Mark Galeotti

These Russian cyber-attacks are a wake up call for the UK

These Russian cyber-attacks are a wake up call for the UK
Text settings

Days before the release of the becalmed Intelligence & Security Committee (ISC) report on Russian political interference, we suddenly started to hear news of Moscow’s meddling on Thursday. It’s almost as if the government, sensitive about appearing like it wants to bury the report, suddenly wants to steal the thunder and look serious. Surely not.

Putting cynicism aside, it is worth taking a proper look at these two new stories of Russian interference and what they tell us about what Moscow is and isn’t doing – and, more to the point, what it can and cannot do.

The first story is a leak about a leak. Ahead of the ISC report, the government on Thursday confirmed what we pretty much all knew anyway: that a genuine document about British trade talks with the Americans, used by Labour during the 2019 general election, was publicised by Russians posing as whistleblowers.

After the document first leaked, a Russian network of online infowarriors – codenamed Secondary Infektion – spent weeks trying to get someone, anyone, to pay attention to it. Eventually, by directly emailing journalists, the group managed to get people to notice the report, and for a day or two Jeremy Corbyn eagerly made hay with it, claiming it proved the NHS was ‘up for sale’.

He then went on to the largest election defeat since 1935. If the aim was to influence the election in any meaningful way, this must count as an abject failure.

The second story is more current. The National Cyber Security Centre has warned that a Russian cyber-espionage unit known APT29 (Advanced Persistent Threat 29) – or more fancifully as ‘The Dukes’ and ‘Cozy Bear’ – has been trying to hack into various organisations in the UK, Canada and the USA which are involved in Covid-19 vaccine development.

It appears the aim was not to disrupt those activities, but rather to copy the research. On one level, you could ask: so what? Spying is what spies are supposed to do, and these days that often means sneaking a peek at other countries’ research and development. Vladimir Putin – who imagines plots and subterfuges on every side, and is convinced the West is out to get him – would probably be deeply concerned if his spies were not trying to crack the latest Covid-19 research around the world.

Taken together, though, these two cases illustrate some particular aspects of Russia’s current online onslaught.

We have moved from the often-alarmist fears that Russian hackers would switch off the electrical grid or crash our air traffic control to becoming increasingly – sometimes excessively – concerned with disinformation and ‘fake news.’

This matters, because today there is almost no aspect of life that is not connected to the internet in some way. The opportunities for espionage, mischief and sabotage are therefore almost unlimited. We are not so much in an arms race as an imagination race, as we try to guess what the next threat will be and how to deter or prevent it. The Russians may not have had much impact so far, but let no one question their capacity to come up with new ideas.

Secondly, these two cases help illustrate the goals of the Kremlin. This is not an existential war. The Kremlin seeks to distract, divide and demoralise us, to acquire leverage and maybe make a quick buck in the process.

Perhaps it hoped the leak would make Corbyn prime minister, but the main goal was to deepen splits within British politics and Anglo-American relations. Likewise, it did not seek to prevent us making a Covid-19 vaccine, but hoped to steal a march on us, and protect Russia in case we pernicious Westerners failed to share any advances.

Finally, we need to recognise why the Russian threat has failed to live up to its true potential, with attacks that are often dangerous in intent but impotent in practice. The Russians have sometimes been clumsy; we have sometimes been foolish. But that could change.

More to the point, the technical vulnerabilities evident in these cases could be exploited by other, sharper, better-resourced and even more ruthless enemies in the future, such as Beijing. Perversely, we perhaps ought to thank Putin for the wake-up call, if it allows us to address these weaknesses before they lead to much more serious consequences.