Synopsis
Applying existing knowledge to real cybersecurity threats is an excellent academic reflective strategy to conduct research and assess the quality of one’s skills. Given the need to select the most recent cybersecurity events, I have decided to address the most pressing topic of recent weeks, namely the war that Russia has launched against Ukraine. I will avoid discussing political issues, but I will touch on a severe aspect related to cybersecurity. Specifically, a week ago, it was revealed that the international hacker group Anonymous had launched a cyber war against the Russian government and media, causing serious damage to the country’s reputation (Pitrelli, 2022). News stories reported that official websites of Russian ministries and some government-controlled TV channels were subjected to DDoS attacks, bringing their functionality to a halt. Data from 92 strategically important databases were reportedly compromised by a hacker group (Pitrelli, 2022). Some of that data was wiped, while others were renamed “putin_stop_this_war.” In addition, Anonymous orchestrated the theft of federal data from government oversight agencies, after which this data was released into the public domain.
In this situation, the critical cybersecurity issue defines the ability of an anonymous group of independent hackers to hack and influence entire countries’ government digital systems. This story demonstrates perfectly that even strong countries are not immune to cyberattack threats, and data theft and manipulation can cause damage to government agencies. On the other hand, Anonymous’ actions show that Russia’s cyber defenses are far from perfect; it would seem that such important federal data and state media should be well protected, but Anonymous showed otherwise.
Consequences
Any hacker attack is, first and foremost, a reputational damage to the organization whose bases were compromised. From this point of view, Russia had a major reputational crisis since Anonymous clearly showed that the digital assets of even a strong country, positioning itself as a superpower, can be compromised relatively easily. This has implications for investment flows as well; independent investors may lose interest in companies in a country whose resources are attacked by independent hackers. Of course, the current geopolitical agenda is already hardly conducive to foreign investment in Russia, but this blow reflects even more strongly the inability of developers and cybersecurity specialists inside the country to protect such vital data. In this sense, it should also be emphasized that the loss of trust and investment interest is likely not only from the outside but also from within. Russians, who observe how an independent hacker group can hack into government data and publish it, are likely to become less trusting of domestic companies and suspend investment in them.
In addition, the loss of databases for an organization has implications for the potential development of fraud. It has been reported that many of the personal data of government employees, including mailing addresses, names, and phone numbers, have been released to the public (Pitrelli, 2022). From this perspective, criminals and fraudsters, including those not affiliated with Anonymous, could use this information for blackmail or even physical crimes. Among other things, mailboxes can be hacked, and additional strategically important information can be compromised from them, creating new conditions for reputational and organizational risks.
Nor should we ignore the fact that employees who have failed to protect an organization from cyberattacks are not highly qualified. By now, there are a considerable number of ways to combat DDoS attacks, so the inability to provide adequate protection may be an indication of their low level of professionalism. As a consequence for Russia, this scenario is likely to lead to a wave of layoffs and personnel restructuring within government agencies. Many of the cyber-attacks are not always implemented by direct hacking because there is a phenomenon of social engineering. There is no guarantee that any of the employees of Russian federal agencies and media were not exposed to such attacks and phishing, which led to the data leaks. In addition, Russia might be interested in exploring measures to maximize protection so that there are fewer such threats in the future.
Finally, the nature of the published data should be taken into account — it is information from federal agencies, so it is classified as strategically important material. Any country or terrorist organization unfriendly to Russia could use this to prepare an attack or industrial espionage. As a consequence, one would expect physical threats from data leaks, which could follow immediately after other governments or terrorists understand how such data can be used.
Official government media sites have also been hacked, which has a consequence for spreading propaganda. Some of the TV channels and online news portals have been inaccessible for a long time, making it impossible for users to get information. Moreover, as we know, not all of the media outlets were attacked, but only those that are difficult to call independent; they supported Putin’s regime. For Russians, the blocking of such portals — when truly independent journalism was not attacked — demonstrated the “true face” of state media. As a consequence, it may have affected the loss of audience and decreased trust in such platforms.
Most likely, Russian government agencies and state media are now beginning to invest more finances and resources, including talented programmers, in cybersecurity. This situation has shown how flawed previous security practices were and has created a field for the development of new capabilities. This could include exploring new measures to protect against cyberattacks, using more muscular encryption systems, and rethinking access level systems. Since it is not out of the question that social engineering may have been the likely cause of the massive leak, organizations’ leadership can engage in retraining and a close investigation to identify the potential culprit employee. In addition, companies have lost much of their data if backups were not used. It may then be a conclusion for organizations to physically store all information from databases and the need to protect backups more securely. Moreover, it is likely that government agencies will have to create new databases and populate them anew if access to them has been lost. This creates a huge layer of necessary work that Russian authorities and the media will have to do in the coming months not only to get back up and running but also to ensure adequate functioning in the future. In the meantime, these enterprises will have to do a thorough propaganda job to regain their reputation not only before the Russians but also before the international community and investors. Only these steps seem to me to be the most appropriate in the current circumstances in order to regain their reputation and restore the former trust in their products.
Reference
Pitrelli, M. B. (2022). Anonymous declared a ‘cyber war’ against Russia. Here are the results. CNBC. Web.