chapter10

In general, spying is integral to politics and warfare, but it has been a separate entity. Much of today's espionage, politics, and warfare are becoming intertwined in the cyber realm. In 2016, NATO officially recognized cyberspace as an operational domain—a place where conflict can be carried out. The term “cyberwar” has been coined to indicate how nation-states can disable one another to gain advantage in conflict.1

When incidents are related to Russia, the phrase “Cyber Cold War” is now in vogue. There are different levels at which these attacks are believed to be occurring worldwide. A cyberattack may occur online but have repercussions in the physical world. The most infamous of these occurred in 2015 when the Ukrainian power grid was disabled, leaving 230,000 customers without power. The cyber criminals, who utilized sophisticated techniques in their attack, thoughtfully planned it over a period of months and used reconnaissance methods to study the facilities. Many believed the Russian government was behind it.²

Likewise, two hacking groups called Dragonfly and the Energetic Bear that have been linked to Russia have breached security systems at approximately one hundred electrical and nuclear plants in 2017 with about half of them occurring in the United States, according to Symantec, a computer-security company.³

“Fake news” or misinformation campaigns may spur a conflict, as we saw in the case of Estonia. In 2007, when the country's leaders decided to move a statue of a soldier in a World War II Red Army uniform, it sparked a cyberattack. When it was unveiled by the Soviets in 1947, it symbolized the USSR's victory over Nazism. But for Estonians the bronze soldier was a symbol of Soviet oppression. When the statue was moved, it sparked outrage in Russian-language media. False stories generated by Russian-language media stirred up protests. There were two nights of riots, with 156 injured, one fatality, and one thousand people were detained. But Estonia was also smacked with weeks of cyberattacks that many believed were ordered by the Kremlin.4

It is also believed that Russian hackers have intruded on electoral systems throughout the world. Data was seized following a hack by Russian-backed APT28 on the Bundesstadt, the Federal City of Bonn, Germany.⁵

Subsequently, Hans-Georg Maassen, the top spy chief in Germany, told the German public that Russia had threatened to publish embarrassing documents about members of the German legislature, which they believed to be a tactic to destabilize their September 2017 elections.⁶ At the time Maassen said, “We have the impression that this is part of a hybrid threat that seeks to influence public opinion and decision-making processes.” He also cautioned that it was important to call it out for what it was. “When people realize that the information that they are getting is not true…then the toxic lies lose their effectiveness.”⁷

Although the Russian hackers may have wrought confusion by sidling into cyberspace and attempting to compromise trust in various electoral systems, there was a clear and well-defined methodology behind their madness. Officials believe Russian hacking in Estonia, Ukraine, the Netherlands, the United States, as well as in half a dozen other locations around the world were part of a new approach to warfare. It has been called the Gerasimov Doctrine, which is outlined in an article General Valery Gerasimov, the chief of general staff of the Russian armed forces, wrote and published in 2013 in a military journal.⁸ The article, titled “The Value of Science Is in the Foresight: New Challenges Demand Rethinking the Forms and Methods of Carrying out Combat Operations,” essentially articulates Russia's modern form of warfare, which is rooted in the Cold War strategies the country's intelligence agents have always used.⁹

The doctrine calls for a bombastic multilevel attack that places politics and war on the same nonmilitary playing field—cyberspace. It intends to sow chaos and undermine societies, often in a way that is so covert that nobody knows what is happening. Spies slip into computers rather than hotel rooms, targeting everyone from media to businesspeople, using traditional Soviet strategies including conventional and asymmetrical methods.

Conventional warfare is war between two evenly matched military powers abiding by international laws of war. Asymmetrical warfare is just what it sounds like. It is a lopsided, wonky form of warfare in which one side has a markedly different strategy or power than the other side. It is unconventional warfare. The term “asymmetric” is often used to refer to guerilla warfare, and has also been used to describe insurgency or terrorism. In the case of cyberwar, asymmetrical methods could include elements like phishing, spear attacks, or distributed denial of service attacks—commonly called DDoS. The covert, invisible nature of cyberwar also fits into the definition of asymmetrical. The nation under attack often doesn't know their enemy is there. Thus, they are mismatched.

This approach is intended to destabilize. People who subscribe to the strategy believe it is more effective than traditional war. In his article, Gerasimov lays out a perspective that is thought to be the prevalent view in Russian intelligence of warfare, having evolved from a physical war playing out on the battlefield: it costs a lot of money and sinks resources into a war that occurs behind the scenes and largely in the technological realm. The war he describes is sophisticated trickery, an often invisible and covert psychological global chess match that causes government processes and policies to devolve and destabilize.10 In the article, Gerasimov writes of using covert and propaganda tactics to turn a “perfectly thriving state” into a victim of “foreign intervention,” causing it to “sink into a web of chaos.”¹¹ Does that sound familiar? Just look at 2017 in the United States. Political chaos—the likes of which we have not seen in this country in decades. No need to ascribe blame just yet, except to say that it is clear that Russian internet trolls are playing a role in our country's domestic politics. They latch onto certain issues in the news and then hype them up. For example, in February 2017 when Republican members of the House Intelligence Committee voted to release a controversial memo alleging that the Russia investigation was tainted because of bias within the FBI against the Trump campaign, Russian bots helped the hashtag “#Release the memo” go viral. It was just the type of issue the Russian bots and their allies had been embracing to deepen divisions between Americans. The German Marshall Fund's Hamilton 68 dashboard flagged the Russian campaign.12 Hamilton 68 had been founded to spot Russian bots’ activities online in the United States.

The Gerasimov Doctrine essentially pits us against ourselves. Think back to what happened after the Democratic National Committee emails were leaked and more than twenty state election databases were scanned and probed.

Adam Meyers of the internet security firm CrowdStrike is among those who believe the Gerasimov Doctrine inspired these incidents. Meyers explains how information warfare was used as “a way of influencing the events that occur without [the involvement of] troops.” He stresses that using the term “cyber warfare” to qualify the playbook strategy is limiting, that cyber is only a component. “Broadly, it's information warfare in that they're not constrained to use only cyber mechanisms; they're going to use media and social media and things that they can use to sway or put out the things that they want people thinking about,” he said.¹³

The way they used the information to influence the public's choice of one candidate over another by employing irregular/asymmetric actions is a playbook strategy. When the special counsel investigating whether there was collusion between the Trump campaign and Russia announced an indictment in February 2018 against thirteen Russian nationals, some of those actions were outlined.¹⁴ The court documents alleged that, dating back to 2014, a Russian internet troll factory sought to “sow discord in the U.S. political system.” Internet “specialists” scanning social media planted online posts attacking Hillary Clinton, and promoted Bernie Sanders and then candidate Donald Trump. The court documents also said that the Russian internet trolls wanted to suppress the vote leading up through Election Day 2016. For example, an Instagram message from a fake group called “Woke Blacks” advised against voting for either party's nominee: “We cannot resort to the lesser of two devils,” it said. “Then we'd surely be better off without voting at all.”

Separately, Kremlin-backed hackers phished information from private databases, dumped it into the public realm through WikiLeaks, and launched a misinformation campaign around hyping and distorting this information—while at the same time creating alliances with polarized groups in the United States.

The leaks caused dialogue points used by television, radio, social media, and print outlets. Their success was measured by the fact that they changed the narrative around the election, first by demonizing Clinton and her campaign officials. Russian-backed hacking units scanned and probed state databases and caused us to question the security and sanctity of our electoral process. When citizens in states like North Carolina found that they were unable to vote, they questioned how the voting booths had been compromised.15 Had they been manipulated by Americans siding with certain candidates, or by a foreign entity? If they had been manipulated by a foreign entity, what does that say about our security system? In tapping into several coordinated tactics, Russian hackers pitted us against ourselves, and caused us to question the legitimacy of our electoral system.

Meyers explains more in his blog. “The mark of success of an irregular/asymmetric action against the US election may not necessarily manifest as one candidate winning over another. Simply causing the American people to question the validity of the results would likely cause widespread disruption across the US media, legal and political systems.”¹⁶

It did cause disruption. The misinformation campaign drew on and applied a century of knowledge gleaned during the Cold War to manipulate public opinion and alter our democratic system.

THE PLAYBOOK IN UKRAINE

Meyers also details how the playbook was utilized to compromise electoral systems in Ukraine. For example, in a mayoral election in Odessa, embarrassing video was leaked depicting twenty-one-year-old mayoral candidate Valeria Prokopenko performing a strip tease, public exposure of which caused her to drop out of the election.¹⁷

Simultaneously, the other mayoral hopeful, Gennadiy Trukhanov, who was pro-Russian, was exposed through the Panama Papers as having potentially dirty business dealings in Russia. The Panama Papers revealed that Mossack Fonseca, an offshore law firm, had dealings with politicians who used offshore tax havens. These involved 143 politicians, including twelve national leaders. Among these is Putin, who was affiliated with $2 billion in a tax haven. Sergei Roldugin, a cellist and Putin's best friend, was connected with a scheme in which money from Russian state banks was hidden offshore. A ski resort where Putin's daughter was married in 2013 also received some of the flow of this money. The firm's dealings were leaked to Süddeutsche Zeitung, a German newspaper. They were then given to the International Consortium of Investigative Journalists and spread to top-notch reporters at major outlets throughout the world.18

CyberBerkut, a hacking group, deleted files, stalling the vote-tallying mechanism, and even briefly changed the results during Ukraine's 2014 presidential election.¹⁹ During this election, outdoor digital screens in Kiev were compromised and displayed violent photos accusing nationalist politicians of war crimes. These activities, including the massive power grid blackout, while seemingly haphazard and unrelated, may have been part of a coordinated strategy to undermine the Ukrainian population's faith in their government and its ability to protect them.²⁰

The playbook strategy is most debilitating because most of it occurs under cyberspace deep cover, where spies are simply bringing smoke-and-mirror tricks they have perfected for years to a new arena. In the United States, the course of the past few years would have been destabilizing enough with the carnival sideshow acts performed along the primary and campaign trail, even before we became aware of the potential that we were being compromised.

Let's face it, even before the 2016 presidential election, the United States was doing a decent job of undermining its own political system. We made ourselves vulnerable. At least that's what the Obama administration's cyber czar Michael Daniel told me: “I'm a student of history, too. And we should not ascribe superpowers to the Russians. They're very good at what they do. But some of that was luck on their part, right? I mean, there's no way that they could've predicted that we would have somebody like now president Trump, who would fuel that kind of atmosphere. There's no way they could've predicted that the Democrats would choose as polarizing a figure as Hillary Clinton in some ways, right? And so, some of that was them capitalizing on the situation.”²¹