November 13, 2024:
the United States continues to hunt down and prosecute Russian hackers that were responsible for Cyber War attacks on Ukraine just before the Russians invaded in 2022. Five suspects are members of the Russian military and in Russia. The United States has offered a $60 million reward for those who make possible the arrest of the Russian hackers. This is the largest reward the United States has ever offered. These rewards work and the Americans keep quiet about who received an award and how the U.S. often arranged to have the award winners and their families relocated and sometimes put in a form of the U.S. witness protection program.
The Russian cyber-attacks on Ukraine were known as Whisper Gate and were carried out by the Russian GRU military intelligence organization. The GRU, in one form or another, has been around for 300 years. Espionage and dirty tricks are a long Russian tradition.
The GRU Cyber War offensive on the eve of the Ukraine invasion was directed against NATO supporters of Ukraine, including the United States. This triggered an aggressive and ongoing American response. This appears to have encouraged the GRU to try harder and the Cyber War goes on.
Since 2022 the Ukrainian GRU has been fighting back at the Russian Cyber War efforts and had some success damaging Russian Cyber War assets and stealing Russian government and military data. In July 2024 Ukraine carried out a surprise electronic attack on Russian internet access. This was accomplished by using the largest DDOS distributed denial of service attack ever. The attack disrupted all major Russian internet systems, including financial institutions, government networks and internet-based communications. This included messaging apps and social networks.
These attacks are usually carried out by first using a computer virus, often delivered as an email attachment that installs a secret Trojan horse type program that allows someone else to take over that computer remotely and turn it into a zombie for spamming, stealing, monitoring, or DDOS attacks to shut down another site. There are millions of zombie PCs out there and these can be rented, either for spamming or launching DDOS attacks. You can equip a web site to resist, or even brush off, a DDOS attack but the Ukrainian attack was so massive and well planned that Russian DDoS defenses were of no use.
It took about three weeks to get the Russian internet back to normal, although some systems were so heavily damaged that it took months to get them running again. Major commercial, government and military systems were damaged or offline for weeks while repairs were made. The Ukrainian attacks were so massive, hitting internet targets throughout Russia, that there were not enough Russian internet engineers to repair all that damage immediately. That meant systems that were not critical were offline for weeks or months.
Russians feared the Ukrainians would launch a similar attack before all the damage from the first one was repaired. Russia has long been a leader in such attacks, but the Ukrainians prepared for that before the Russian 2022 invasion and upgraded their internet defenses. Russia was not as well prepared and was vulnerable. Some Russian internet engineers warned their government of the vulnerability but not enough was done.
Attacks like these are more common now but have been for over two decades. One example occurred in 2011 there was an odd incident in South Korea, where a widely distributed computer game appeared to be infected with malware. What caught the attention of South Korean military intelligence was the fact that the malware was hidden in every copy of this game and, at one point, many of the 100,000 infected PCs tried to shut down the air traffic control system at a major South Korean airport.
Further investigation revealed that the airport attack was part of a growing Cyber War campaign by North Korea against government and military websites in South Korea. One of the most disruptive North Korean Cyber War weapons was DDOS attacks. You can equip a website to resist, or even brush off, a DDOS attack and some of those attacks are prepared. But others were not. The South Korean airport was disrupted for several hours. The Russians suffered even greater damage in 2024.
North Korea has launched DDOS attacks and attempted to hack into South Korean networks for over twenty years. This is a continuing problem for South Korea and Japan, which have had to construct large scale internet defenses to provide some protection from further North Korea attacks via the internet. Most North Korean attacks are for financial gain. North Korea is perpetually broke and always in need of more cash. North Korean hackers have turned many foreign internet systems they have hacked into their own private ATMs.