Juha Saarinen: Is Russia on the internet a bad idea?

Add up the attacks and Russia on the Internet seems a bad idea. Photo / 123RF

OPINION:

Last week, the Five-Eyes countries - New Zealand, Australia, Canada, United Kingdom and the United States - issued a joint infosec advisory on Russia-attributed infosec threats to critical infrastructure like power plants, hospitals, industrial control systems and more.

Russia has long been accused of running hacking campaigns against Western public and private organisations, and the sheer volume of attacks is mind-boggling. The advisory, written by the US cybersecurity and infrastructure agency (CISA) drives home why network defenders have to sleep with one eye open.

Attribution of internet-borne and other network attacks is notoriously difficult, but the Five-Eyes countries list five Russian government and military organisations as advanced persistent threats (APTs) actively conducting offensive operations since years back.

These include Russia's secret police, the successor to the infamous KGB, the Federal Security Service or FSB. The country's two main spy agencies, SVR and GRU are also listed, along with the Central Scientific Research Institute of Chemistry and Mechanics; the latter sounds like a name from a Cold War novel.

On top of that, there are the usual Russian freebooter ransomware groups, which Western security researchers say are associated with government agencies in many cases.

It can be tricky to keep track of who's who among the Russian government hackers, as security researchers and Western intelligence agencies use multiple names for each group.

Active since 2004, GRU's 85th Main Special Service Centre or GTsSS is known as Unit 26165, is known as APT28, FANCY BEAR, Group 74, PawnStorm, Sednit, SNAKEMACKEREL, STRONTIUM, Tsar Team and a few other names for example.

New Zealand and the other Five-Eyes nations believe Russian cyber-crime groups like The CoomingProject are hacking and extorting money out of organisations by threatening to publish sensitive data.

WIZARD SPIDER meanwhile has pledged to support the Russian government in its invasion of Ukraine. The group is, among other things, known for developing the Conti ransomware that was used to attack the Waikato DHB last year.

The above kind of nomenclature no doubt makes for hilarious, Monty Pythonesque meetings at intelligence agencies and security vendors. Less funny is the tally of harm that Russian hackers continue to cause.

Outright spying is one thing - Western nations do that too - but planting ransomware to extort money from healthcare organisations, schools, charities and even government organisations is quite another.

The attacks are often done with no care for collateral damage, like the 2017 destructive NotPetya data wiper malware that cost pharmaceutical giant Merck US$870 million to remedy, took the radiation monitoring at the Chernobyl nuclear plant offline and cost organisations about US$10 billion, security vendors estimate.

Being able to needle the West like that with easy network sabotage and bringing in badly needed revenue to launder into foreign exchange is handy for Russia.

In light of that, the threat made by Russia's former president and Putin confidante Dmitry Medvedev that the country is now ready to disconnect itself from the internet, is totally ridiculous.

As Medvedev admits, just like China, it's unlikely that Russia will cut itself off from the global internet. The rest of the world might go "oh, look", but for Russia it would be a disaster with further isolation, which is what Medvedev worries about.

Twitter, for example, hasn't dropped the accounts that Russia's ministry of foreign affairs operate, and they're free to post whatever outrageous lies they like.

It would also make it far harder to receive ransom payments in crypto-currencies for Russian hackers. Putin is reported to be considering oil and gas payments in Bitcoin, and is said to be keen to "keep the markets open". He probably won't order payments to be in the PUTIN token, valued at US$0.064917 which is better than the ruble, but the crypto currency isn't listed anywhere.

When the Internet kicked off, nobody gave a thought to what it would mean to connect a non-rules based nation to the greatest general purpose network humanity has had; a network that runs on protocols for data exchanges that were created by good-faith consensus.

Now we know.

The internet adds value the more people and organisations connect to it, but do the benefits of that outweigh the costs and damage of a nation ideologically dedicated to malicious online activity being connected to the rest of the world?

Russia and other totalitarian regimes might not like the answer to that.