Russian President Vladimir Putin attends a state awards ceremony at the Kremlin in Moscow, on March 10, 2016. AFP PHOTO / POOL / PAVEL GOLOVKIN / AFP / POOL / PAVEL GOLOVKIN (Photo credit should read PAVEL GOLOVKIN/AFP/Getty Images)
Online presence: Russian President Vladimir Putin © AFP

The alleged Russian hacking of President Emmanuel Macron’s En Marche party on the final day of the French election campaign this month was perhaps no big surprise. To many who suspect Russia of trying to destabilise western democracy, the attack was a logical follow-on from its supposed interference in last year’s US presidential election.

This and other attacks on US and European targets have, in western eyes, made Russia the most feared state-sponsored cyber attacker

China, with its focus on corporate espionage, was previously considered the most serious threat but it has scaled back its operations, experts say. 

Russia has now taken this mantle in both the corporate and political arenas. Daniel Coats, the US’s director of National Intelligence, is clear about the threat the country poses. “Moscow has a highly advanced offensive cyber programme, and in recent years the Kremlin has assumed a more aggressive cyber posture,” he told the Senate Select Committee on Intelligence this month.

Mr Coats added: “This aggressiveness was evident in Russia’s efforts to influence the 2016 US election, and we assess that only Russia’s senior-most officials could have authorised the 2016 US election-focused data thefts and disclosures, based on the scope and sensitivity of the targets.”

James Lewis, senior vice-president at the Center for Strategic and International Studies, a Washington DC-based think-tank, says the Russians “probably feel that for the amount of turmoil they created in the US presidential campaign, what they did was something of a success”. 

GOLDEN, CO - NOVEMBER 08: Kerry Hinton, 43, of Lakewood, Colorado fills out her ballot at the Jefferson County Fairgrounds on November 8, 2016 in Golden, Colorado. Voters go to the polls today to choose between Democrat HIllary Clinton and Republican Donald Trump for president. (Photo by Marc Piscotty/Getty Images)
Sphere of influence: 'Aggressiveness was evident in Russia’s efforts to influence the 2016 US election' © Getty

He adds: “We now have to watch how they will go after European politics and elections. Two things make me think it’s a threat. First, it’s been Russian doctrine for years. Second, Putin himself appears deeply committed to destabilising western democracy.”

The EU is updating its cyber defences in response. Sir Julian King, the European commissioner for the Security Union, which aims to strengthen the common fight against terrorism and organised crime among EU member states, says: “I do not wish to comment on specific allegations of Russian state-sponsored cyber attacks on European governments and companies, because the threats originate from all over the world, from all kinds of organisations and people — unfriendly states, criminal gangs, terrorists and disaffected individual hackers.

“That’s why the EU is reviewing its cyber security strategy, which dates from 2013. In digital terms that’s the Middle Ages.”

Mary McCord, the former acting assistant attorney-general for national security at the US Department of Justice (DoJ), who spoke to the FT just before she stepped down from her position in May and before the head of the FBI, James Comey, was fired by US President Donald Trump, said: “The Russian cyber activities directed against the US, including last year’s theft of email messages from political organisations in an effort to interfere with the US election, are a serious threat and deserve a serious set of responses.”

Ms McCord added: “One of those responses has been a detailed and thorough investigation, which the FBI has previously announced is ongoing.”

Mr Comey’s sudden dismissal initially seemed to have thrown the future of the investigation into doubt. The inquiry was also probing whether Mr Trump or anyone in his campaign team colluded with the Russians to hack into the emails of his Democratic rival Hillary Clinton during the 2016 presidential election campaign. However, a few days after Mr Comey’s sacking, Andrew McCabe, the FBI’s acting director, insisted the agency’s Russia probe would not be knocked off course.

(FILES) This file photo taken on May 3, 2017 shows FBI Director James Comey sworn in prior to testifying before the Senate Judiciary Committee on Capitol Hill in Washington, DC. US President Donald Trump asked former FBI director Comey to drop an investigation of his national security advisor Michael Flynn, the New York Times reported on May 16, 2017. In an explosive new report that was immediately denied by the Trump administration, the Times said Comey met the president in the White House on February 14, later summing up their discussion of Flynn in a memo. / AFP PHOTO / JIM WATSONJIM WATSON/AFP/Getty Images
Fired: former FBI Director James Comey © AFP

Ms McCord also pointed to firm evidence that Russian agents had already been actively targeting US interests. The DoJ and the FBI announced in March that four people — including two officers of the FSB (the Russian Federal Security Service) — had been indicted for hacking into Yahoo’s network and stealing information from more than 500m webmail accounts.

She said: “I would also refer you to the recent Yahoo indictment which shows that FSB officers were involved, and, in some instances, even protected, directed, facilitated and paid criminal hackers to conduct computer hacking.”

The threat from China is receding, Ms McCord added. “We have deployed a combination of US government actions to change China’s behaviour and win a historic commitment from President Xi that China will not conduct or support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

Britain’s Defence Secretary Sir Michael Fallon warned in a recent speech about Russia’s “use of cyber weaponry to disrupt critical infrastructure and disable democratic machinery” in the west and to “weaken” Nato.

Sorin Ducaru, assistant secretary-general for emerging security challenges at Nato, the western military alliance, says that “states and non-state actors are increasingly using cyber attacks to achieve a wide range of tactical or strategic objectives”. Of Russia’s involvement, he says: “I would draw attention to recent public reports regarding cyber attacks against critical infrastructure, such as the case in 2015 in Ukraine, and against government computer systems, such as the German Bundestag in 2015/2016.” 

John Hultquist, cyber security analysis manager with cyber security company FireEye, says countless attacks can be traced back to Russia. “The groups known as APT 28 and APT 29 have conducted espionage activity that has primarily targeted entities in the US, Europe and the countries of the former Soviet Union,” he says.

“After APT 28 has compromised a victim organisation and stolen internal data, the data are leaked to promote political narratives aligned with Russian interests, often using a false ‘hacktivist’ persona.”

More than 89 per cent of the malware samples attributed to APT 28 by Mr Hultquist’s team were compiled during the hours of the Moscow and St Petersburg working day. Early versions of APT 28’s signature Gamefish malware contained Russian language artefacts, he adds.

The Financial Times asked the Russian Ministry of Foreign Affairs to comment on the many allegations of Russian government complicity in cyber attacks against the west, but it declined.

Although the threat from Russia seems to be increasing, the good news for western businesses and governments is that Chinese-linked cyber attacks seem to be decreasing, although they have not gone away completely.

Mr Hultquist says that from late 2015 to 2017, his company observed China-based groups compromising commercial corporations’ networks in the US, Europe and Japan. “Additionally, Chinese operators have targeted government, military and commercial entities in the countries surrounding China.”

Wieland Alge, general manager for Emea at security provider Barracuda Networks, agrees that hacking by Chinese state groups has “massively” reduced. “Ten years ago China did not have much to lose so they took a lot of risks stealing intellectual property and engaging in corporate espionage,” he says. “Now its economy is more developed, so they have something to lose if they continue antagonising the west.”

Get alerts on US Department of Justice when a new story is published

Copyright The Financial Times Limited 2021. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section