Will the Russian Indictment affect the future of Cybersecurity?
In recent news, Special Counsel Robert Mueller has published an Indictment, charging 13 Russians and 3 companies with a conspiracy to meddle in the 2016 US Presidential Election. The indictment details the full effect of the Cybersecurity attack committed by Russia on the US Government in relation to the 2016 US Election. However, their cyberwarfare technique was a sophisticated attack spanning many years, dating back to the “Columbian Chemicals Hoax” of 2014, and possibly even before then.
After tracking and analysing Russia’s system of Cyberwarfare, we now understand that the process must be divided into the following two categories: Information-Technical and Information-Psychological. However, Will this information help businesses and governments in regards to future Cybersecurity threats or will Hackers be able to expand their ever growing knowledge to threaten the world’s leading governments?
What techniques did Russia use when meddling in the 2016 US election?
With a budget of $1.25 million a month, spent over several years, equating to tens of millions of Dollars, Russia and the IRA (Known as the Internet Research Agency) managed to build a sophisticated system of Cyberwarfare used to influence American opinion by relying on real public anxiety in order to create fearmongering.
Although in a simpler sense, Russia’s process can be categorised as Information-Technical and Information-Psychological, these categories cover a vast variety of Cyberattack techniques which we will need to delve further into in order to grasp a full understanding of what we’re dealing with in terms of the future of Cybersecurity.
Firstly, let’s begin by discussing the Information-Psychological side of things. What this relates to is the Propaganda and Disinformation used in an attempt to not only change peoples Behaviours and or Beliefs, but to also harden the opinions of Radical groups.
Information-Psychological covers an almighty of sins including the following:
- Propaganda and Disinformation
- Coercive messaging and psychological operations
- Information operations and Information warfare
- Persecution of Cyber-Dissidents
Russia and the IRA had an alleged 80 members of Full-time employees dedicated solely to saturating social media channels such as Facebook and Twitter with Propaganda and Disinformation, otherwise known as “Fake News”, by creating politically active, fake personas, using identity theft. A key goal of this campaign was to mainstream an idea using consistent exposure over a long period of time in order to impact a person’s cognitive thinking.
The way in which they saturate social media feeds was to create websites, blogs, and social media accounts that seemed patriotic, but would eventually begin to add coercive messaging, usually targeting well-known political figures such as Barack Obama and Hilary Clinton in order to encourage radical groups, and discourage other groups to not vote.
Tracking the size of the online US audience, they received and maintained metric reports on group pages and individualised posts – monitoring engagement metrics such as Likes, Reposts and Comments. With this information, they would then refine their messages to make them more effective.
Secondly, if we look at the Information-Technical Cyberattacks, we know that this is related to the following issues:
- Cyber-security issues
- Service and Hacker Attacks, including the hacking of elections systems
- Internet surveillance
- The hacking and leaking of illegally obtained information
With the establishment of Servers and Virtual Private Networks set up in the US to mask and encrypt the traffic as it travelled between the user and the website, Russia was able to use US-based email accounts to back their online identities. These fake personas were also linked to Identity theft, with a number of stolen US Identity documents such as social security numbers and drivers licenses used to launder payments through PayPal and Cryptocurrency accounts.
One of the named defendants, charged with a conspiracy to meddle is a Sergey Pavlovich Polozov, who managed the IT department; overseeing the setup of illicit US servers with Virtual Private Networks in order to funnel their Internet Traffic anonymously. Adrian Chen discovers this in his 2015 article detailing his surveillance of the Internet Research Agency. The first thing IRA employees did when arriving at work was to switch on an Internet Proxy Service in order to hide their I.P addresses from the areas they posted. This technique is the first choice for any hacker when creating a cyberattack as even the F.B.I had tried to trace locations and telephone numbers with no luck.
Forbes Russia also reported that a system called Prism was installed into their custom-designed computer terminal, which “actively tracks the social media activities that result in increased social tension, disorderly conduct, protest sentiments and extremism”. This is the same internet surveillance software that the US government began using as a surveillance technique after the September 9/11 attacks.
The last information-technical technique used by the Russians was the Hacking and leaking of illegally obtained information. During the 2016 Presidential election, the Chairman of Hilary Clinton’s campaign, Mr J. Podesta, received an email alerting him of a “Compromise in the system”, prompting him to change his password immediately by clicking on a link. Although this is a common technique used by hackers known as “Phishing” and Hilary’s team should have known better, this error in judgement gave the hackers access to over 60,000 private emails, which were then distributed online in order to persuade public opinion.
The Future of Cybersecurity
Although Blackhat Hackers will always try find a way around Cybersecurity preventative methods, there are always security specialists whose jobs are to protect big businesses and the government alike. Defending yourself from Information-Technology and Information-Psychological cyberwarfare is complicated, and each requires a different style of Cybersecurity.
In terms of trying to defend a company from information-psychological hackers and trolls across the world wide web, we’re faced with the problem that the spoofing industry is secretive and hardworking, spreading propaganda daily which makes it impossible for the normal internet user to separate the truth from the fiction. However, there are services such as “Yomapic” which can help by map the locations of social media users by the posts.
Furthermore, VPN’s and Encryption can be used as a means to hide your most valuable data, and even if there has been a breach in your device, developers and engineers can use a patch as a way to fix any vulnerable entry points.
In the fight against major cybercriminals you can always enlist Whitehat hackers, who can use their hacking techniques for an ethical purpose. The group Anonymous International, who published hundreds of emails said to have been stolen from employees at the Internet Research Agency.
To conclude, the indictment could act as a small deterrent in the future and can provide companies and governments alike with the opportunity to plan and prepare for cyberwarfare attacks. However, the same can be said for hackers as it also gives Hackers the opportunity to strengthen their techniques and to minimise future detection. It’s a race against time for all future Whitehats and Blackkhats.
If you found this article interesting and are looking for a job in Cybersecurity, Then RedCat Digital have a variety of Cybersecurity roles available. Apply online or call us today on 02072657800.