Russia is one of the most sophisticated nation-states in cyberspace in part because of its ability to enlist cyber-criminal groups to do its bidding, said retired Gen. Michael Hayden, former head of the CIA and National Security Agency.
“The Chinese have scale, the Russians have skill,” Hayden said May 24 at a conference in Washington hosted by Gigamon. That assessment echoes what Adm. Michael Rogers, the current NSA director, has told Congress.
Hayden likened Russian President Vladimir Putin’s alleged sponsorship of criminal hackers to the patronage Don Vito Corleone provides associates in the popular film The Godfather.
“Don Vladimir has allowed the criminal gangs to survive and flourish without legal interference as long as they go outward,” Hayden said. “And from time to time the Don then has need of their services.”
Analysts and U.S. lawmakers have pointed to close ties between the Russian government and cybercriminal groups to the point of blurring the lines of attribution. Some have blamed Russia for a December hack of the Ukrainian power grid, which affected 225,000 customers.
The different bilateral relationships Washington has with Moscow and Beijing have dictated different U.S. policy responses to alleged state-sponsored cyber operations.
The U.S. and China last September agreed to not “knowingly support cyber-enabled theft of intellectual property,” something U.S. lawmakers have long accused China of doing. But with the U.S. government already heavily sanctioning Russia, such a bilateral agreement with Moscow seems unlikely.
“The relationship with Russia is such [that] I don’t know how you do that,” Hayden said.
In an April Senate hearing, Rogers, the current NSA director, told lawmakers that of nation-states, Russia “probably has the most active criminal element with … the greatest capability.” Asked if the Russia government was doing anything to combat cyber criminals on its turf, Rogers replied with a smile, “I would only say it doesn’t appear to be getting much better.”
Analysts such as NSS Labs CEO Vikram Phatak have argued that in a relatively lawless field, the U.S. government should embrace hackers who otherwise wouldn’t pass a background check. Although U.S. military and intelligence agencies have talented personnel, they don’t have “the kind of operational experience that the Russian mob has or the Chinese mob has,” Phatak told FCW earlier this year.
When asked if the U.S. government should give its computer operatives freer rein to go after Russian targets, Hayden was circumspect. “You cannot create symmetric effects in the Russian economy compared to what they can do in our economy,” he told FCW after his remarks.
Stuxnet a ‘poster child’ for certain hacks
Hayden’s remarks underscored the legal and normative ambiguity in cyberspace.
The United States is “incredibly aggressive in the cyber domain. We steal other nations’ data,” but not for commercial gain, he said.
U.S. officials suspect Chinese hackers were behind the breach of at least 22 million U.S. government records at the Office of Personnel Management. Hayden indicated he was jealous of that data heist.
“If I could have done this against a comparable Chinese database when I was director of NSA, I would have done it in a heartbeat,” the former Air Force general said.
During his remarks, Hayden described Stuxnet, the computer worm reportedly developed by the U.S. and Israel to destroy Iran’s nuclear centrifuges, as the “poster child” for hacks with physical-world implications. He told FCW afterward that the distributed-denial-of-serviceattacks that hit the U.S. financial sector from 2011 to 2013, which were allegedly carried out by Iranian hackers, were retribution for Stuxnet.
Hayden declined to confirm or deny U.S. involvement in Stuxnet, but said the net trade off — hampered Iranian centrifuges versus financial loss inflicted by the DDOS attacks — was in U.S. interests. Banks spent tens of millions of dollars in response to those attacks, according to the FBI.