Russian government hackers use common techniques to hit targets
Oct 08, 2018 · 1 min read
Last Thursday, the U.S. Department of Justice charged 7 Russian government hackers with a range of daring hacks executed around the world. One of the most surprising revelations, however, was just how relatively common some of their methods were.
The dangers of public WiFi
As hackers employed by the GRU – Russian military intelligence – the 7 hackers’ targets came as no surprise. They included:
The lab responsible for analyzing the nerve agent used in the Skripal poisoning case;
The lab responsible for analyzing reports of chemical weapon use in Syria;
Numerous anti-doping agencies and organizations responsible for revealing the Russian state-run doping ring;
U.S. nuclear power companies that worked with Ukraine.
The hackers in question are likely to be safe in Russia and will probably only be apprehended if they travel to Europe or the U.S. What they did leave behind, however, was a trail of evidence of their exploits – and you’d be surprised how relevant some of that evidence is to your everyday life!
Despite being backed by the Russian government, these hackers’ tools of choice aren’t much different than what the average hacker-thief would use to steal your credit card info. Some of the devices they used can be ordered online by anyone for just $100.
Let’s examine their methods. The Russian state hacking apparatus has a great deal of experience with hacking from afar, but the two weakest links in most of your online connections are you and your WiFi, in that order. It’s no surprise that they relied primarily on two common but highly successful attacks so they could hit their targets:
MITM (Man-In-The-Middle) attacks: Many of the hackers’ targets were specific institutions or people. These can be tough to target from thousands of miles away, but if you’re sitting in an unmarked car right outside a hotel or laboratory, it suddenly becomes very easy! And that’s exactly what the hackers did. By using a Pineapple WiFi device, they could pose as legitimate networks and trick devices into connecting to them and using their internet (click here to learn about other common hacking methods). Then, they can scan any information sent by users over unsecured connections. All it takes is one unsecured user with the right credentials for the hackers to gain access to the internal system and take or sabotage any data they want.
Spearfishing: Okay, so spearfishing doesn’t necessarily require close proximity, but it’s still one of the methods that the Russian hackers used to crack their targets. Fishing emails cast a wide net by trying to fool thousands of recipients into handing over sensitive information (by posing as websites like PayPal, for example). Spearfishing is more targeted and focused – these emails get sent to specific users and impersonate websites that the attacker knows the target uses. You might expect fishing emails that pretend they’re from a leading bank in your country, but you won’t expect one posing as your job’s internal scheduling system. However, that’s exactly the type of email a Russian hacker might send to a lab employee. All it takes is one employee entering their login credentials or downloading some malware and they’re in.
Myths this case debunks
There are many reasons why people dismiss the need for personal online security, and this case blows some of them right out of the water.
“Hacking is rare because it’s so hard to do.” The tools used by these hackers were far from the most advanced tools in their arsenal – and they were successful against large international institutions. As I mentioned, you can purchase one of the devices they used online for $100 or $200. Anyone can. They are usually used by security experts to perform penetration testing, but they’re obviously easily abused by hackers as well. In this case, you can defend yourself from ordinary hackers and state-sponsored military hackers using the same methods.
“I’m not important enough to be targeted.” First of all, there are plenty of common thieves-turned-hackers out there who’d like to disagree with you. Picking pockets is so last decade. Why do that when you can hit thousands of potential targets all at once? If you have a bank account, you’re fair game. But we’re not talking about common thieves here – we’re talking about state-sponsored military intelligence. Chances are they have no reason to target someone like you, right? Well, perhaps. However, it can be difficult to predict who might want to target you specifically and why. From corporate espionage and excessive government surveillance to hackers working for foreign interests, there can be plenty of reasons to be targeted that you may not be aware of. By staying unsecured, you put yourself, your employer, and people around you at risk.
How to stay secure
Spearfishing can be tough to defend yourself again. It requires a good eye for fake email addresses or websites and a healthy dose of skepticism. Whenever you get an email to a page where you need to enter your password, consider these questions:
Why do they need my password and why do they need it now?
Do the website and sender’s email address look legitimate?
Have I ever received a message like this before? Was it legit?
If I have time, can I contact the real institution in question and confirm the validity of this email or request?
Protecting yourself from 99.9% of MITM attacks is much easier. This is basically the attack that VPNs were designed to prevent! By encrypting your traffic, they block attackers from seeing your data and from redirecting you to fake websites. All you need to do is turn on your NordVPN app.
For more security news and tips from NordVPN, subscribe to our monthly email newsletter below!
Daniel MarkusonVerified author
Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.