The first chapter in the history of Russia cyberspace operations began in 1986 when the KGB hacked into the Anniston Army Depot in Alabama in search of files relating to the Strategic Defense Initiative.[1] Stealing classified documents was nothing new for the KGB. Russian spies, for example, recruited a young British secretary in the 1930s to steal files relating to nuclear research. Melita Norwood stole hundreds of files in her thirty year career as a Russian spy.[2] It only took the Russian hackers a few minutes to successfully exfiltrate thousands of classified documents from the US Army. This operation marked a watershed moment for the Russians. Hacking was cheaper, faster, more effective, and less risky than traditional espionage operations. These espionage operations in cyberspace had the added benefit of being extremely difficult to fully attribute to any given actor, something that enabled Russia to deny involvement in these activities regardless of the amount of evidence presented.[3]

Cyberspace provided Russia with new tools that it could incorporate into its existing political warfare doctrine. The Soviet Union used political warfare to subject target populations into a sense of constant political, economic, and/or security instability. The USSR used these techniques against both its domestic population and its Western adversaries during the cold war. Russia added its former states to the target list after the fall of the Soviet Union.[4] Cyberspace provides new and effective ways for Russia to create feelings of insecurity and foment chaos. Hackers can spy on adversaries at much a greater scale than ever before, at a fraction of the cost of traditional espionage operations and with much less risk. Russian hackers and social media trolls can present misinformation and fabricated data to manipulate public sentiments. Russia weaves cyberspace warfare and other non-kinetic capabilities such as electronic warfare, information operations, and psychological warfare together to accomplish military and political objectives.

Information operations are an effective way to shape the battlefield for military attacks by creating chaos within the target country or operational area prior to operations. These operations span a spectrum of activity that ranges from social media disinformation campaigns to using cyber-attacks to shut down infrastructure. These activities can accomplish tactical and strategic Russian objectives without requiring traditional military operations. This often means that it can target civilian populations with these operations as well as military forces. Russia does not draw the same distinctions between war and peace as many Western nations do. It employs its entire state to achieve its goals, to include private entities, corporations, and even criminal elements. This means that Russian information operations target domestic audiences instead focusing directly on combat forces.[5]

This whole of government approach to information warfare tends to color how the Russia’s government thinks about Western activities in their country. Russia sees itself as constantly under attack or the threat of attack.[6] The North Atlantic Treaty Organization (NATO) is accepting former Soviet Union states into its membership and is expanding closer to Russian borders. Western media, Hollywood, and American businesses are introducing new ideas to the Russian people through films, social media, and other engagements. Russia sees the promotion of liberal democracy and social rights as a direct threat to the country and its way of life.[7] Russia does not have good options to stop these western influences from reaching its people. The United States military is extremely capable, and President Putin believes he will not defeat the US in a conflict, especially with NATO backing.[8] Information warfare provides Putin the means to achieve his military and political goals without having to execute any traditional military operations. Next week we will discuss some case studies about how the Russians put these concepts into practice.

Red Joan Stanley

I wasn’t familiar with ‘Red Joan Stanley’ before I did the research for this post, but apparently she is the subject of a very popular British spy drama. I’ll have to wait until it comes out on Netflix to see it. It turns out that Joan Stanley was entirely fabricated for the movie, which holds at 30% fresh on rotten tomatoes. Maybe I won’t see it. Melita Norwood is the inspiration for the film and was one of the most active Russian spies in the 1930s. She worked as a secretary for the Non-Ferrous Metals Research Association in London, which was a front for a secret nuclear weapons research facility. You would think that such an important project would have done a basic background check on their new secretary. If they did, they would have discovered that she was a long time member of the communist party.

Norwood snuck into her boss’ office when he wasn’t there, opened a safe that she definitely should not have been able access to, and took pictures of highly classified documents. She subsequently passed these along to KGB contacts in England until the 1970s. The Soviet Union presented her with the Order of the Red Banner in 1979 in recognition for all her hard treasonous work, which some experts believe accelerated the Russian nuclear weapons program by two years. It gets even better! Mona Maund, one of England’s first female MI5 agents, thought that Norwood was a spy back in the 1930s but her boss Jasper Harker dismissed her concerns because he believed that women couldn’t be good spies. He ended up firing Maund a few years later to further emphasize that sexist point. Thanks a lot Jasper! The Russians certainly benefited from your backwards thinking. You can read more about the real ‘Red Joan’ here and here. 

Hacking Star Wars

It’s worth reading more about the Strategic Defense Initiative hack. This is the first documented incident of someone using cyberspace as a means for espionage. In this case the Soviets were after information about the Strategic Defense Initiative. The SDI, more commonly known by its nickname ‘Star Wars’, was a missile defense program designed to neutralize the Soviet Union’s ballistic missile threat. President Reagan initiated the project in 1983 and the SDI team looked into all sorts of crazy ways to defeat nuclear missiles including lasers and particle beam weapons. None of it really panned out but the US put a lot of money and effort behind the program.

Particle beam cannons sounds pretty scary and it is not surprising that the Russians wanted to get their hands on anything relating to the SDI. Their hackers connected to various networks and successfully accessed several of them using default passwords like ‘guest’ and ‘password’. They then expanded their access using trojan horses and stolen password files. A computer systems administrator at the Lawrence Berkeley National Laboratory named Clifford Stoll first detected these intrusions when he noticed a nine second discrepancy in their computer usage logs. He did some digging and discovered that a hacker was masquerading as a legitimate user on the lab system in order to access other more sensitive networks. 18 months later Stoll tracked the activity back to a West German hacker named Marcus Hess who was working for the Russians. You can read more about this here. Stoll also wrote a book about this called the Cuckoo’s Egg but I haven’t read it. If you did, send me a book review and I will post it on the site.

I leaned pretty heavily on a few articles to write this post. Sarah Vogler and Michael Connel wrote an excellent article on Russia’s approach to cyberspace warfare, which is the title of their paper. It covers a lot of ground in 38 pages and goes into a series of case studies. You can read their paper here.

Nick Popescu and Stanislav Secrieru compiled a wealth of information on Russian hackers for the European Institute for Security Studies (ISS). It’s a series of essays that also covers historical examples of Russian cyber activity. Some of the essays get into Russian influence operations on social media. We will eventually talk about that on this site so you will see these references again. The paper is worth reading from cover to cover. You can find it here. 

---

[1] Richards, E. and Smith, R. (1989, March) Computer Detective Followed Trail to Hacker Spy. The Washington Post. https://www.washingtonpost.com/archive/politics/1989/03/04/computer-detective-followed-trail-to-hacker-spy-suspect/53dc3e5a-a279-441d-98b5-e745645c547f/

[2] Lynne, F. (2019, April) Red Joan: The truth behind Joan Stanley and the Cambridge spies. Cambridge News. https://www.cambridge-news.co.uk/news/cambridge-news/red-joan-truestory-cambridgespies-odeon-16147399

[3] Popescu, N. and Secrieru, S. (2018, October) Hacks, Leaks, and Disruptions. Russian Cyber Strategies. European Union Institute for Security Studies. https://www.iss.europa.eu/sites/default/files/EUISSFiles/CP_148.pdf

[4] Blank, S. (2017) Cyber War and Information War à la Russe from ‘Understanding Cyber Conflict: Fourteen Analogies’, ed Perkovitch, G. and Levite, A. E. Georgetown University Press. https://carnegieendowment.org/files/GUP_Perkovich_Levite_UnderstandingCyberConflict_Ch5.pdf

[5] Connel, M. and Vogler, S. (2016, September) Russia’s Approach to Cyber Warfare Center for Naval Analysis. https://www.cna.org/cna_files/pdf/DOP-2016-U-014231-1Rev.pdf

[6] Blank, S. 2017

[7] Connel and Vogler, 2016

[8] Blank, S. 2017