Public Affairs Networking
Russia could respond with cyber-warfare if pushed too far

Today David Cameron meets with other European leaders to discuss what action they can take against Russia. They will decide how they can encourage the Russian government to disassociate itself from insurgency in the Ukraine. It is likely they will set out a set of sanctions that will negatively affect the Russian economy. They may also seek to renege on arms agreements, writes Mike Jackson.

If all goes to plan Mr. Putin will see the error of his ways and acquiesce to the demands made by his fellow heads of government. He may decide that his territorial ambitions are subservient to his country’s financial position. He may reason that good relations with other powers carries more weight than a minor victory on his borders. On the other hand he may decide to retaliate.

In the old days retaliation might have involved physical armies and weaponry – invading a country such as Czechoslovakia or Hungary. It might even have involved the threat of nuclear war. In these more modern days, Russia is more likely to consider economic warfare. Many European countries rely on imports from Russia to support their own economies. Germany, for example, is very dependent on Russian gas and oil.

The Russian premier may, however, have another card up his sleeve, one that could potentially be as damaging as a nuclear bomb to Western economies. Everything we do today seems to rely on the use of computers. Our industry would stop if its computers failed; our home lives would be radically altered if all our information technology equipment stopped working. Is such a thing within Mr Putin’s power? There are fears that it is. Many cyber security experts believe eastern European hacker groups are directly funded by Russia and that they have the wherewithal to cause western government computers to crash.

A computer that had been successfully attacked by a hacker group would be completely under its control. In other words, the group could ask the computer to send data to them or they could at will close the computer down. Investigation suggests that a certain group may have been in operation since 2005. Interestingly, the activity of the group seems to have increased as the Ukrainian crisis has deepened.

We tend to think of hackers as being shadowy figures who carry out their activities under the cover of darkness. The analysis of this hacker group shows a completely different pattern of behaviour. They begin work at a regular time in the morning and at around five o’clock in the afternoon they down tools and go home for the night. They have access to powerful computers and software tools. They are clearly well trained intelligent individuals with a sense of purpose. In short, they are more like disciplined employees than random individuals bent on mindless mischief.

If they are employees, then someone must be employing them! Who would do this? The nature of who they are attacking might give us a clue. Hackers with an interest in making money from hacking will target banks and financial institutions. These hackers do not target banks, instead they target defence companies and western European government installations. From this it is possible to conclude that they are involved in espionage of some sort and therefore paid by one government or another.

That conclusion leaves yet another question: “Which government is responsible?” It is almost certainly an eastern European government – given their pattern of activity. To say on this evidence that it must be Russia would be jumping to conclusions, but it does narrow the field.

There is, however, another clue. Criminals have what is known as a modus operandi – a way of working. Hackers are the same; the tools they use and the techniques they employ uniquely identify them. It is as though their activities were leaving fingerprints all over the Internet.

Since the beginning of this year the fingerprint of this group of hackers has been seen with increasing frequency in Ukrainian computer systems. It would appear that the group, which previously confined its interest to western European systems, has developed an additional interest in the Ukraine. Which major power has also become involved in the Ukraine in this current year? The answer is of course, Russia.

A court of law considers arguments that “are beyond reasonable doubt”. In such an arena the foregoing argument might be considered a weak one. In cyber-espionage, where “the balance of probability” holds sway, the argument would be considered seriously. The ability to close down important computer centres in other countries would allow a nation considerable bargaining power in difficult negotiations. A country that was once prepared to use nuclear weapons as a bargaining tool would surely not baulk at the much cheaper option of cyber threats.

We must therefore take seriously the threat that Russia could if it wished arrange for computers that are vital to the operation of western economies to be switched off overnight. Whether Russia would choose to do this or not is not known but it must surely be on the minds of western leaders as they deliberate on sanctions.

Professor Mike Jackson is Director of Academic Quality and Enhancement at Birmingham City University in the UK

July 25 2014: This article has been edited as a result of the following statement by the author:

In an article which I wrote … I made the following statement:
“In March this year BAE Systems (a major UK defence supplier) reported that they had been attacked by an Eastern European hacker group.”
This was incorrect and I would wish to retract it. There is no evidence that BAE Systems have been attacked by this group.
BAE had released an analysis of the activities of the group and I misinterpreted this.
I apologise wholeheartedly to BAE for misrepresenting them in this way.
Comments
No comments yet
Submit a comment

Policy and networking for the digital age
Policy Review TV Neil Stewart Associates
© Policy Review | Policy and networking for the digital age 2017 | Log-in | Proudly powered by WordPress
Policy Review EU is part of the NSA & Policy Review Publishing Network