by Dave Moore, CISSP
03/06/2022
For the past few weeks I’ve been reading, “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers,” by Andy Greenberg. In light of recent events, the book has taken on enhanced significance. I didn’t know Ukrainians had been fighting for their country’s independence for literally hundreds of years.
I’ve read Greenberg’s work before, particularly his columns in Wired Magazine about how Russian government hackers sabotaged electrical power plants in the Ukraine. The 2017 column, “How an Entire Nation Became Russia’s Test Lab for Cyberwar,” should be required reading for anyone who cares about keeping the lights on in the United States.
Cyberwarfare had been conducted to devastating effect before, like when Barak Obama, in collusion with Israel, ordered cyberattacks that crippled weapons-grade uranium enrichment facilities in Iran in 2009. The attacks later came to be known as Stuxnet.
Kim Zetter’s Wired columns covering the first cyberattacks on the Ukrainian power grid in 2015 revealed a sobering reality: faced with determined and skilled hackers, electrical power plants were easy targets. Even worse, someone was using the Ukraine for target practice, and getting away with it. There were well-founded suspicions, but nobody (except for Ukrainians) wanted to say for sure it was Vladimir Putin’s army of cyber soldiers.
Greenberg’s 2017 column confirmed previous suspicions: yes, it was the Russians. The Ukrainian attacks were different, though. Instead of targeting army installations or air force bases, the Russians had, for the second time, used government/military-sponsored cyberwarfare weapons on civilians.
And now, dang it, Russia has sent real human soldiers into Ukraine, shooting rockets, missiles, tanks and guns.
Don’t think, though, that the Russian hackers have forgotten who they work for. Cyberwar is now raging full-time, with the Russians hacking Ukraine websites to bits, independent hacking groups like “Anonymous” knocking Russian websites offline, and even Iranian government hackers getting in on the melee.
The US Cybersecurity & Infrastructure Security Agency (US CISA) stated last Thursday (Feb 24) they had observed Iranian government-sponsored hackers, “… conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors — including telecommunications, defense, local government, and oil and natural gas — in Asia, Africa, Europe, and North America.”
In addition, Russian cybercrime hacking group Conti, known for its ruthless and aggressive tactics, declared, “… we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia…” “Since the West is known to wage its wars primarily by targeting civilians, we will use our resources to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression.”
In a David versus Goliath attempt to stem the tide, Ukraine is forming its own “IT Army of Ukraine,” with Ukraine’s Minister of Digital Transformation Mykhailo Fedorov declaring, “We are creating an IT army. We need digital talents. All operational tasks will be given here: https://t.me/itarmyofurraine. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.”
It was no surprise, then, that US CISA issued a “Shields Up” alert on Saturday (Feb 26), stating, “…in the wake of sanctions imposed by the United States and our Allies (against Russia), [e]very organization — large and small — must be prepared to respond to disruptive cyber activity.” That means you. Yes, you, Mom and Pop computer user; you, small business owner; you, college student and you, “I only use it to check my facebook” phone addict. You.
There is a new war in the world, and it is spilling onto the Internet in an unprecedented fashion. Remember, the Internet knows no borders and computers have no political allegiances. It is up to each individual Internet user to see to their own personal safety and security, because it should be abundantly clear by now that the government can’t do it for you.
The top “Shields Up” advice offered by US CISA to fend off these problems, listed as “Four Steps Americans Can Take To Protect Themselves,” should sound familiar to readers of this column, and those who’ve taken our Internet safety classes at local libraries. It’s the same advice we’ve been promoting for years: (1) Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. (2) Update your software. Bad guys will exploit flaws in the system. Updates fix the flaws. (3) Think before you click. More than 90% of successful cyber-attacks start with a phishing email. Ask yourself, “is this real?” (4) Use strong, unique passwords for all accounts, and a password manager, if you need to.
Take care of these things, today. Don’t be the slowest one in the herd when the bad guys come knocking.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com