World

U.S. officials wonder: Where are Russia's much-feared cyberattacks?

American officials have envisioned scary scenarios for Russian cyberattacks in the Ukraine conflict. Including some that could expand the war. After all, Russia is renowned for its hackers, whom Vladimir Putin once compared to artists. So the U.S. is watching, waiting and wondering: Where are they?

Putin has bragged about his nation's digital warriors and the U.S. is bracing for their arrival

Russian President Vladimir Putin, seen here on a Moscow television screen in 2020, has boasted about the talents of his country's cyber-hackers. So U.S. officials have been waiting and wondering: where are they? (Maxim Shemetov/Reuters)

There's a particularly unnerving scenario for a Russian cyberattack casting its shadow in the head of an American politician who oversees intelligence issues.

Mark Warner leads the Senate intelligence committee, which gets him regular intelligence briefings and better-than-average access to U.S. state secrets.

The Virginia Democrat has been voicing his concern at recent public events about the risk of a cyberattack striking a NATO country, potentially broadening the Ukraine war.

He's also a former tech executive and the scenarios he's raised go something like this: A computer virus hits a Polish hospital and Polish patients die. Speaking at a think-tank event Monday, he wondered aloud whether that would trigger NATO's mutual-defence agreement under Article 5.

Another possible scenario he raised is a hack that could shut down traffic lights, resulting in American soldiers getting into a vehicle accident.

In the meantime he's been watching and waiting, and now he's wondering: Where are the Russian hackers?

Sen. Mark Warner, left, seen greeting the director of the U.S. Defence Intelligence Agency during a Senate hearing last week. (J. Scott Applewhite/AP)

That question of why Russia hasn't unleashed its notorious digital warriors in the current conflict over Ukraine was a prevailing theme Monday at a panel Warner participated in during an event at the Center for Strategic and International Studies.

"I have questioned our leaders: 'Why haven't we seen the real [Russian hacking] A Team?' " Warner said, echoing comments he made last week at a Senate hearing.

"I'm still relatively amazed they have not matched the level of maliciousness that their cyber-arsenal includes. Will we see that in the coming days? I think that remains a possibility."

He noted that before the invasion, hackers brought down the websites of Ukraine banks and government offices, but they used relatively simple data-wiping malware.

He said we still haven't seen so-called worms like those in the devastating WannaCry and NotPetya cyberattacks a few years back, which burrowed through computer systems around the world and even struck hospitals. 

Russian state- and non-state-affiliated hackers have been blamed for some of the most disruptive cyberattacks. One was the so-called NotPetya trojan-horse attack of 2017 that caused damage in numerous countries, including causing a container backlog at this port in Mumbai, India. (Rajanish Kakade/AP)

'Not out of the woods yet'

Warner's not alone in wondering why Russia's cyber realm has been so quiet. After all, Russian President Vladimir Putin once compared his country's hackers to artists, likening them to painters who wake up inspired to defend their motherland.

So far those artisans of digital mayhem haven't caused any obvious disruption to Western computer systems, whether they be non-state actors like those Putin alluded to, or from his state security agencies.

A former top U.S. cybersecurity official said there's been widespread astonishment that a country renowned for hacking hasn't deployed that weapon. At least not yet.

"I think everyone's been somewhat surprised," said Chris Painter, head of the Global Forum on Cyber Expertise Foundation and a former official in the U.S. State Department and White House.

"But I don't think we're anywhere near out of the woods yet."

A man holds an effigy of Putin during a protest against Russia's invasion of Ukraine outside the White House this month in Washington, D.C. (Sarah Silbiger/Reuters)

Greg Rattray, the head of cyber-defence company Next Peak LLC, also wondered why we haven't seen non-state-led ransomware attacks against Western organizations.

These attacks, Rattray said, are still occurring at normal volumes. "Maybe even less than normal [volumes]," he said during Monday's Center for Strategic and International Studies event.

Gen. Paul Nakasone, who leads the U.S. Defence Department's Cyber Command, told a Senate intelligence hearing last week that there are four categories of attack he's worried about.

One is a spreading-malware attack like the one Warner referenced. Another is ransomware, like the blackmail attack on a pipeline last year that caused havoc at U.S. gas stations. A third involves proxies, where non-state hackers get a green-light from the Russian government to conduct an attack. And, finally, he worries about attacks on an Eastern European ally.

A specific target not mentioned at that Senate hearing was banks; the New York Post, however, has reported that financial companies are seeing more attacks lately, but have repelled them so far. 

Nakasone said he's still concerned.

"We're 15 days into this conflict," he said. "By no means are we sitting back and taking this casually."

The U.S. blamed Russian non-state actors for the attack on the Colonial pipeline last year that caused chaos at gas stations, including this lineup of cars in North Carolina. (Jonathan Drake/Reuters)

So why haven't we seen them yet?

Nakasone offered two explanations for why we haven't yet seen widespread technological disruptions as part of the Russian response: It's possible Russia made a strategic choice not to launch cyberattacks yet, but he also credited work the U.S. did with Ukraine before the invasion to patch up digital vulnerabilities.

Painter said it could be a multitude of factors — Russia could be waiting for a specific moment, or it could be reluctant to damage Ukrainian equipment it hopes to inherit if it successfully replaces the government. Also, he said, Russian cyber-operators could easily be swamped right now, tied up with spying on Ukrainian allies.

U.S. President Joe Biden said he warned Putin not to attack American infrastructure, including at this meeting in Switzerland last June. (Kevin Lamarque/Reuters)

Ukrainian defences also deserve respect, Painter said, noting the country has much better protection than it did in 2015 when its power grid was hacked and shut down.

At the end of the day, he warned, it's impossible to stop every attack from a dedicated adversary like Russia: "You could be very good at defence — they're still going to get in," he said. 

"That's what we haven't seen. And I do think we will see that. That it's being held in reserve [by Russia to be used later]." 

Rattray raised an entirely different possibility: that, as capable as Russia's hackers are, they might not be quite as masterful as their reputation.

U.S. capabilities a possible deterrent

What's also true is that hacking carries risks for Russia, too.

U.S. President Joe Biden has been warning Putin, including in a face-to-face meeting, that the U.S. would respond to hacks on vital infrastructure.

The U.S. has spent months conducting drills for hacking scenarios, with the president briefed on a range of potential American counter-responses.

Some of the options presented to Biden, according to NBC News, are unprecedented and devastating: disrupting internet connectivity in Russia, shutting off electrical power, and tampering with railroad switches to make it harder to resupply Russian troops in Ukraine.

A January cyberattack on the website of Ukraine's foreign ministry earlier this year left this warning message in Ukrainian, Russian and Polish. The attack wiped data but was far less devastating than so-called trojan-horse attacks that can spread and cause widescale damage. (Valentyn Ogirenko/Illustration/Reuters)

Painter seriously doubts the U.S. would go that far.

"We're not going to do things like turn off the lights in Moscow," he said Monday. "We're not gonna have this disproportionate thing where we go after civilian targets in Russia. We're just not going to do that. Nor should we."

He also poured cold water on Ukraine's idea to kick Russia off the internet and its .ru domains. He said the U.S. doesn't want to see rival nations start a competing internet any more than it wants a competing international financial system

Rattray agreed that U.S. cyberattacks against Russia could be seen as escalatory and smash norms in a way that could make conflicts more dangerous.

U.S. releasing secret intelligence 

The U.S. has already developed a non-lethal online tactic in this war: It has repeatedly released secret intelligence, spreading word of Russian invasion plans.

Warner said it's no accident so many countries sided with the U.S. and Ukraine including in a lopsided vote at the United Nations.

A laptop displays code for the Petya malware virus, according to representatives of the Ukrainian cyber security firm ISSP, seen in Kyiv in 2017. (Valentyn Ogirenko/Reuters)

For years Russia outwitted its rivals in online information campaigns, but he said that releasing intel in real time has helped the U.S. pre-emptively thwart Russian disinformation and primed democracies to respond.

"It really has left Putin exposed as being the absolute culprit in starting this war," Warner said Monday. 

He also applauded Congress for passing cybersecurity legislation he sponsored, which requires companies operating key U.S. infrastructure to quickly report any cyber-hacks.

now