BBC News

Five Russian hacks that transformed US cyber-security

Gordon Corera
Security correspondent, BBC News
@gordoncoreraon Twitter

Published
image copyrightGetty Images
image captionSince the days of the Soviet Union, cyber-espionage has been a key concern of US officials

The latest hack, allegedly by Russia, is a reminder that Moscow is America's oldest adversary in cyber-space.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online.

Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself.

And they have learnt it is not always possible to predict, or stop, Moscow's efforts.

1) Cuckoo's Egg

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75.

Cliff Stoll looked after the computer networks at his lab. In 1986, he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data.

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service.

It led Stoll to involve America's intelligence community.

As the first country to move information online, Stoll's discovery was the first indication that the US was going to be a lucrative target for foreign hackers.

2) Moonlight Maze

A decade later, in the mid 1990s, the first major cyber-espionage campaign conducted by a state intelligence agency was uncovered.

Codenamed Moonlight Maze, some of the details remain classified. But this was a group of high-end hackers working "low and slow" to steal US military secrets through a backdoor.

The hackers took vast amounts of information. And, for the first time, defence officials also feared they might leave something behind - to sabotage their systems.

US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code.

Moscow denied everything, and stalled the investigation.

Among those who worked on the investigation was Kevin Mandia - currently chief executive of security firm FireEye. Those involved say it was the first time they understood the sophistication of their adversary, believed to be a successor organisation to the KGB.

3) Buckshot Yankee

Someone picked up something they should not have done and put it in a computer.

A familiar story these days maybe - but, in 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas - rocked Washington.

It allowed hackers to penetrate classified US military systems which were supposed to be kept offline.

It took four months for an analyst to spot the breach at US Central Command and the clear-up, codenamed Buckshot Yankee, took even longer.

image copyrightGetty Images
image captionThe US Cyber Command joint operations centre on the NSA campus in Fort Meade, Maryland

It was linked to the same group that was behind Moonlight Maze.

The shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online.

4) The Democrats

In the subsequent years, China began to receive more focus - particularly with regard to stealing commercial secrets.

But Russia had not gone away.

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party.

media captionGordon Corera reports on an "extraordinary" claim Russia is trying to influence the election

The team from the foreign intelligence agency, the SVR, stayed undercover - but the military intelligence team from the GRU - Fancy Bear - had a different plan in mind.

It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election.

The problem was no one had been prepared for this kind of "information operation".

This time round, in the 2020 presidential election, companies and officials were on their guard for election interference from Russia.

But what they didn't realise was that old-fashioned espionage was carrying on unnoticed - with Russian intelligence again believed to be the culprit. Once more Moscow has denied any role.

5) Sunburst

The exact impact of the Sunburst breach, through the company SolarWinds, is not yet clear. Nonetheless, federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations.

It is not "espionage as usual", Microsoft President Brad Smith argues.

But others disagree, calling it pretty much routine espionage. They add that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed the US (and UK) were more than capable of targeting other countries' secrets by compromising hardware and software from reputable firms - in a way that is not that different to this latest breach.

The troubling question this hack may raise, though, is that - after more than 30 years of experience and massive investment - why did it still take so long to spot and stop the breach?

The answer? In cyberspace the attacker normally has the advantage in finding a new way in before the defender can close off that gap.

And as long as there are secrets online, the most capable spies - especially those in Russia - will be out to steal them.

Related Topics

  • Russia
  • Spying
  • Cyber-security
  • United States
  • Computer hacking

More on this story

  • US cyber-attack: US energy department confirms it was hit by Sunburst hack