A spectre is haunting the West — the spectre of cyberwar.
It’s now clear, according to American intelligence agencies, that the Russian government engaged in a campaign of hacking, email leaks and fake news in an attempt to undermine the American political process — and steer the presidential election to Donald Trump.
Russia has repeatedly denied the allegation.
But many are now asking: Are we at cyberwar?
In the cybersecurity industry — mostly made up of hackers and spies — the conventional wisdom was that cyberwar is like physical war. It’s only war when someone dies or something explodes.
But what happened during the recent American election is forcing experts to revisit that idea.
“‘Nothing’s blown up’ is the old school way of thinking,” said Dave Aitel, a former scientist at the National Security Agency. “But I don’t have to blow something up to destroy your country. I just have to reduce trust in your national way of life.”
“I think it’s a cyberwar, and I think we’ve lost a battle,” said Aitel, now CEO of the security consulting firm Immunity.
CNNMoney has reviewed NATO assessments of a decade of Russian hacking operations and spoken to dozens of computer security professionals around the world.
The image that starts to emerge is stark: The Cold War moved online. And Western countries are only starting to realize it.
The term they most agree on: cyber cold war.
“There’s something unsettling about calling this a war. But it’s frivolous to ignore this,” said Laura Galante, intelligence director at cybersecurity firm FireEye. “The Russians get it right, and they’re beating the U.S.”
Ben Nimmo, a senior fellow at the Atlantic Council who tracks how Russia uses propaganda and information as warfare tool, said the United States was not the first country to be targeted by the Kremlin.
Several episodes reveal Russia’s tactics and information warfare strategy to destabilize the West.
An early example is Estonia, the tiny former Soviet state that borders Russia and lies at the northeast corner of Europe. When its pro-European Union government decided in 2007 to relocate a controversial World War II memorial commemorating the Soviet fight against Nazis, “the Russian disinformation machine went berserk,” Nimmo said.
Russian-leaning news websites reported a conspiracy theory that the Estonian government had already cut it into pieces — then put it back together out of fear of retribution. Photos showed incisions in the bronze. The incident infuriated ethnic Russians in Estonia and set off protests in the capital city.
But it wasn’t true. Those groove marks in the metal were there because the statue was built in pieces back in the 1947.
“It’s classic fake news,” Nimmo said. “It’s taking a very small grain of truth — that this statue had at one point been in pieces — then taking a photo and showing weld marks.”
When the Estonian government moved to contain the protests, Russian hackers attacked the computer systems of Estonian government agencies, banks and media.
It was a one-two punch Russia would later perfect.
Two weeks before Russian tanks rolled into its small southern neighbor of Georgia, hackers began disrupting Georgian government websites. On the day Russians invaded, the website StopGeorgia.ru popped up with a list of Georgian websites and instructions on how to hack them. The subsequent cyberattacks made it harder for the Georgian government and news sites to communicate what was happening to them.
When protests in Ukraine against the pro-Russian government heated up, hackers using Russian malware drowned the opposition’s websites — sometimes choking off their communications.
Pro-Russian hacker groups CyberBerkut and CyberRiot Novorossiya leaked emails stolen from Ukrainian officials — a propaganda tactic Russia would later employ against Americans.
As Russian military forces invaded Ukraine’s Crimean peninsula, hackers flooded computers at key governments across Europe — as a distraction for the Russian government to buy time on the battlefield, according to a NATO analysis by military scholar James J. Wirtz.
Hackers played a key support role for the Russian government’s propaganda, which pumped out conspiracy-laden news stories that doubted whether Russian special forces actually moved into Crimea, according to NATO.
Pro-Russian hackers then ramped up their attacks. During the 2014 Ukrainian presidential election, they disabled a computer that would display the real-time vote count. They defaced the Central Election Commission’s website, falsely displaying the extremist candidate as the winner.
“We should not underestimate the ability of hackers — especially those that enjoy state sponsorship — to disrupt the political process of a nation,” later wrote Nikolay Koval, who at the time was the chief of Ukraine’s elite Computer Emergency Response Team.
The conflict peaked in 2015, when Russian hackers temporarily knocked out a portion of the energy grid in Ukraine, according to that country’s top law enforcement agency.
Why it’s now obvious
This long history of Russian cyber operations has largely gone under the radar — mostly because they were initially hard to trace back to the Russian government.
But it’s become harder for them to cover their tracks. Cybersecurity expert Jen Weedon has documented how Russia has vastly increased the demand it makes of its hackers, which forces them to work fast — and use the same tools and tactics.
The trail of Russian hacking victims is now so extensive that digital forensic investigators have a definitive profile, one that the CIA, NSA and FBI agree on.
There are two chief suspects: Russia’s Main Intelligence Directorate, known as the GRU, and its Federal Security Service, the FSB.
“This is a cyber cold war. It’s the espionage, the sabotage, the positioning to gain the advantage of the other,” said Jeff Bardin, a former Air Force intelligence officer who trains professionals in cybersecurity.
“This is a war of bits and bytes.”