Way last April, a time when the world seemed a more peaceful place, Leon Panetta and Richard Clarke were quoted warning of impending Russian cyber attacks in the wake of an escalating response from the West to Russia’s intransigence in the Ukraine.

While there have certainly been a spate of defacements that are two sided and confusing to sort out during this burgeoning conflict, there has been nothing as dramatic as the Estonia ’07, or Georgia ’08 attacks.

But things have changed. In the wake of the downing of passenger jet MH17 the European Union and United States have come together to impose combined economic sanctions against Russia. According to the New York Times the sanctions include “the closing of European capital markets to Russian state banks, an embargo on new weapons sales and the transfer of sophisticated oil drilling technology.”

A rather scary statement by Putin was noticed by a writer on former Senator and Presidential candidate Ron Paul’s Voices of Liberty website:

The quote, purported from someone close to Russian President Vladimir Putin, appears at the bottom of an article about the Yukos oil company’s $50 billion windfall in the case against Russia. It reads, “One person close to Mr. Putin said the Yukos ruling was insignificant in light of the bigger geopolitical stand-off over Ukraine. ‘There is a war coming in Europe,’ he said. ‘Do you really think this matters?’”

And even before the new sanctions were finalized there was more saber rattling from Putin.  According to the Telegraph:

“In a mounting war of words, a senior diplomatic source claimed Moscow would “fight back” against any industry-wide EU sanctions by putting British companies working in Russian oil on the frontline.”

This week two sources inside the security research community informed me that there are indicators that the Kremlin will unleash the Russian Business Network (RBN) if sanctions pass a certain threshold. Just what that threshold is remains an open question. But the specter of the RBN putting their minds to patriotic hacking is daunting, especially for financial systems. Why banks, trading platforms, and exchanges? Because it would be proportionate and direct.

A few words on the RBN, a shady and mysterious group of hackers that are reputed to have been organized by former KGB members to engage in cybercrime. Verisign once dubbed the RBN as “the baddest of the bad.”  Many researchers are wary of calling out the RBN directly because of their tendency to retaliate in nasty ways. But researchers are clear when they describe the RBN as having the best malware, the best organization, and its strong Eastern European roots.

With its Russian roots it is strange that the RBN has rarely, if ever, engaged in hacktivism. A reasonable assumption is that an organization that is making money from wide spread weaknesses would not “burn” their assets on futile (though disruptive) attacks on banks and Wall Street.

Another explanation for the RBN’s lack of involvement has been put forward by the security researchers I talked to recently: the Kremlin has restricted them from engaging in politically motivated hacking.

Those researchers tell me that if sanctions continue those holds will be lifted. In which case stand by for extremely disruptive attacks, probably targeting the UK and US financial centers.

Leave a Reply