the focus is now slowly shifting to something people can actually do something about. Namely, not so much “who did this” but “how did they get in, and how can we stop it happening next time?” There’s no shame in being bested by an actual government with unlimited resources, and it’s definitely time to consider how we can make ourselves as unappealing a target as possible.

Holding you to ransom

Ransomware is one of the mainstays of Russian malware development, with numerous high profile attacks over the last few years. It’s interesting to wonder if the downturn in ransomware fortunes over the past year has had an impact on said development. It’s also interesting to wonder how much Russia may be contributing to the upturn in business-centric spyware recently.

Information may want to be free, but a little data exfiltration never hurt anybody (from a nation state’s perspective doing the exfiltration, at any rate). It’s a double whammy of locked up machines and harvested sensitive documents, and it’s all to play for.

Money makes the computer world go round

Governments around the world are now throwing big bucks at these issues. The UK previously dedicated £1.9 billion over five years to tackling the problem, and recently jumped into the world’s largest “cyber declaration”, a pact between up to 53 nations designed to help shore up defences globally. Expect to see tight bonds forged moving forward.

Whatever your approach, whatever your budget, whatever your defensive tactics, there’s never been a better time to consider if you’re doing all you can to try and dodge a digital attack from the highest level. Meanwhile, whether through organised malware attacks, high level subterfuge, or a relentless wave of social media botting, the digital monolith that is Russia continues to dance to nobody’s tune but its own.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.