Tale of Russian hackers inspires fear
To understand the evolving, shadowy world of cyberwarfare, start with Ukraine.
"You can't really find a space in Ukraine where there hasn't been a (cyber) attack," a NATO ambassador tells Wired correspondent Andy Greenberg. "Turn over every rock, and you'll find a computer network operation."
Beginning in 2015, Ukraine was on the receiving end of vicious cyberattacks that experts later determined were launched by Russia. The attacks were ruthless, targeting every aspect of Ukrainian society: government servers, media organizations, transportation hubs. Ukrainian cyberexperts watched helplessly as systems began to crash all around them. There were no public schedules or train service one day. ATMS went dark the next. The coup de grace came when the hackers targeted
the electricity grid, plunging hundreds of thousands of innocent Ukrainians into darkness.
"A single group of hackers seemed to be behind all of it," Greenberg reveals, and in the attacks' aftermath Ukrainians said the effect was to feel as if "phantoms ... had reached back, out through the internet's ether," into their homes.
So begins Greenberg's immensely readable "Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers," a hair-raising, cautionary tale about the burgeoning world of state-sponsored hackers. This is a book that goes beyond influence campaigns and ransomware. Greenberg lays out in chilling detail how future wars will be waged in cyberspace and makes the case that we have done little, as of yet, to prevent it.
His dogged reporting leads him to the GRU, Russia's military intelligence agency, which he argues has become the most methodical and destructive cyber-force on the planet. You may have heard of it. Cybersecurity
• “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers” (Doubleday, 348 pages, $28.95) by Andy Greenberg
company Crowdstrike named one group within the GRU Fancy Bear and blamed that group for meddling in the 2016 U.S. presidential election. But those considered to be well informed are familiar with a different group of GRU hackers known by the name Sandworm.
The GRU hackers set themselves apart from other intelligence operatives because their intentions were broader.
"Sandworm wasn't merely focused on espionage," Greenberg reveals. "Intelligence-gathering operations don't break into industrial control systems. Sandworm seemed to be going further, trying to reach into victims' systems that could potentially hijack
physical machinery, with physical consequences."
Their missions included weaponized swarms of internet traffic or malware that installed back doors on a victim's computer so Sandworm would have complete access. The cyberattacks became renowned, with names like Notpetya, considered the most damaging worm ever introduced into the wild. Originally meant to attack Ukraine, its ransomware spread across the world, encrypting computer data and demanding payments to unlock it. Turns out there was no decryption after a ransom was paid; there was just destruction.
U.S. officials don't have to wonder how an all-out election hack might unfold in 2020. Ukraine provides a dress rehearsal. Four days before the country's May 2014 elections, a pro-russian hacking group publicly announced that it planned to disrupt the process. A short time later, the group broke into the country's Central Election Commission and wiped dozens of computers.
"The idea was to destroy the system, to prevent it showing the results, and then to blame Ukraine's socalled junta," Victor Zhora, a security contractor for the commission at the time,
tells Greenberg. "The goal was to discredit the election process."
The commission's IT department was able to rebuild the network before the polls opened, but in the process it discovered something disturbing on its server: an image of fake election results.
The administrators managed to delete the fake data before it was publicly displayed, but "Russian state television, seemingly coordinating with the hackers, went ahead with a false announcement that (Dmytro) Yarosh had won, an apparent attempt to cast doubt on the election of the real winner, the political moderate chocolate magnate Petro Poroshenko."
It gets worse. The next morning, the hackers struck again. Ukraine's election commission was hit with a "denial of service" attack that knocked its servers offline, making it doubly difficult to confirm the legitimate results.
Could something like that be awaiting us in 2020? Greenberg suggests that if we don't take cybersecurity more seriously, that is exactly what the future may hold.
"On the internet, we are all Ukraine," he writes. "We all live on the front line."