The Complex

It’s Not Beijing’s Hackers You Should Be Worried About, It’s Moscow’s

When U.S. officials warn of the threat foreign cyber spies pose to American companies and government agencies, they usually focus on China, which has long been home to the world's most relentless and aggressive hackers. But new information shows that Russian and Eastern European hackers, who have historically focused their energies on crime and fraud, now account for a large and growing percentage of all cyber espionage, most of which is directed at the United States.

Individuals and groups in eastern Europe, and particularly in Russia and Russian-speaking countries, are responsible for a fifth of all cyber spying incidents in the world, according to a global study of data breaches conducted by Verizon, published on Tuesday. The spies are targeting a range of companies as varied as the global economy itself, and are stealing manufacturing designs, proprietary technology, and confidential business plans. The cyber spies steal information on behalf of their governments in order to manufacture cheaper versions of technologies or weapons systems, or to give their home country's corporations a leg up on their foreign competitors.

The report is based on information provided by computer security companies as well as the U.S. Secret Service and the Department of Homeland Security. Last year, it attributed nearly all incidences of cyber espionage -- 96 percent -- to sources in China. Russia and Eastern Europe didn't even rank in the findings. The United States is by far the biggest victim of cyber espionage, accounting for 54 percent of spying incidences, the report found.

The report's authors say the increase in spying attributed to Russia and Eastern Europe this year is partly the result of new sources of information that reveal more than was previously known about the long reach and sophistication of hackers in those countries. It's difficult to know precisely how much cyber espionage by Russia had gone undetected in the past -- Russian hackers have gone to great lengths to cover their tracks, unlike their counterparts in China, who have generally been easier to detect, said Alan Paller, the a cyber security expert at the SANS Institute.

But that Russian spying is on the rise seems clear, experts said. Spies in East Asian countries, primarily China and North Korea, were still the most active globally, accounting for 49 percent of all cyber espionage incidents, according to the Verizon report. But that data could be skewed by the fact that more cyber espionage campaigns were attributed to Chinese sources -- there could be other Russian campaigns that haven't yet been detected.

That may come as unsettling news for Obama administration officials, who have been watching warily as Russian forces in Ukraine have incorporated cyber spying and warfare alongside conventional military strikes in their swift takeover of Crimea and what looks like an increasingly likely invasion of eastern Ukraine. The report offers new and compelling evidence that Russia is just as interested as the long-time spymaster China in using cyberspace to steal secrets from governments and corporations. And viewed alongside Russia's successful cyber operations in Ukraine in the past few months, it suggests that Moscow is aggressively ramping up its efforts to dominate cyberspace both for spying and military purposes.

"Intelligence services, as well as cyber criminals, operating in Russia have an interest in collecting information on our government, industry, and economy," said White House spokesperson Laura Lucas Magnuson. "These threats are not going away. We are addressing them by improving our network defenses, sharing information on known vulnerabilities with the private sector, and implementing the president's executive order on improving cybersecurity for U.S. critical infrastructure."

The Russian forces in Ukraine have integrated cyber operations and conventional military tactics in seamless fashion, current and former U.S. officials and experts say. As soon as Russian forces moved into Crimea, they took over the state-owned telecommunications provider and jammed cell phone signals and severed Internet connections between the peninsula and the rest of the country. Customers across the region lost phone and Internet service, effectively shutting them off from the outside world. Two Ukraine government Web sites also went offline, presumably the targets of Russian hackers trying to stifle the flow of official information out of Kiev.

The Russian military then began a series of conventional and cyber operations against Ukraine's military. As commando troops took up positions in Crimea and seized official buildings, Russian naval vessels that carry radio and cell phone jamming equipment were spotted in the port of Sevastopol. Eventually, the Russians cut off Ukrainian forces in Crimea from their command and control systems, NATO commander Gen. Philip M. Breedlove told the New York Times. It was textbook operation that combined centuries old combat tactics with cyber-age assaults.

U.S. intelligence agencies were largely caught off guard by the Russian invasion. The occupying forces limited their use of radios and cell phones and went mostly undetected by the United States' surveillance networks, current and former officials said, an indication of the Russians' technological savvy.

"It looks like the Russians learned from Osama bin Laden and used couriers," Joel Harding, a former military intelligence officer who worked for the Army's intelligence command and has experience in surveillance operations, said in a recent interview. "They held access to those with a need to know and exercised strict discipline in communications security. That is the best professionalism I've seen from them ever."

The Russian success is especially stinging for the U.S. because these types of blended attacks -- cyber strikes launched alongside military operations -- are what U.S. military and intelligence officials have for years said will be the hallmarks of America's future way of fighting a war. Indeed, the US military is spending billions of dollars to integrate cyber warfare into military combat and intends to train a force of 6,000 cyber warriors by the end of 2015, Defense Secretary Chuck Hagel has said.

Also worrying for U.S. officials is the extent to which criminal hackers in Eastern Europe are forging alliances with the Russian government, effectively acting as cyber mercenaries. "I do think there are probably groups in Eastern Europe that not only dally in financially motivated crime, but also espionage," said Chris Porter, a co-author of the Verizon report. How much that's actually happening is hard to ascertain, because there's limited objective data on the matter, Porter said. But what is certain is that the U.S. doesn't hire criminal hackers to attack foreign governments on its behalf. That puts the U.S. at a disadvantage if other countries are willing to employ more aggressive tactics and hire skilled criminals to do their bidding.

The Verizon report found that cyber spying is on the rise around the world, not just in Russia and Eastern Europe. The number of spying incidents in the new report was three times last year's, which can partly be attributed to having more and better sources of information. But even accounting for those new datasets, the number of espionage cases grew since last year, the report's authors conclude.

Russian and Eastern European hackers appear to be interested in stealing the same kinds of information as their Chinese counterparts and are targeting generally the same industries, the report found. Classified military and intelligence information held in government computers tops the spies' list of targets. Hackers are also trying to infiltrate utility companies, mining companies, and law firms.

The Verizon report doesn't specify what types of information the hackers have stolen from those companies. But separately, security experts have documented an increase in espionage campaigns in the past few years targeting information about how U.S. oil and natural gas pipelines are designed and controlled, as well as where American companies are looking for new sources of fuel. The hackers have also infiltrated law firms to gain insights into where American companies are attempting to gain rights to drill for oil and mine precious minerals. Given that Russia's economy is largely dependent on energy, that kind of information would be of extraordinary value to the Russian government and energy companies.

Spies in East Asian countries, primarily China and North Korea, were still the most active globally, accounting for 49 percent of all cyber espionage incidents. But that data could be skewed by the fact that more cyber espionage campaigns were attributed to Chinese sources -- there could be other Russian campaigns that haven't yet been detected.

The vast majority of espionage -- 87 percent -- was attributed to "state-affiliated" groups, the report found. That could mean hackers working directly for a government or with its clandestine support, but still largely taking their marching orders from state officials.

Patrick Lux / Getty Images News

The Complex

In Break with Tradition, New British Surveillance Chief is an Intel Outsider

The United Kingdom's global surveillance agency is getting a new leader. But in a move widely seen as an attempt to bring the organization to heel following months of embarrassing leaks about its operations, the new director is a political operative who is more James Carville than James Bond.

Robert Hannigan, a career diplomat and former adviser to two prime ministers, was appointed director of the Government Communications Headquarters, the equivalent of the National Security Agency, earlier this week. Historically, all but two GCHQ directors have either climbed up the career ladder of the agency or had significant experience in signals intelligence. The most recent director, Iain Lobban, joined the agency in 1983. Hannigan, by contrast, is a political operative who has served as a government spokesman and was closely involved in the Northern Ireland peace process and other high-profile diplomatic negotiations.

While Hannigan has experience managing national security issues, it has been largely as a counselor to elected officials. When Gordon Brown was elected prime minister in 2007, he made Hannigan his adviser on intelligence and security at No. 10 Downing Street. Hannigan is currently the director general for defense and intelligence at the Foreign Office, the equivalent of the U.S State Department.

In the days leading up to Hannigan's appointment, speculation had focused on three candidates, including him, all of whom came from outside the agency and were close to Whitehall. Analysts said appointing any of them would be a signal that the British government wanted to bring the spy agency more tightly under the control of country's political leadership. "The perception is that Westminster is keen to take charge," Charlie Edwards, director of national security studies at the Royal United Services Institute, told the Financial Times earlier this month.

Like the NSA, the GCHQ has come under intense scrutiny and criticism for intelligence operations exposed by the former contractor NSA Edward Snowden. Many of the documents that Snowden leaked to journalists detail controversial British surveillance operations, including a program to collect webcam images from unsuspecting computer users and a plan to try and discredit Wikileaks and monitor people who visited the site. Some intelligence programs were done in conjunction with the NSA, with which the GCHQ has a long-standing and close relationship.

"This no doubt reflects that changed climate and a desire both to make sure that the agency doesn't do things just because it can, and the interest in representing what it does better, and more diplomatically," said Gregory Treverton, a former senior U.S. intelligence official who now works as a senior policy analyst with the RAND Corp.

The UK is a party to the so-called "five eyes" agreement, in which Britain, the U.S., Canada, Australia, and New Zealand share information and cooperate on operations. That relationship was strained after Snowden revealed the NSA was eavesdropping on the communications of foreign leaders whose countries weren't part of the spying pact, most notably German Chancellor Angela Merkel.

More broadly, the Snowden documents underscored the GCHQ's long-standing and close relationship with the NSA. And although Hannigan's appointment is being seen as a reaction to the overreach of GCHQ, he isn't likely to upset that special relationship between the two allies.

"He's very thoughtful and understands the American connection," said former NSA Deputy Director Chris Inglis, referring to decades-long relationship between the two countries. Inglis said Hannigan's appointment also reflects the British government's desire to have a closer handle on cyber security issues. GCHQ plays a leading role in computer network defense and warfare for the UK.

Foreign Secretary William Hague said in a statement that Hannigan "brings to the job a wealth of relevant experience in the fields of national security, counter-terrorism and international relations."

Hannigan's appointment means that both GCHQ and the UK's foreign intelligence service, MI-6, the equivalent of the American CIA, will both be headed by outsiders. Historically, MI-6 had also been led by career intelligence officers. But the appointment in 2009 of John Sawers as the Chief of the Secret Intelligence Service, as the agency is formally known, broke with a more than 40-year tradition. Sawers, like Hannigan, spent most of his career in diplomatic service.

The British set-up stands in stark contrast to the United States, where the CIA and the NSA are both headed by long-time intelligence officers who spent their careers in their respective disciplines. CIA Director John Brennan spent most of his early career in the agency's operations directorate, serving as the station chief in Riyadh and eventually rising to a senior post at Langley. He left government in 2005 but returned four years later as President Obama's counterterrorism and homeland security adviser and was confirmed as CIA director last year.

The new head of the NSA, Adm. Mike Rogers, spent his career in signals intelligence and cryptography, the agency's core disciplines. He was also most recently the head of cyber warfare and defense for the Navy, experience that will come in handy as Rogers is also now the commander of U.S. Cyber Command, responsible for all military cyber security operations.

Ministry of Defense