Russian government wants to strengthen its cyber defense,what’s new?

Russian President Vladimir Putin is considered one of the political figures most attentive to the development of a suitable cyber strategy to protect his countries from cyber attacks. Putin is an intelligent man who has always understood the strategic importance of cyberspace, according many experts he has always invested in the development of cyber capabilities, foreign intelligence is sure that he controls one of the most dangerous group of hackers employed in the persecution of dissidents in the past years and in cyber attacks against political opponents.

The recent revelation of Red October cyber espionage campaign have alerted governments all around the world, the same Putin has ordered to the authorities to increase the level of protection of government cyber assets from possible cyber attacks, the concerns have increased after the revelation of Kaspersky security firms that has verified that the global cyber espionage campaign has also infiltrated government and embassy computers across the former Soviet bloc.

The Russian Federation is one of the most hit region by the phishing attacks with cyber espionage intent, who is behind the attack is a mystery, some experts are sure the operation has been organized by the cyber criminal organization Russian Business Network (RBN) but many other professional that the campaign there is the support of governments.

On January 15^th Vladimir Putin approved a decree that assign full powers to Federal Security Service (FSB) to “create a state system for the detection, prevention and liquidation of the effects of computer attacks on the information resources of the Russian Federation“.

Russian authorities are so thinking to an automated defense system able to mitigate incoming cyber attacks against Russian web resources inside the country and also abroad.

Critical infrastructures, diplomatic offices and intelligence structures must be protected from any kind of attacks, diplomatic activities are most impacted by the cyber espionage and the possible consequences for data breaches are serious.

FSB neither the Kremlin have provided further details on the government program to reinforce the security of the cyber space.

The situation is very complex and hard to decipher, I’ve tried to understand who could benefit from this situation.  Cyber criminals organizations could be really interested to the information stolen to resell to best offers, but it is not so easy. The complexity of the attack, the long period it was able to remain uncovered and the nature of targets let me think that there is a government commitment. These guys have built an impressive network to steal governments information and not banking credentials or any other financial data, we are not facing with a classic scam.

Despite cyber criminal organizations are increasing the sophistication level of their attacks if we situate temporally the start of the massive campaign it’s hard to believe that the entire operation is not state sponsored.

The crime has different dynamics, typically criminal structures need money to finance their operations, exactly as any other businesses, in this case the attackers has decided to postpone their earns to as an uncertain and risky future, how is possible?

The reality in my opinion is that the attackers have always worked for a government, or maybe are themselves member of some dedicated cyber unit.

Another element that appears strange, if RBN is responsible for the attacks why it is back to the origins? The group mysteriously disappeared in 2007 but the efficient Russian authorities never captures its exponents. The organization moved operations to China, Taiwan, Hong Kong and also in UK and US. Could be Russian government exponents involved?

And what do you think if per impossible, the Russian government was involved, at least a part of it infiltrated by organized crime? In this case the response of central authorities could represents a clear act of force to protect its heritage of information.

By whom and why Putin wants to defend its infrastructures unlike what was done until now, and who is the recipient of messages sent with the signing of the decree?

It’s known that Kaspersky is one of the most active company in cyber security and has already worked in the past with Russian Government in the fight to cybercrime, why it has decided to make public the news instead to try to track back the criminal in silence securing Russian agencies?

The hypothesis are different and and imaginative, I’m reading everything on the web, people that blame Chinese Government and other that consider security firms subservient to governments, the unique certainty is that similar campaign are arranged by structured organizations which over the years are able to follow the technological evolutions hiding their activities, difficult to think that similar organizations are able to work independently maintaining their identities over  time, improving their capabilities and eluding world wide security specialists … where is the truth?

Pierluigi Paganini

(Security Affairs – Russia)