Russia, Other Bad Actors Hacking Ukraine: NSA Cybersecurity Director

Russia, Other Bad Actors Hacking Ukraine: NSA Cybersecurity Director
An engineering student takes part in a hacking challenge near Paris on March 16, 2013. AFP via Getty Images/Thomas Samson
Lawrence Wilson
Updated:
0:00

Russia and a host of other bad actors are active in Ukrainian cyberspace in everything from intelligence gathering to criminal pursuits, according to National Security Agency (NSA) Director of Cybersecurity Rob Joyce.

Yet the United States employs a wide range of tactics to identify and eliminate these cyber threats, he said.

Joyce discussed the function of the agency and the cyberwar in Ukraine at a forum on April 11 hosted by the Center for Strategic and International Studies in Washington.

Bad Actors

Nation-states often use proxies in conducting cyber attacks, said Joyce, so it’s not always easy to tell who the true enemy is.

“There is this scale that goes from black to white, and there are shades of gray all the way between. I can absolutely tell you that there are nation-state hackers by day, who use their tools and capabilities and knowledge to do criminal things by night,” Joyce said.

The seals of the U.S. Cyber Command, the National Security Agency, and the Central Security Service in Fort Meade, Md., on March 13, 2015. (Chip Somodevilla/Getty Images)
The seals of the U.S. Cyber Command, the National Security Agency, and the Central Security Service in Fort Meade, Md., on March 13, 2015. Chip Somodevilla/Getty Images

In Ukraine, that combination of identities can be especially difficult to sort out, according to Joyce, because some hackers are Russians motivated by patriotism but not aligned with the Russian government. Yet some hackers who work for the Russian government operate under the guise of patriotic hackers.

“Sometimes the Foreign Intelligence helps us sort those into piles. Sometimes it doesn’t matter,” said Joyce. “Bad things are bad things, whether it’s a nation-state, or criminal, or patriotic activities. You have to make it stop.”

Russian Hackers

The Russians have demonstrated significant capability in the cyber fight against Ukraine, including attacking their ability to use Navstar GPS satellites and launching at least nine unique wiper viruses into the Ukrainian cyber environment, Joyce said. Wiper viruses are malware that erases a computer’s hard drive.

Hackers also attack Ukrainian financial institutions, government personnel, and businesses in an effort to disrupt Ukrainian society.

There is also a lot of intelligence-gathering activity—sometimes in creative ways, Joyce said. “We’re watching the Russian hackers log into public-facing webcams to watch convoys and trains delivering aid.

“They’re looking at the coffee shop security camera and seeing the road they need to see.”

Targeting the United States, the hacking aims primarily to gain intelligence on the aid being delivered to Ukraine. So far, that has not included disrupting the operations of the American government or companies.

Active Defense

To combat Russian and other hackers, the NSA has a strategy of “active defense,” which Joyce likens to defending the goal in a soccer match.

If you give an opponent unlimited shots on goal, they will eventually score, Joyce said.

“The idea behind active defense is to use tools and capabilities to make sure they don’t get to do that [opportunity] unimpeded,” he said.

“We have a set of people who get up in the morning and go to bed at night thinking, “How do I give the adversary a bad day, using what NSA has or knows?” Joyce said.

Since the NSA mostly gathers information rather than undertaking operations, that involves working with panthers like the FBI, Cyber Command, the State Department, and the Treasury, according to Joyce.

“Our Adversary Defeat function is figuring out how we operationalize the SIGINT. We know how do we find the partner who can do something effectively, that takes a [bad] actor out of the ecosystem or disrupts them from being able to have those free kicks on goal.”

Those actions could include law enforcement, diplomatic engagement, and sanctions by the Treasury’s Office of Foreign Assets Control.

“It’s a wide array of tools,” Joyce said.