The theft of data from JPMorgan Chase does not fit the established pattern of Russia's political cyberattacks against rival nations
Subtlety has never been the strong suit of Russia’s hacker-patriots. In 2008, during the Russian invasion of Georgia, they managed to hijack or disable all the key websites of the Georgian government, plastering one of them with images of Adolf Hitler. The year before that, during Russia’s diplomatic spat with Estonia over a Soviet war memorial, hackers targeted Estonian banks, media and government websites, paralyzing some of them for days. None of these attacks had any clear financial motive. They were meant to send a political message, and though it proved impossible to trace them back to the Kremlin, the attacks were designed to make it as easy as possible for the victim to infer their Russian origins.
That is partly why the latest reports suggesting that Russian hackers might have targeted American banks seem so different. As the Bloomberg news agency reported on Thursday, the attacks appear to have come in mid-August, just as the U.S. imposed its harshest round of sanctions to punish Russia for intervening in Ukraine. Those sanctions could indeed have been a motive for Russian hackers to hit back, as the Bloomberg report suggested, citing sources familiar with the FBI investigation of the crime. Instead of targeting the U.S. government agencies behind the sanctions — or indeed any branch of the U.S. government — the suggestion is that they might have gone after JPMorgan Chase and at least one other financial institution.
If true, this would mark a major shift in the cybercomponent of Russia’s ongoing standoff with the West. From its inception in March, when Russia annexed the region of Crimea from Ukraine, this conflict has not involved the use of hackers on any serious scale. “We were all expecting a major Russian cyberoffensive against Ukraine, something along the lines of the Estonian example,” says Andrei Soldatov, a Moscow-based expert on cyberwarfare and the Russian security services. “But none of that ever happened, which was strange. A lot of people were wondering, including in NATO, what’s the deal? Why aren’t the Russians doing what they normally do?”
Only a couple of incidents played into these expectations. The Ukrainian security service claimed in early March that Crimea was being used as a base for cyberattacks on Ukrainian cell-phone networks, though no widespread disruptions followed. Then, just before Russia formally annexed Crimea on March 18, hackers briefly took down the public websites of the NATO military alliance.
This was not the stuff of cyberwar, and neither is the reported attack on American banks this month, says Nikita Kislitsin, a cybersecurity expert in Moscow and a former editor of Russia’s Hacker Magazine. “Even if there is a political motive, it is more likely just a mask for criminal intent,” he says. The troves of data stolen from the banks’ websites could either be sold online or used to siphon money from banks’ accounts. Had the hackers wanted to send a political message, they would likely have chosen different targets and different means of attack.
The cyberattacks on Estonia and Georgia both involved one of the more primitive weapons in the hacker arsenal. Known as the distributed denial of service attack, or DDoS, it overwhelms a server with so many requests that it crashes. In the case of Estonia, a member of a Kremlin-backed youth group called Nashi admitted to organizing the DDoS attacks “to teach the Estonian regime a lesson.” In the case of Georgia, pro-Kremlin hackers posted instructions online on how to launch a DDoS attack on Georgian servers, and anyone who sympathized with the Russian cause in that war was thus invited to do their patriotic part in the cyberoffensive.
The reason no such campaign was launched against Ukraine, Soldatov suggests, is that the Nashi youth group was disbanded in 2012 and its political overseers lost their jobs in a Kremlin shake-up. “The new team that came in doesn’t seem to like working with hackers very much,” he says. “They use the Internet more for the dissemination of propaganda.”
And it is hard to see an upside in the propaganda war from attacking big Western financial institutions. If anything, the Kremlin would be interested in keeping such companies on its side, encouraging them to lobby their governments to ease the sanctions on the Russian economy. Many Western businesses have a vested interest in keeping Russia open to trade and investment. So it would not make much sense to antagonize them with a state-sponsored hacker attack. Whatever the motives and means involved in hacking American banks, they do not fit the mold of Russia’s previous cyberwars with its disobedient neighbors.