The Department of Justice on Thursday announced that a grand jury in the Western District of Pennsylvania has indicted seven individuals from the Russian military intelligence agency (GRU), for cyber-crimes including hacking, wire fraud, identity theft and money laundering.
According to the indictment, beginning in late 2014 and continuing until at least May 2018, the individuals conducted sophisticated cyber intrusions and describes a persistent conspiracy that included “close access hacking teams” that would deploy around the world, when remote hacking attempts from Russia failed. The close access teams would use sophisticated equipment and techniques to compromise and gain access to WiFi networks, and after a successful hacking operation, would then transfer the information back to Russia for exploitation.
Also on Thursday, the UK’s National Cyber Security Centre (NCSC) publicly said that the GRU is behind a campaign of ‘indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport. The NCSC identified individual cyber hackers and linked them back to the GRU.
So, what does it mean? Is it a bad day for Russia or just more meaningless words?
The Cipher Brief got this quick expert take from Steven Hall, a former member of the CIA’s Senior Intelligence Service:
Hall: First and foremost, I don't think Vladimir Putin cares. I think the West will go on doing things like bringing indictments, which are meaningless, unless you are an oligarch and you're traveling all over the world to places that can extradite people back to the United States. There is some symbolic impact when you're talking about indicting people, or in some cases, doing what the Europeans have done and PNG-ing and expelling Russians out of their country, but Putin knows very well that to date, there has been no significant pushback. Yes, there are sanctions that are incrementally increasing, and diplomats are sometimes being expelled, but it's not anywhere close to the threshold that Vladimir Putin needs to begin to actually become worried about this. For him, this is hybrid warfare and that is his weapon of choice. It's been extremely successful for him, so he's willing to pay a little bit of a price to have the continued successes he's had using this hybrid warfare approach.
The Cipher Brief: You spent a big part of your career focused on Russia, Russian activities, and on understanding the mindset of Vladimir Putin. What is that threshold - do you think - that will lead to a change in behavior? If it’s not sanctions, if it's not publicly naming and shaming, then what is it?
Hall: I'm not sure that either side, either the United States and the West, or Russia, knows specifically what the red line is, but what Vladimir Putin is willing to keep pushing until such time that it begins to hurt, either Vladimir Putin personally, or the Oligarchs, or much farther down the line to the Russian people, which I think Vladimir Putin cares very much about that part. So, certainly on our side in the West, we don't know precisely what to do, but here's an example- I have been calling for a long time to really seriously think out of the box, to do some things that will put Russia and Putin on the defensive. For example, removing Russia from the SWIFT program and the international banking system. That made a lot of sense to me until we found out that because of the Trump administration's decision to tear up the Iran agreement, the Europeans themselves are developing methodologies by which money can flow to Iran, outside of US sanctions, because they don't agree with our policy. Well, that's a fabulous day for Vladimir Putin because that means that he's got our own allies now working with him to try and figure out ways to circumvent the U.S. so until we figure out how to push back hard on Russia, they're going to keep charging ahead and that's why I don’t think Putin cares very much that the GRU is getting caught. He’s paying a small price, but it’s working out well for him in the long run.
The Cipher Brief: So, it's still really, for him, as you said, a game of information warfare that he seems to be playing quite well?
Hall: It’s the whole panoply of basic propaganda stuff. I was just reading an article that RT is now performing better in Spanish and Chinese than any other foreign language broadcasters. So, it's that really basic old propaganda stuff, combined with the high tech stuff where you've got you know guys sitting in the back of cars you know outside of targets trying to spoof their Wi-Fi so you can get into their systems. So yeah, it's the whole spectrum of hybrid water and information operations, influence operations, propaganda, cyber operations, it’s all working really, really well.
The Cipher Brief: What we you think the answer is?
Hall: I honestly don't think that until such time as the United States and the West, and unfortunately on Russia we're not in our strongest again because of this administration and particularly Donald Trump's approach to Russia and what that's done to our a strong allied relationships, especially the intelligence side of things. So we're not in the strongest position than we've been in, but setting that aside, we have to start, at the very least rattling sabers to say OK look, here's a couple of things that you need to understand in Russia. And I think this needs to be done publicly and in diplomatic channels, and in intelligence channels as well. But they need to be told that the United States has come up with the new policy that is essentially a cyber version of mutually assured destruction. So if we catch you doing one other thing, it's going to be so bad for you that you're never going to want to do it again. You know harkening back to the old Cold War days when the mutually assured destruction was nuclear weapons. We need to have a cyber, mutually assured destruction plan out there and projected to the Russians to show them what would happen if they continued to do this. They need to be told that the United States has come up with a new policy that is essentially the cyber version of mutually assured destruction, so, ‘If we catch you doing one more thing, it’s going to be so bad for you that you’re never going to want to do it’, harkening back to the old Cold War days when mutually assured destruction was nuclear, so we need to have a cyber version out there and project it to the Russians to show them what is going to happen if they continue to do this. We need to think of really out of the box things like taking them off the international banking system, maybe even saying things like, ‘You know we need to consider inside the United Nations whether Russia should really be a member of the UN Security Council.’ Now, that’s a real stretch, probably would never happen, but you know, if you start talking about that and start getting allies together in the UN to say, ‘Hey, do you really want people who are killing people worldwide and annexing countries for the first time since WWII, do you really think those are the kinds of people we should have on the UN Security Council?’ It might never happen, but it would get the Russians attention, so we need to think about what would really hurt the Russians besides the same old same old, because that’s certainly not working these days.
The Cipher Brief: Let’s push back just a bit on Trump’s approach to Russia, because from what we’ve seen, he says something, and he does something in a certain way - and of course we’re talking about the Helsinki Summit - but then you see all of his senior people roll out together and put forth this united ‘we’re not going to stand for this’ front.
Hall: Some of that is semantics in terms of where does the Trump line end and where does the Administration begin, so there are a couple of ways to look at it. The first way that I try to look at it is to try and look at it the way Vladimir Putin does. Putin knows that the system in Russia is very different than the system in the West, but nevertheless, I think Putin – also being a human being – falls prey to what all of us do – which is seeing the world through his own lens, so in Russia, when Vladimir Putin says something, it’s taken very seriously. Sergei Lavrov, or any of the other underlings, who are nevertheless very senior officers, but they are not Putin. When they say something, it’s very, very different. It may be true or it may not be true, it all depends on what Vladimir Putin ends up doing. I think he projects a bit of himself when he looks at the United States, so when Secretary of State Mike Pompeo, or CIA Director Gina Haspel says, ‘We’re going to take very strong action’, and then Donald Trump says nothing, or says something much weaker, then, I think the impact on Putin is much weaker. Putin knows that he can always go straight to the top man himself, just like people who want to change something in Russia go straight to Putin, so I think there is an element there that until the actual leader of the United States is willing to stand up and say, ‘This is unacceptable. This is what’s going to happen: tomorrow, the following five things will occur…’ until that happens, I think it’s going to be taken with a grain of salt. I think there is also a little bit of a hamstrung nature where you’ve got senior members of the Administration being much stronger on Russia than the President is and that can be confusing to our allied partners, so we’re beginning to see Europe do things on its own.
The Cipher Brief: Any other little nuggets, that you, as a former Intelligence professional, pulled out of the headlines of all of the indictments that came out?
Hall: I was just re-reading Mark Kelton’s recent column in The Cipher Brief and Mark is right in wondering why the GRU is being so obvious. Don’t they care if they get caught? What’s the deal? That is an interesting question. I think in the case of the Skripal’s, they didn’t really care because the message was to anybody who was going to be a spy, ‘you’re going to die horribly, I don’t care where you are’, so I don’t think they were overly concerned. But I think it’s reflective of the fact that the Russians just don’t see any red lines from the West. They see a lot of talking and sanctions and some PNGs and some indictments, but for them, that’s just a cost of doing business. For me, the overarching issue is that the Russians have figured out that this hybrid warfare approach can be used for such a broad variety of things, whether it’s going against the Olympic Committees that were in charge of doping, or whether it’s going against the lab that was investigating the Novichok attacks, I think they’re still asking themselves whether there is anywhere that this approach won’t work? This is a growth industry for them and its working very well.
