In connection with the upcoming Cyber Law & Business Report segment on Russian cyber attacks, below is a timeline of significant Russian-connected cyber attacks.
Web War I
After Estonia moved a Soviet war memorial, in April 2007 Russia launched a three week denial of service attack against one of the most connected countries in Europe. The attack shut down websites for much of the government, half of its major news outlets and its largest banks. It has been called WWI – Web War I.
Today NATO’s cyber command is based in Estonia.
After Lithuania bans communist symbols, some 300 Lithuanian web sites were hacked in July 2008 to include images of the Soviet red flag and playing anti-Lithuanian songs. The attacks shut down the Web sites of the national ethics body, the securities and exchange commission, the Lithuanian Social Democratic Party, among others.
As tensions escalated between Georgia and Russia over its breakaway South Ossetia territory in August 2008, DDoS attacks on Georgian government websites, particularly the president’s website. Russia invaded two weeks later, launching on day one sites such as stopgeorgia.ru with a list of sites to attack, instructions on how to do it and even an after-action report page.
Krygstan, which hosts U.S. airbases, sustained a two-week DDoS attack from Russia in January 2009 that shut down more than 80 percent of the nation’s bandwidth.
Russia has been linked to an army of trolls targeting Polish news websites to spread anti-Ukranian propaganda in order to create a rift between Poland and the Ukraine.
2014 – Present: Ukraine
In March 2014, Russia annexed the Ukrainian territory of Crimea. Russian hackers sought to disrupt their Presidential elections in May that destroyed both hardware and software, disrupting programs to monitor voter turnout and tally votes. Hackers also posted false election results, which were quickly debunked by Ukrainian media.
The cyber attacks have been ongoing against Ukraine’s banks, railroads, mining industry, and power grid. In 2016, an attack on the grid forced 225,000 to lose power.
2014 – United States
The Pentagon blamed Russia for a sophisticated hack into the White House’s unclassified email correspondence and into the State Department.
In December 2014, Germany announced that hackers had accessed a German steel mill and hijacked its blast furnace to prevent it from shutting down and ultimately causing it to meltdown.
German authorities also linked Russia to a massive cyber attack on Germany’s lower house of parliament which forced its computer systems to be shut down for days.
2015 – France
Russia sought to destroy France’s TV5Monde channel via an April 2015 cyberattack. The attack took the channel off the air for several hours. McClatchy reports
The attackers defaced the TV5Monde website and placed an image of a disguised jihadist with a black-and-white checked keffiyah and the words “Cyber Caliphate,” a group set up by the Islamic State.
“We saw this as the first foray into an active false flag operation,” Galante said, using the espionage term for one side in a conflict disguising itself as a different party. “This was not long after the Charlie Hebdo shooting in Paris, and it served as a laboratory.
At the November NATO meeting in Bulgaria, its prime minister explained that
Starting on 25 October, websites of the council of ministers of parliament and of the central election committee have been heavily attacked through cyber capabilities in an unprecedented way.
The Prime Minister blamed the Russians for the attacks, as it also coincided with increased incursions into their airspace by Russian planes.
Turkey blamed Russia for a massive cyber attack that forced it to close external traffic to NIC.tr, making it imposible to access or send email from .tr addresses. Turkey had been at odds with Russia after shooting down a Russian plane in its air space.
2016: US Democratic National Committee
Starting with the Democratic National Convention and continuing into the fall campaign, Julian Assange’s WikiLeaks has released emails purportedly coming from the Democratic National Committee and the Clinton campaign.
In a Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence the blame was put squarely on the Russians.
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.