“Russia has opened a new battlefront with NATO,” claims the Wall Street Journal. “Russia may have tested cyber warfare on Latvia,” says Reuters. These are two reports about two separate incidents in the Baltic area close to Russia’s largest military war games since 2013: Zapad.
There are around 4,000 NATO troops in the region. Russia claims that around 13,000 Russian troops were involved in Zapad; but NATO puts the figure at 100,000.
The first incident revolves around hacking soldiers’ smartphones. Two separate methodologies have been reported: the use of drones with sophisticated electronics equipment, and in an earlier incident, a mobile telephone tower (similar to law enforcement’s use of stingray equipment). The sophistication of the attacks leaves little doubt that there is some state-sponsorship involved.
In the latest attack, only six smartphones are known to have been affected. According to the WSJ, one victim, U.S. Army Lt. Col. Christopher L’Heureux, “said at least six soldiers he commands have had phones or Facebook accounts hacked. He said he suspects the incidents were meant as a message that Russian intelligence forces were tracking him, could crack his passwords and wanted to intimidate his soldiers.” It remains to be seen whether additional hacks surface in the coming days.
WSJ reports, “Military cyberespionage experts said the drone flights and cellphone data collection suggest Russia is trying to monitor troop levels at NATO’s new bases to see if there are more forces present there than the alliance has publicly disclosed.” U.S. military officials have, however, played down its significance, suggesting it is more harassment than a security risk.
The Reuters report claims, “Moscow was probably behind interruptions in Latvia’s mobile communications network before Russia’s war games last month, in an apparent test of its cyber attack tools, Baltic and NATO officials said, based on early intelligence of the drills.” There is conjecture here. A communications jammer aimed towards the Swedish Gotland island was switched on. “One of the edges (of the beam) affected Latvia,” said Karlis Serzants, the deputy chairman of the Latvian parliament’s National Security Committee.
The effect of the jammer was to take out Latvia’s emergency services’ 112 hotline in a disruption that lasted about seven hours. This is the first time that the service has failed, and occurred on September 13, just prior to the most intensive period of the Russian Zapad war games.
While hacking smartphones would seem to be more allied to cyber-psychological warfare, disrupting telecommunications clearly has a cyberwar potential — for both an offensive and defensive kinetic posture.
Both incidents show classic plausible deniability. While NATO might ‘know’ that the Russian government is behind the phone hacks, proving it to a legal certainty remains difficult. Similarly, since the jammer was not aimed at Latvia but merely caught it a glancing blow, it could be claimed to be accidental.
The fact remains, however, that Russia will have learnt much about the practical effects of the two incidents. The Baltic would appear to be the latest area for Russian offensive cyber testing, just as the Ukraine has been in recent years. U.S. Army Lieutenant General Ben Hodges, who heads U.S. Army forces in Europe, described the incidents to reporters as a sign of the progress Russia made in electronic warfare while NATO was fighting counter-insurgency campaigns in Afghanistan.
In her first official press briefing since taking office in August, Kay Bailey Hutchison (the US envoy to NATO) said, “I think it’s a big concern. It has just come to light but I think it’ll be an area of discussion and most certainly I know that ourselves and our allies are going to be immediately looking into it … and try to determine how it’s happening and cut it off.”
NATO itself has always stressed that its cyber strategy is purely defensive. This is moot: while NATO itself might not be developing offensive capabilities, its members almost certainly are. The U.S. Cyber Command, for example, recently conducted a week long denial of service attack against against the North Korean spy agency, the Reconnaissance General Bureau.
The reality is that international state cyber incidents are continuing to escalate in line with growing geopolitical tensions.