Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama imposed sanctions last year on President Putin's government over its intervention in Ukraine.
The emboldened attacks are hitting the highest levels of the U.S. government, according to reports, in what former officials call a “dramatic” shift in strategy.
The efforts are also targeting a wide array of U.S. businesses, pilfering intellectual property in an attempt to level the playing field for Russian industries hurt by sanctions.
Crowdstrike has recorded over 10,000 Russian intrusions at companies worldwide in 2015 alone. That’s a meteoric rise from the “dozens per month” that Alperovitch said the firm noted this time last year, just as the U.S. was imposing its sanctions.
Many see the recent reports that Moscow infiltrated the State Department and White House networks — giving them access to President Obama’s full schedule — as a turning point in Russian government hacking.
Moscow doesn’t care as much about being caught, perhaps in an attempt to prove its cyber prowess, some speculate.
“I think that the calculus for them has changed,” said Will Ackerly, an eight-year National Security Agency vet who co-founded encryption firm Virtru in 2012. “It seems that they’re definitely behaving dramatically different in that regard.”
The attitude, Ackerly said, is “much more brazen” than previous Russian efforts to lift intelligence information.
For years, Russian hacking has operated on two tracks.
On one track, Moscow has orchestrated quiet, targeted digital hits on the U.S. government to collect scraps of intelligence data. On the other, a large community of Russian cyber criminals, not necessarily affiliated with the government, has peppered the American banking industry for commercial gain.
“Experienced Russian hackers often tend to target financial data,” said Tom Brown, who served until 2014 as chief of the Cyber Crime Unit at the U.S. Attorney’s Office for the Southern District of New York.
Last year, Russians were charged with hacking into Nasdaq, America’s second largest stock exchange. Going further back, a notorious Russian Internet gang made off with tens of millions of dollars from Citibank in 2009.
These were just two of the Russian incidents Brown helped investigate. Russian cyber crooks, he said, uniformly launch “relatively sophisticated attacks.”
On the government-sponsored side, researchers at security firm FireEye discovered evidence of Russian intelligence-gathering cyber campaigns stretching back to at least 2007. Moscow was searching for communications, emails, memos, phone calls and schedules that could smear adversaries’ reputations or simply shed light on their plans.
Laura Galante, threat intelligence manager at FireEye, said she has seen a “resurgence” in these types of Russian government-backed cyberattacks since late February.
“They really see this as much more broadly than just a tool, a piece of malware or a distinct type of activity,” said Galante. “They see this as a broader quest to get the information they need to portray themselves and their efforts in the best light in the world.”
And as Russia’s economy sags under the weight of U.S. sanctions imposed in March 2014, the mercenary, criminal track has started to blur with the government-directed track, analysts said.
“What they’re basically doing is in effect saying internally, ‘That’s fine, you’re going to sanction us, so we’re going to use cyber to steal your intellectual property and give it to our industry,’” Alperovitch said.
The digital barrage has caught the attention of top U.S. officials.
President Obama repeatedly asked his advisors whether a massive data breach at JPMorgan last fall was Russian retaliation for the sanctions, according to reports. The aides couldn’t give the president a definitive answer. Indeed, the security community is not united in its belief Russia was behind the attack.
Former intelligence officials have also speculated that information discreetly passed to the media laying blame on the Russians for the State Department and White House hacks is a White House attempt to send a message to Russian authorities: “We’re on to you.”
Director of National Intelligence James Clapper acknowledges the U.S. was caught off guard by this Russian hacking surge.
“The Russian cyber threat is more severe than we have previously assessed,” he told a Senate committee in February.
During an October speech, Clapper even said Russia has replaced cyber powerhouse China as his top concern.
Ackerly said the State Department and White House intrusions are a striking example of the new Russian mentality.
The attack was “much larger in breadth” than historic Russian cyber espionage efforts.
“They’re much more willing to do things which there’s a high probably of detection,” Ackerly said. “They are willing to know that going in and say, ‘We’re going to do that anyway.’”
Moscow’s intelligence agencies can still collect their information, while making a public point, said Christopher Cummiskey, a former acting under secretary for management at the Department of Homeland Security in 2014 who oversaw a number of the agency’s cyber efforts.
“I think from their perspective it’s like, ‘Well guess what, we’ve shown the world that we’re able to actually penetrate the very sensitive systems in the U.S. government,’” he said.
Until the government improves its detection capabilities, the Russians will not be deterred, Cummiskey said.
“It’s not as easy to pick up on these things today with the way we’re configured as hopefully it will be in the future,” he said. “So we’ve got some work to do.”
— Updated 4:46 p.m.