15Russian Cyber Operations and Tools
15.1 Russian Cyber Operations and Tools
As discussed in Chapter 5, Russia deploys a full spectrum of cyber operations, from IO to system‐level manipulation. From a technical standpoint, as discussed in Section I, the Russian Federation monitors its Internet and telecommunications through SORM (e.g., SORM‐3 (Lewis, 2014)). Additional cyber operations infrastructure is provided by contractors, from cyber tool developers to networking gear.
15.1.1 Example Operations’ Attack Paths
Due to the long history of Russian cyber operations, we have attack paths for both the attempted penetration of the U.S. Star Wars’ missile defense program in the 1980s and Operation Moonlight Maze in the 1990s. The Star Wars’ attack was documented in detail by Clifford Stoll in his book “The Cuckoo’s Egg” (Stoll, 2005).
15.1.1.1 U.S. Star Wars Missile Defense
In the late 1980s, German hackers, working on behalf of the Former Soviet Union’s KGB, penetrated the Lawrence Berkeley Lab’s computer network in an attempt to get information on the U.S. Star Wars missile defense program portfolio (Section 9.1.1.1). This is an excellent description of how an international hack works, with technical information that includes
- keystroke logging to monitor attacker behavior
- honey files to deceive and track a cyber attacker
- honey tokens to track a cyber attacker
- network diagrams to show the attacker’s path
As shown in Figure 15.1, “The Cuckoo’s Egg” also provides an early example ...
Get Cyber Operations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
