Cyber attacks by a hostile state can sometimes be more destructive than real military operations. Using the latest technology, hackers have the ability to infiltrate critical infrastructure, national servers and databases. Not only classified information of the state level, but also personal data of citizens fall under attack. How dangerous modern cyberthreats are and how in Russia and the rest of the world they are protected from cyber attacks – in the material “Tapes.ru”.
The work of hackers on the governments of various states has not been a secret for a long time. And there are many real examples where the actions of government hackers in the digital world led to real losses for the economies of the victim countries. One of the most notorious cases occurred in 2010 in Iran – where cyber terrorists managed to destroy the uranium enrichment plant in Natanz. This is the first time that a malware has physically destroyed an infrastructure.
rambler without ads
According to The New York Times, US and Israeli intelligence services were involved in the development of the worm. To disable the Iranian nuclear program, they decided to use the unique Stuxnet virus. Malicious software worked according to a very cunning scheme: it got onto a computer and immediately scanned the system to search for various automated control systems (they are unique at each plant). Stuxnet found the goal – and destroyed the infrastructure, but otherwise simply “fell asleep” before moving to another computer. That is, for a system useless to him, the worm was completely safe, and it was almost impossible to accidentally notice it. Realtek and JMicron helped him go unnoticed.
Hackers waited a long time before delivering a decisive blow to the Iranian factory – first it was necessary to organize the penetration of the virus into the system. Therefore, the first cyberattacks were carried out at local firms involved in the development of programs for industrial enterprises. One of the attacks hit the target: in 2010, a copy of Stuxnet was on the computer that controlled the Iranian nuclear centrifuge. At this moment, he took control of the infected device, imitating the commands of live operators.
After some time, the hidden malware began to slowly change the operation mode of the centrifuges: it set its rotation mode in its own way so that the equipment worked in critical mode (it accelerated sharply and also slowed down sharply). At the same time, information was displayed on the operator’s screens that everything was functioning normally. The virus was encrypted so well that it acted for several months until the centrifuges began to fail without the possibility of recovery.
As a result of the cyber attack, the plant’s work got up, and the country's nuclear program suffered serious losses and was thrown back several years ago.
rambler without ads
Modern hackers can not only destroy important infrastructure, but also completely deprive entire countries of access to the global network. This was proved by a former American intelligence officer Edward Snowden, who spoke about the grandiose cyber attack of the US National Security Agency (NSA) in November 2012. Then the agents managed to disconnect Syria from the Internet for two days, depriving all residents of the country of access to the network.
Apparently, NSA employees tried to introduce a tab into the router software of the country's largest provider, in order to further control Syrian government traffic. However, agents accidentally overdid it and the router completely stopped functioning.
In 2019, attackers encroached on the energy infrastructure of Venezuela. Hackers attacked the Guri hydroelectric control system, which produces about 80 percent of the country's electricity. The attack was quickly detected, so the station staff decided to temporarily stop the facility. But the developers of the virus have partially achieved their goal: during the attacks of 21 and 23 states of Venezuela, they experienced large-scale problems with energy supply. The authorities blamed America for the problems: President Nicolas Maduro called the cyber attack "electric war" from the United States.
Cyber warfare directly affects not only important state-owned enterprises, but also the lives of ordinary citizens. The confrontation on the Internet is conducted simultaneously at several levels: both special services and IT giants, as well as local hackers with extremist political groups participate in the struggle. And the personal data of users is constantly at risk. It is enough to recall the numerous leaks that occur due to constant hacker attacks.
rambler without ads
Most of the leaks are due to hackers who attack users with special software. In mid-2019, the well-known Israeli company NSO Group introduced software that, according to employees, can “steal” user personal data from the servers of Amazon, Apple, Google, Microsoft and Facebook. It was also about information about the location of users, their photos and messages. There is no doubt about the capabilities of the NSO Group software, because these developers have already become famous for the release of the powerful Pegasus virus, which is used by intelligence agencies of several countries to access personal data from smartphones.
One of the potential victims of the new virus – Facebook – over the past few years has become a victim of several of the largest sinks, where the social network has lost the personal data of hundreds of millions of users. The company was ordered to pay a fine of five billion dollars for dishonest processing of information (scandal with the transmission of data by British Cambridge Analytica).
The problems of the American social network with personal data also affect users from Russia. And the point is not only that during the largest leaks, the data of the Russians fell into the hands of the attackers. We are talking about the company's refusal to provide information on the localization of personal data in Russia. For four years, the company has not complied with the requirements of the law "On Personal Data", for which it received a fine of four million rubles. The same fate befell Twitter. True, these companies have already overdue the payment date, so they may soon face new sanctions.
Cyber attacks by cybercriminals are not avoiding Russia. On the contrary, the country too often becomes a target for foreign special services. Back in 2019, Igor Konashenkov, the official representative of the Russian Ministry of Defense, said that since 2013, the agency has neutralized more than 25 thousand cyber attacks on the resources of the armed forces.
“We regularly encounter various attempts at external information and technical impact on our systems, and in particular, attacks on the Internet resources of the Russian Ministry of Defense and even the Zvezda television channel,” Konashenkov said during the Army 2019 forum.
Cyber attacks on the armed forces – this is only part of all the attacks that fall on the country in a cyber war. Russia annually reflects a huge number of attacks by attackers.
rambler without ads
“Cases of coordinated targeted computer attacks, that is, consisting of several related actions, have become more frequent. In 2014-2015, the number of such attacks amounted to about one and a half thousand a year, and in 2018 it already exceeded 17 thousand, ”Oleg Khramov, deputy secretary of the Russian Security Council, cited data in 2019.
According to him, one of the main sources of the spread of malware is Internet resources in the United States. This country accounted for about 63 percent of malicious sources in 2018.
The American intelligence agencies pay special attention to Russian energy systems. Journalists from The New York Times, citing sources in Washington, wrote that in recent years, the country has increased the number of attempts to crack Russian software in this area for the sake of the ability to remotely disable individual elements of systems.
Attackers have also repeatedly made attempts to destabilize the financial system of Russia. In 2016, representatives of the FSB reported that foreign intelligence services were preparing large-scale cyber attacks on the country's largest banks. Thanks to the timely actions of specialists in the field of cybersecurity, the attack was repelled in time.
In a situation when the confrontation between world powers has passed into the network, countries are trying to protect their cyberspace. In Russia, such a step was taken in 2019. In November, the Sustainable Internet Act (better known as the Sovereign Internet Act) entered into force, around which there has been much debate. Critics of the initiative feared that the project was aimed at disconnecting Russia from the global network and localizing the Internet. However, statesmen emphasize that the initiative serves a different purpose — to counter external Internet threats. The head of the Ministry of Communications, Maksut Shadaev, called his terrible dream the disconnection of the global Internet in Russia. “You know, this is a terrible dream for the Minister of Communications – to wake up and find out that our citizens are disconnected from the services that they use and are used to. Even if these are foreign services, ”he said in an interview with Vladimir Pozner.
In addition, a procedure has now been established to restrict access to online resources that process personal data in violation of Russian law. Equipment for the implementation of the project will filter traffic and block access to resources that are in the list of prohibited. As explained on the Kremlin’s website, this minimizes the transfer of data exchanged between Russian users abroad.
rambler without ads
Authorities say: innovations are not aimed at isolation, but at ensuring the operation of domestic resources in the event that Russian operators suddenly lose access to foreign root servers. In addition, this will protect them from unauthorized access to hardware and software, because of which the communication network may be interrupted.
Work in this direction began in 2012. Then the main directions of state policy in the field of ensuring the security of automated control systems for production and technological processes of critical infrastructure of the country were approved, Oleg Khramov said.
"The next step was the adoption by the president in 2013 of a decision to create a state system for detecting, preventing and eliminating the consequences of computer attacks on Russia's information resources – the State Social Security Administration," said a representative of the Security Council. According to him, more than 50 departmental and corporate centers of the SSSOPKA provide unified organizational, technical and scientific-methodological approaches to countering computer attacks, as well as eliminate their consequences.
The Deputy Secretary of the Security Council emphasizes that it is difficult to ensure information security without the participation of commercial structures, the scientific community and public organizations. Therefore, the authorities are interested in public-private partnerships.
It is worth noting one of the main European regulations on data protection – GDPR (General Data Protection Regulation). This bill also aims to protect the personal data of all residents of the European Union. The main objectives of the regulation are to minimize the collection of personal data, to limit their storage time and confidentiality. In other words, companies should provide maximum protection for information about users, as well as inform them about data processing. The GDPR entered into force in May 2018. True, during this time, serious fines under the regulations were issued only to two large corporations: the German Facebook division (51 thousand euros) and the Google branch in France (50 million euros).