The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Cyber conflict in Ukraine is growing more complex by the day

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Placeholder while article actions load

Welcome to The Cybersecurity 202! Did you hear the one about the cybersecurity newsletter that collected cyber jokes for its April Fools’ edition? Yep, it’s us. Share your best cyber jokes with us on Twitter here or email them to Aaron at aaron.schaffer@washpost.com.

Below: A mandate for critical infrastructure firms to report to CISA when they’re hacked is finally law, and Germany is warning companies against Russia-based Kaspersky anti-virus. 

An array of hackers are involved in the Russia-Ukraine war

As Russia’s war in Ukraine settles into its third week, a clearer picture is emerging of the cyber conflict there. 

The big takeaway: That conflict has turned out to be immensely complex even as the hacks associated with it are less consequential or damaging than many cyber watchers predicted.

To start with: The number of players has turned out to be far broader than just hackers employed by the Russian and Ukrainian governments.

IT Army

An IT army of volunteers from inside and outside Ukraine has been targeting Russia with a mix of offensive hacks and information operations aimed at cracking through Russian censorship with news about the bloody conflict. 

A top Ukrainian cyber official, Victor Zhora, distanced the government from the group’s offensive hacks during a call with reporters — even as he praised much of its work. 

“Volunteers continue their operations, and we believe that some of these operations can be offensive and directed to military infrastructures of Russia,” he said. “But … it’s their own initiative, so this activity isn’t coordinated by the government, and we continue focusing on protecting of Ukrainian infrastructure.”

  • The Ukrainian government has also begun hiring some private sector Ukrainian cybersecurity specialists into its ranks to help protect critical industry sectors against hacking, Zhora said.
  • Cyber officials from allied nations have also offered remote assistance to help protect Ukrainian digital assets and investigate the origin of some cyberattacks hitting Ukrainian organizations, he said.

China may be in the mix, too. A Twitter handle known for exposing Beijing’s hacking operations claimed Chinese hackers have conducted operations in Ukraine — but stopped short of definitely linking the hackers to the Chinese government. 

Here’s more from Johns Hopkins University cyber policy professor Thomas Rid:

It’s not clear, however, if China is assisting Russia or merely gathering intelligence for its own purposes. 

More from Mandiant’s John Hultquist:

News access

U.S. officials, meanwhile, are walking a tightrope, trying to ensure efforts to punish Russia in the tech sphere don’t backfire and make Russian citizens more vulnerable to hacking and Kremlin propaganda.

They’re pushing back against calls from Ukrainian officials and expatriates for Apple, Google and the cybersecurity company Cloudflare to withdraw from Russia, Joseph Menn reports

The big concern: Without access to Apple and Google app stores, ordinary Russians might lose all access to independent news. And the remaining independent Russian news sites might get booted offline without Cloudflare helping protect them from digital attacks. 

“It is critical to maintain the flow of information to the people of Russia to the fullest extent possible,” a State Department spokesperson told Joseph. 

Russian hacks

More information is also trickling in about Russian hacks against Ukraine.

The National Security Agency is helping Ukrainian officials investigate whether the Kremlin was responsible for a hack that disrupted satellite Internet from the company Viasat and restricted communications during Russia’s invasion, Reuters reports.

Ukrainian officials aren’t sharing a technical answer to that question yet, Zhora said, but he noted the operation matches Russian priorities. 

“I believe that’s one of their goals is to destroy providers’ infrastructure and to prevent the Ukrainian armed force to actually communicate with each other,” he said. 

Also yesterday: Ukrainian authorities detained someone they called a “hacker” who was allegedly helping the Russian military send instructions to troops in Ukraine via mobile phone networks and sending text messages to Ukrainian officials urging them to surrender. 

Here’s more from CNN’s Sean Lyngaas. 

Zhora also shared his assessment as to why Russian hacking against Ukraine hasn’t been worse during the weeks since the invasion — a question that’s led to a wave of speculation. 

Here are the top three reasons, per Zhora:

  1. Russian hackers aren’t nimble enough to identify and compromise the most important Ukrainian government and industry targets during fast-moving military operations.
  2. Stealthy cyberattacks aren’t that useful in comparison to the damage Russian troops are causing with bombs and missiles.
  3. Russian cyber operators are too busy protecting their own digital infrastructure.

The keys

It’s official: Critical industries will be required to report major hacks

President Biden signed into law yesterday the most expansive cybersecurity requirements that the U.S. government has ever placed on the private sector. They require critical industry sectors, such as energy, finance and transportation, to report to the Cybersecurity and Infrastructure Security Agency (CISA) within three days of being hacked. A broader set of companies must report paying ransoms to hackers. 

The bill’s top Senate backers cited cyberthreats from Russia in statements marking Biden’s signature:

  • “In the face of significant cybersecurity threats to our country — including potential retaliatory cyberattacks from Russia for our support in Ukraine — we must ensure our nation is prepared to defend our most essential networks,” Homeland Security Committee Chairman Gary Peters (D-Mich.) said. 
  • “As our nation rightly supports Ukraine during Russia’s illegal unjustifiable assault, I am concerned the threat of Russian cyber and ransomware attacks against U.S. critical infrastructure will increase,” the committee’s top Republican, Sen. Rob Portman (Ohio), said. “The federal government must be able to quickly coordinate a response and hold these bad actors accountable.”

The requirements were part of a $1.5 trillion spending package that Biden signed into law. 

The provision faced opposition not in Congress — where it ultimately passed with overwhelming support — but at the Justice Department and FBI, which argued that the requirements iced out law enforcement, made their job more difficult and — in the words of Deputy Attorney General Lisa Monaco — “makes us less safe.” However, the White House endorsed the proposal.

Days after the law enforcement criticism spilled into public view, CISA Director Jen Easterly pledged to “immediately” share new incident reports with the FBI:

Still in the works: Peters and Portman are still working to pass two major cyber provisions that were earlier paired with the cyber incident reporting measure. 

  • A bill to update the government's decades old cybersecurity rules for federal agency information security
  • A bill to update government cloud computing security rules 

Germany encourages alternatives to Kaspersky anti-virus software

The country’s Federal Office for Information Security warned that Russian IT companies including Kaspersky can be forced to spy on — or even hack — their own customers, Motherboard’s Joseph Cox reports. Critical sectors, government agencies and the manufacturing sector are particularly vulnerable, it said.

Kaspersky disputed the allegations, saying it believes they were made on political and not technical grounds. The company sent a letter to German lawmakers, calling the warning unjustified and complaining that the company didn’t get enough of a heads-up before German authorities issued the warning, German broadcaster BR’s Hakan Tanriverdi reported.

Kaspersky has long faced scrutiny over its Russian ties. The U.S. intelligence community has for years argued that its software could operate as a spying tool for the Kremlin. The U.S. government ordered civilian agencies to remove the company’s anti-virus software in 2017.

One piece of potential evidence: Russian hackers were able to see an NSA employee’s files after he brought them home to a computer that was running Kaspersky software, The Post reported in 2017. Kaspersky has pushed back, saying its anti-virus software “performed as expected” in the case and sent the malware for analysis. The company “immediately deleted the archive by order of the CEO,” it said.

Kaspersky founder Eugene Kaspersky has towed a middle line in Russia’s invasion of Ukraine, tweeting that he welcomed negotiations between Ukraine and Russia amid the “current situation” and hoped they would lead to a “compromise.” That statement angered some cybersecurity experts who thought it capitulated to Russia. 

Biden’s cyber-focused Federal Reserve nominee withdrew from consideration

Sarah Bloom Raskin withdrew her nomination after Sen. Joe Manchin III (D- W.Va.), a key Democratic vote, opposed her on energy issues, Rachel Siegel reports. The New Yorker first reported that Raskin had withdrawn from consideration to be the Fed’s vice chair for supervision.

Raskin worked as a deputy secretary of the Treasury Department during the Biden administration, where she led an effort to standardize financial cybersecurity approaches among G-7 nations. 

Senate Banking Committee Chairman Sherrod Brown (D-Ohio) cited Raskin’s cybersecurity chops in a statement saying that she was subjected to a “smear campaign”:

  • “Sadly, the American people will be denied a thoughtful, experienced public servant who was ready to fight inflation, stand up to Wall Street and corporate special interests, and protect our economy from foreign cyberattacks and climate change,” Brown said.

Biden praised Bloom Raskin’s cybersecurity expertise in a statement and said she “was subject to baseless attacks from industry and conservative interest groups.” 

Chat room

Some pedestrian signs in Virginia appear to be on the fritz. Our colleague, Tony Romm:

Cyber insecurity

CISA and the FBI are alerting about a major digital bug being exploited by Russian hackers. CISA Director Jen Easterly

Brown University email system hacked (WPRI)

The Lapsus$ hacking group is off to a chaotic start (WIRED)

Global cyberspace

Newspaper in NSO storm: Deputy AG who probed claims of police spying failed at task (Times of Israel)

Bombs and hackers are battering Ukraine’s Internet providers. ‘Hidden heroes’ risk their lives to keep their country online (Thomas Brewster)

Securing the ballot

Georgia poised to join Florida with Republican-backed law to police elections (Reuters)

Daybook

  • Cyberspace Solarium Commission executive director Mark Montgomery speaks at an American Enterprise Institute event on gray-zone warfare that begins today at 9:30 a.m.
  • The Atlantic Council hosts an event on China’s role in setting technology standards today at noon. 
  • The Senate Banking Committee holds a hearing on the use of cryptocurrencies in illicit finance on Thursday at 10 a.m.
  • National Institute of Standards and Technology acting director James K. Olthoff testifies at a House Science Committee hearing on technical standards on Thursday at 10 a.m.

Secure log off

Thanks for reading. See you tomorrow.

Loading...