PUTIN’S CYBERWAR According to Richard Burr, Chairman of the US Senate Intelligence Committee, it is unclear whether the current Russia–West standoff over Ukraine has led to a demonstrable rise in Russian cyberattacks against the West precisely because the number of such attacks is already so high. Ian West, head of cyber security at NATO’s Communications and Information Agency, has estimated that, each week, NATO deals with around 200 million suspicious cyber events, of which between 12 250 and 300 are cyberattacks – although he did not specify from where the attacks came. 4.1 Nation-states In August 2008, Russia went to war with Georgia over the breakaway territories of Abkhazia and South Ossetia. After Russia quickly defeated Georgia’s army and as its tanks advanced deep into Georgia, another force was mobilising. Alongside the Russian invasion of its territory, Georgia was subjected to a series of cyberattacks. Several pro-Russian websites made available software and instructions that allowed anybody who downloaded them to contribute to DDoS attacks. One 13 website, called StopGeorgia, even provided a list of target websites. The damage done by such open-source cyberwarfare was significant: several government websites were compromised, leading the government to hosting its sites in the US, while Georgia’s Ministry of Foreign Affairs was forced to move to a BlogSpot account, in order to disseminate real-time information. Weeks before Russia’s invasion, in what may have been a dress rehearsal for the cyberwar once the shooting had started, a number of websites in Georgia – including that of President Mikheil 14 Saakashvili – suffered from pro-Russian cyberattacks. Two months before Russia’s war with Georgia, Lithuania was hit by a cyberattack. In June, Lithuanian lawmakers voted to ban the public display of Nazi German and Soviet symbols. Some 300 websites, including those of public institutions such as the National Ethics Body and the Securities and Exchange Commission, as well as a series of private companies, found themselves under cyberattack. The content on their websites was replaced with images of the Soviet flag 15 alongside anti-Lithuanian slogans. There is no conclusive evidence that the attacks against Georgia or Lithuania were executed or sanctioned by the Russian government – though there is no evidence that it tried to stop them, either. Analysts who have researched the attacks suggest that they were the work of a St. Petersburg- 16 based criminal gang known as the Russian Business Network, or RBN. A year earlier, in April 2007, Estonia had provoked the Kremlin with its decision to move a Soviet war memorial out of the centre of the capital, Tallinn. After an anti-Estonian campaign in Russia’s domestic and international press, a series of DDoS attacks was launched on the websites of the Estonian government, parliament, ministries, broadcasters, and newspapers. The servers of the country’s banks were hacked, forcing them to close down all but essential operations and move to 12 Borger, J. ‘“Trident is old technology”: the brave new world of cyber warfare’, The Guardian, 16 January 2016, available at: https://www.theguardian.com/technology/2016/jan/16/trident-old-technology-brave-new-world-cyber-warfare, last visited: 6 May 2016. 13 ‘Marching off to cyberwar’, The Economist, 4 December 2008, available at: http://www.economist.com/node/12673385, last visited: 6 May 2016. 14 Markoff, J. ‘Before the Gunfire, Cyberattacks’, The New York Times, 12 August 2008, available at: http://www.nytimes.com/2008/08/13/technology/13cyber.html?_r=0, last visited: 6 May 2016. 15 Adomaitis, N. ‘Lithuanian tax office website hit by cyber attack’, Reuters, 21 July 2008, available at: http://www.reuters.com/article/lithuania-web-attacks- idUSMAR14153920080721, last visited: 6 May 2016. 16 On RBN, see Warren, P. ‘Hunt for Russia’s web criminals’, The Guardian, 15 November 2007, available at: https://www.theguardian.com/technology/2007/nov/15/news.crime, last visited: 6 May 2016. 5
Putin's Cyberwar Page 7 Page 9