The Rippleshot Data Breach Blog

Walking A Tight Rope Between Cybersecurity and Foreign Affairs - Russia

Written by Zach Walker | Oct 1, 2015 4:44:19 PM


In 2014, over 1 billion records were stolen due to data breaches and other security-related incidents. Some of the most well known brands here in the United States were the target of cyberattacks, making it nearly impossible to not be affected, or know of someone who had been.

Nearly a year later, fraudsters and cybercriminals appear to have turned their sights to a different industry. The organized crime groups that targeted U.S. businesses for sensitive payment data appear to have been replaced with state-sponsored actors that are targeting government agencies and key infrastructure. We are going to bring you a two-part series, covering the foreign affairs between China, Russia and the United States. In the first part, we take a dive into the current state of cybersecurity for the United States and Russia, while also covering recent cyberattacks that have been indicated as state-sponsored attacks.

The United States and Russia 

Depending on what decade an American was born in, one's view of Russia and its’ government varies. Gen X and Baby Boomers experienced the global tension as Russia faced off against the United States during the cold war. Millennials view Russia as country that emerged from the Soviet era, more influenced by Western culture and infrastructure than in the past. Following the ongoing crisis in Ukraine and the three security incidents that we are going to cover below, millenials in that same group are reminded of a Russia whose interests often go against those of the United States.

In August of 2014, information security experts and thought leaders learned of a truly massive data breach. A group of Russian criminals was able to acquire an unprecedented, 1.2 billion unique username and password combinations and more than 500 million email addresses. The New York Times first published the story after Hold Security, a Milwaukee-based security company, discovered the security breach. This cybercrime gang, later named ‘CyberVor’ by Hold Security, was able to steal over 4.5 billion consumer records from over 420,000 websites over the course of several months.

This breach was regarded as the largest known data breach to date, with the 1.2 billion unique records affecting roughly 1/7 of the world’s population. According to Hold Security, ‘CyberVor’ began to acquire stolen credentials from the black market to begin social engineering campaigns to install malicious site redirections to fool unsuspecting web visitors. Eventually, the criminal group used a botnet purchased of the black market to identify SQL vulnerabilities on over 420,000 web and FTP sites. It is still too early to tell if any of the major data breaches since then have been directly related to the ‘CyberVor’ breach, individuals and organizations across the globe.

Independent Actors or State-Sponsored Attacks? 

Earlier this summer, the Internal Revenue Service (IRS) announced that the governmental agency had suffered a data breach after the 2014 tax returns of more than 100,000 taxpayers was access by an unknown number of cybercriminals. Shortly after the IRS announced the breach, CNN first reported that the data breach originated in Russia. U.S. Representative Peter Roskam from Illinois commented on the security breach, stating that the cybercriminals “ went in the front door of the IRS and unlocked it with the key,” highlighting the severity of this breach. This attack on the IRS was the third security incident involving sensitive data associated with key government officials and agencies.

Russian-based hackers were able to breach a White House network system, gaining access to sensitive information stored within. Although the networks were unclassified, such information such as President Obama’s daily schedule and unclassified communications were accessed. According to the State Department, a computer connected to the White House was the target of a phishing-style attack, which in turn allowed them access to said sensitive information. According to CNN, the Russian-based hackers were working for the Russian government but were unsuccessful in gaining access to classified information.

Nearly two weeks ago, the Department of Justice (DOJ) announced that a Russian hacker is going to be prosecuted for his role in the largest known data breach ever brought to court in the U.S. According to the DOJ, Vladimir Drinkman pleaded guilty to one of count of conspiracy to commit unauthorized access of protected computers, and one count of conspiracy to commit wire fraud.

This was in connection to a global hacking scheme that was responsible for the theft of more than 160 million payment card numbers, resulting in hundreds of millions of dollars in fraud losses. Drinkman and four co-defendants targeted well-known organizations such as 7-Eleven, Dow Jones, Euronet, JetBlue and NASDAQ. As the U.S. government treads carefully as to best address the cyberattacks that both originate in Russia or are sponsored by the Russian government, China and its’ government have recently be in the spotlight surrounding security breaches targeting organizations here in the United States.

If you enjoyed this post and want to learn more, check out the second part of our series focusing on cybersecurity issues and foreign affairs between the U.S. and the People's Republic of China. Click here to learn more.

Want to stay on top of the latest data breach and information security news, sign up for our weekly newsletter below.