The US Justice Department has charged six Russian intelligence officers in connection with major worldwide cyberattacks, including hacking elections in France, the Winter Olympics and Ukraine's power grid. Assistant Attorney General for National Security John Demers made the announcement about the indictments on Monday.
Demers said the men charged stand accused of conducting "the most disruptive and destructive series of computer attacks ever attributed to a single group."
For more on these developments, The World's host Marco Werman spoke to Andy Greenberg, a senior writer at Wired magazine and author of "Sandworm: A New Era of Cyber War and the Hunt for the Kremlin's Most Dangerous Hackers."
Marco Werman: First of all, what do we know about the people being charged?
Andy Greenberg: We know that there are six Russian men and they are part of Russia's military intelligence agency called the GRU, this very mysterious and secretive intelligence agency. There have been only a few defectors from it in its entire history. And usually, they're killed. So, the actual sort of hierarchy and how these guys work, we only know bits and pieces of it. But I think the more important thing about them is that these are hackers who are responsible for an incredible rampage across the internet over the last five years — from causing blackouts in Ukraine to releasing this piece of malware called NotPetya, which was the worst cyberattack in history.
Give us some more specifics on the attack on Ukraine's power grid. What happened there?
In December of 2015, just before Christmas, this Sandworm unit attacked a collection of western Ukrainian electric utilities. They took over the mouse movements of the operators in a control room of these facilities and locked them out of the computer. And these poor operators were forced to watch as their own mouse clicked through circuit breakers and turned off the power to a quarter-million Ukrainian civilians. They even bombarded it with fake phone calls just to kind of add another layer of chaos. It was a truly unique and brutal kind of cyberattack.
So, you mentioned the NotPetya attack. Officials are saying that was perhaps the most damaging cyberattack ever detected. Do you agree with that?
I definitely do. And I think it was an underreported attack at the time. NotPetya was pushed out to thousands of networks in Ukraine, and around the world, and it spread incredibly virulently, taking over entire computer networks in seconds and essentially destroying all of the computers. And this took down — not just hundreds of companies inside of Ukraine — but also it did hundreds of millions of dollars of damage to companies like Merck, the New Jersey pharmaceutical firm, and FedEx, and Maersk, the world's largest shipping firm. Each one of these companies suffered damages unlike we usually see for any cyberattack. And when you add them all up, the White House estimated that NotPetya cost at least $10 billion.
Well, if this indictment sounds familiar, members of Russia's GRU were previously charged for trying to interfere in the 2016 US presidential election. Notably, in Monday's announcement, no one is being charged for trying to interfere in the current US election. Does that surprise you?
It does slightly. The timing of this seems like it should be about trying to preempt or prevent an attack on the 2020 election. But actually, every part of our response to the GRU — both in the Obama administration and in the Trump administration — has been so retroactive, has taken years to coalesce. Sometimes even just a simple statement holding Russia accountable has taken as long as eight or nine months, after that NotPetya attack, for instance. Governments around the world have to take deterrence of cyberattacks — responding to them, holding the hackers accountable — more seriously, and act faster.
What has the US done in recent years in terms of cyber defense? How vulnerable is America's cybersecurity infrastructure right now, two weeks before the general election?
Our government has done a lot to try to secure itself, especially, and to secure American critical infrastructure. But we remain vulnerable because we have a complex society. We've seen a warning from Microsoft just in the past weeks, in fact, that another GRU unit has been targeting, for instance, political consultancies and other election-related organizations and may be trying to do a kind of hack-and-leak operation of the kind that they did against the Democratic National Committee and the Clinton campaign in 2016. So those are soft targets. They're not something that the NSA [National Security Agency] or the Department of Homeland Security can secure themselves. So it's very difficult to kind of put an umbrella of protection over all these different targets.
What do you think is the Kremlin's motivation in all of these attacks?
Well, the story of Sandworm begins in Ukraine, and Russia is, of course, at war in Ukraine. Russia physically invaded Ukraine and the cyberwar that Russia has waged there has contributed to that and has helped create the sense that Ukraine is a country at war, that it's destabilized, that it's not a place to put your foreign investment. And then, in other cases, the attack on the Olympics, for instance, that seems like kind of pure pettiness. Russia was banned from those Olympics for doping and retaliated by trying to break the technological backbone of the event — almost as if to say, "If we can't enjoy these Olympics, then no one will." It seems like it could just be that simple.
You know, for four years we've heard the accusation "Russian hacking" so many times that I wonder if it starts to lose its meaning, not to mention the already well-worn trope of the Russians as the "enemy." Andy, you've got deep knowledge and expertise in all of this. What do you think is at stake with Russian hacking operations? Just generally, what does Russia see as its endgame with all of these influence operations?
I do think it's unfortunate that Russian hacking has become this kind of politicized issue. But if you excise all those political narratives and just look at what Russia has done, I do think that they objectively have done the most disruptive and destructive cyberattacks that we've ever seen. So, I do think that we have to stay vigilant. We have to hold the Kremlin accountable for the attacks that it has done. And we have to try to secure ourselves against future ones.
This interview has been lightly edited and condensed for clarity.