Russia's Silicon Valley Dreams May Threaten Cybersecurity

  • By Gregory Feifer

Russian President Dmitry Medvedev and California Governor Arnold Schwarzenegger (2nd left and left) talk with Skolkovo officials outside Moscow on October 11.

There's little obviously unusual about the drab Moscow suburb Arnold Schwarzenegger visited last month. That's because Skolkovo has only just been selected as the planned site for a new Russian Silicon Valley, the crown jewel of a vaunted project President Dmitry Medvedev promises will modernize his oil-dependent country.

The California governor showed up with a small army of bigshots from Google, Microsoft, and other technology companies the Russians hope will provide the crucial technology they need to realize their ambitious plan.

The "governator" played his scripted role to great satisfaction. Revered by Russians who know him from grainy pirated copies of his movies in the 1990s, he praised the diminutive Medvedev as an "action president" and "great visionary." Skolkovo was a "gold mine" for foreign investors, he said. "We don't see Russia as an enemy."

Perhaps. But others believe the Kremlin's motives for attracting cooperation from hundreds of foreign technology companies aren't entirely benign. Among those who would benefit from the "huge honey pot" for the Russian technology industry, says Seattle-based cybersecurity expert Jeffrey Carr, would be the security services who monitor every byte of Internet traffic. "If you're wiring a facility," he says, "the best time to do it is while it's being built." Skolkovo, he says, would provide an information-gathering "coup."

Will Google and other companies help Moscow launch its own Silicon Valley?
That means Silicon Valley companies could be indirectly helping a state many believe is leading the development of the newest global security threat: cyberwarfare. While "cyberwar" is a controversial term -- partly because the lines between criminal, activist, and other kinds of cyberattacks are blurred, but also because it's often impossible to prove who's behind them -- two recent waves of cyberattacks against Russian neighbors have helped drive a major shift in the way Washington and its allies think about international security.

Dawn Of Cyberwar

This year has seen a sea change in planning for what many believe to be the new era of cyberwarfare, which U.S. Deputy Defense Secretary William Lynn recently described in "Foreign Affairs" magazine as a "catastrophic threat."

Last month the Obama administration centralized the military's vast cybersecurity capabilities under the direction of the Department of Homeland Security, months after the creation of the military's new Cyber-Command, which unites units in various services. Later this year, the Pentagon is expected to issue a new "National Defense Strategy for Cyberoperations." Cybersecurity will also rank among top priorities in a new NATO security concept, due later this month for the first time in a decade.

But despite the undeniable emergence of cyberspace as a new battleground, few experts agree on exactly what "cyberwarfare" means. Coined almost 20 years ago, the term first drew serious public attention in 2007, when Internet sites in the Baltic state of Estonia came under attack. It coincided with a bitter war of words between the former Soviet republic and Moscow, which was furious over the relocation of a statue of a Red Army soldier from the center of the capital, Tallinn.

Estonia is now a member of the European Union and NATO, and many there saw the "bronze soldier" as a symbol of Soviet occupation. The Kremlin saw it differently, condemning the statue's removal as an affront to the memory of what it calls the Soviet liberation of Estonia from Nazi control. The pro-Kremlin youth group Nashi took the lead organizing street protests against "fascist" Estonia and Moscow cut off oil shipments. It was then that a number of Estonian Internet sites maintained by parliament, various ministries, and banks, among other organizations, were temporarily overwhelmed by a flood of requests.

It emerged that many of the so-called distributed denial of service attacks (DDOS) were carried out by "botnets," groups of infected computers carrying out instructions from a handful of hackers. They provided the first real signal cyberattacks could pose a national security threat, says Estonian Defense Minister Jaak Aaviksoo. "They were meant to destabilize society and question the government's capabilities to maintain law and order in cyberspace," he says.

Although he says there's "little more" than circumstantial evidence the Russian government was behind the attacks, Estonian officials nevertheless blamed them on the Kremlin. "The nature of those attacks, the high level of coordination and focus," Aaviksoo says, "means there were considerable material and human resources behind them."

Moscow denies the charges. Soon after the attacks, a prominent member of parliament boasted that an associate of his acted alone in orchestrating the attacks. "They're lying," said Sergei Markov, a former scholar who's now a top Kremlin spin doctor, of the Estonian authorities. "They know very well that it was done by a few young guys sitting in [the pro-Moscow Moldovan breakaway region] Transdniester and that they just wanted to show the informal, angry reaction of an offended civil society."

'A Military Operation'


Although the Estonia attacks were the most serious of their kind, they were far smaller and disorganized compared to another wave the following year in another former Soviet republic that rubbed Moscow the wrong way. During Russia's invasion of Georgia in August 2008, DDOS attacks against the presidential administration, a number of ministries, and private companies disabled 20 sites for more than a week and disrupted communications.

A distributed-denial-of-service attack can be carried out with innocent users' computers.
Irakli Porchkhidze, deputy national security adviser to President Mikheil Saakashvili, says the assault actually began the month before the war and eventually involved tens of thousands of botnets mostly controlled by a St. Petersburg criminal group. Some of the attacks disseminated images of Saakashvili in Nazi uniform and other propaganda. The size, timing, and complexity implicated the Kremlin, which Porchkhidze says used the attacks as a military weapon. "It was a new page in the history of cyberwarfare," he says.

Cybersecurity expert Carr, who spent six months investigating the attacks against Estonian and Georgian sites, agrees the evidence casts doubt on the Russian claim the Georgia attacks represented a spontaneous action by impassioned hackers. It was "literally a military operation" by the Russian government. "They were distributing lists of targets to hackers," he says

Research by the nonprofit U.S. Cyber Consequences Unit found that Russian hackers stole the identities of Americans and hijacked U.S. software tools in the attacks. The unit's John Bumgarner, a former CIA cybersecurity expert, says the targets might have been attacked by other means in the past. "They would have been potentially jammed with electronic warfare or bombed with artillery or air strikes," he says. "So the cyberattacks actually spared facilities from being destroyed."

Those who disagree cite the lack of direct evidence against the Kremlin. Georgian cybersecurity expert Nodar Davituri believes the attacks against Georgian sites were probably carried out by an independent group of "kids."

"Georgian websites weren't so hard to hack because most were built by nonprofessionals," he says. "I don't think the Russian government made a big effort to take them down."

But Carr dismisses the lack of direct evidence. "In a criminal trial, you're very rarely able to make a decision on guilt based on anything but indirect evidence," he says. "Even DNA is indirect. So I think it's a misconception that with cyberattacks we now need to jump to some gold standard that doesn't exist in any other domain."

Cybercrime Platform


Nevertheless, Carr dislikes the term "cyberwar."

"Nobody knows what it means," he says. "You can point to an example of a cyberattack in time of war or you can point to other cyberattacks of various types, but you can't dump the label 'war' on it without defining what you really mean."

Part of the problem is the blurred line between different kinds of cyberattacks. James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, says the biggest global cyber-threat isn't warfare but financial crime, which "almost always leads back to Russia."

One of the latest examples was an Eastern European cybercriminal network made public last month, when the FBI charged more than 60 people in various countries with stealing tens of millions of dollars from American banks. The Zeus Trojan virus used to steal bank-account passwords is believed to have been developed by Russian criminals.

Carr says such software worms "provide the platform" for the state to conduct cyberespionage or attacks. Since the programs can operate from servers outside Russia, they also provide the Kremlin with the crucial benefit of plausible deniability.

Lewis believes the Kremlin is failing to prosecute the majority of known hackers because it wants to maintain a pool of them to draw on when needed.

"You have a state that's relatively active in controlling communications and dissident groups," Lewis says. "And yet they say they're unable to control these patriotic hackers. There's a disconnect there. You're a police state, but you're saying these guys are just outside your control."

Hostile Action

Still, cybersecurity experts say the U.S. record of cracking down against cybercrime is worse. Last month, Moscow police launched an investigation into a legendary spammer whose subsequent disappearance coincided with a drop in global spam levels of 20 percent.

Legislator Markov agrees the authorities need to do more to tackle cybercrime. Along with the scientists who turned to hacking after their livelihoods all but vanished following the Soviet collapse, he blames the weakness of postcommunist institutions. "If you want to increase cybersecurity in the world," he says, "help [Russian Prime Minister Vladimir] Putin and [President] Medvedev."

That's precisely what Silicon Valley companies are doing. Earlier this month, Microsoft said it would take part in developing Skolkovo in projects possibly worth tens of millions of dollars, after Cisco Systems agreed to invest $1 billion last summer.

But Carr believes statements from officials such as Markov, who he says plays a key role in developing Russia's "information warfare" policy, aren't entirely believable. China may lead the world in cyberespionage that raids Western intellectual property, he says, but Russia leads the way in "being willing to take hostile action." American firms helping build Skolkovo may therefore also inadvertently be harming global cybersecurity.