Head of German cyber defense about Russian hackers: “Then our firewalls will glow”

Vice Admiral Thomas Daum, 61, gave a critically acclaimed speech at this year’s Swiss Cyber ​​Security Days in Bern about the role of national defense in the cyber war currently raging. Since September 2020, the former speedboat commander has been an inspector responsible for cyber defense in the German Bundeswehr.

In an interview with CH Media, the PhD computer scientist summarizes his experiences after two years of aggressive war against Ukraine.

The interview

Mr. Vice Admiral, two years ago Russia invaded Ukraine. Not only physically, but also in cyberspace. What is the current situation in cyber and information warfare?
Thomas Daum: There is currently no winner or loser in cyber warfare. Russian forces carried out the Viasat hack at the very beginning of the war. This was followed by a major breakthrough, probably because the Russians originally had a completely different battle plan. Although they briefly succeeded in paralyzing the Ukrainian communications system on the first day of the war, they failed to reach Kiev within three days.

What happened next?
There was then some calm on the Russian side because the armed forces first had to regroup after the failure of the attack on Kiev. Since then, a war has essentially been raging in both cyber and information space. The battle for stories is a very important sign of this. But you cannot say that the Russians will be successful there.

What brings you to this assessment?
I would say that Ukraine is doing an excellent job of resisting Russian attacks in these two areas. The Ukrainian cyber forces are excellently trained, partly thanks to support from abroad. They have been preparing for this war since 2014. Ukraine has a powerful military force that I highly appreciate. Unfortunately, they too suffered losses from the kinetic war. Germany has a role to play in training new armed forces to fill these gaps.

Has the entire war against Ukraine reached a turning point after the fall of Avdiivka?
I cannot judge that from my perspective and position. What worries me, however, is the fact that Ukraine cannot be seen as an equal opponent of Russia based on numerical ratio alone. The history of war shows that the party that can deal with losses better wins. And here from the beginning there was a great risk for Ukraine in terms of a positive outcome of the war.

How is Germany supporting Ukrainian cyber defense?
We provide solid support during the training, and there is an exchange of experts in the field of IT training and operational communication. When it comes to the war for stories in the information environment, an exchange of experiences is taking place. Everything else in this context must remain secret.

Describe your enemy. How do Russian hackers work?
Russian hacktivists and hacker groups do not necessarily have to be state-sponsored, but they can be. Both groups participate intensively in cyber and information warfare. They are not limited to Ukraine, but also attack Western countries. We always notice this: as soon as our Chancellor Olaf Scholz talks about supplying new Leopard tanks to Ukraine, our firewalls glow. Then the Bundeswehr networks are attacked en masse, and the whole thing is completed by corresponding messages on Telegram and Instagram, which then declare war on us.

Is this war only going one way?
Where hacker groups take one side or the other, there is a lot of shadow war going on. This is not only one-sided, the European hacker group Anonymous has also operated against Russian networks and an intensive cyber war is taking place there. We are also increasingly observing the phenomenon of outright hacker mercenaries; these are foreign specialists recruited and paid by Russia to attack Western networks.

As a neutral observer of social networks, you have the feeling that Russian propaganda from the troll factories is increasingly determining the discourse and influencing the prevailing opinion.
The Putin trolls benefit from their sheer superiority, but their patterns are now well known. An operator operates 400 fake accounts, which like each other, push each other and therefore ‘upvote’ each other. This gives them relevance on the Internet as they spread.

How do you fight this influence?
You have to combat this with education. As soon as you read a few letters and a lot of numbers in the account name, you know that this content comes from a Russian troll farm. Their messages are usually not so subtle that they are difficult to recognize. In this respect, what comes out of the troll farms is not a particular risk to me.

Would you rather?
Rather, it is about a few highly specialized people who formulate their stories so cleverly that their messages are widely understood. What is developing is indeed worrying. Russia’s war of aggression against Ukraine is one thing, its political impact on Europe is another. Initially this concerned the issue of energy security. We now see the risk that after Ukraine the Russians will turn their attention to the Baltic states. All this then leads to a reassessment of the threat situation, which does not currently paint an optimistic picture.

Is there any hope for the West on this battlefield?
My hope comes from the fact that Europe has come closer together. It is largely recognized that we now need to stand closely together, whether on the issue of sanctions or building up our own armed forces. If we don’t do this now, one day it may be too late. It will also be important that we remain closely connected to America, so that we think carefully about whether we want to enter into a conflict with NATO from the Russian perspective.

To what extent is the individual citizen challenged in a cyber war?
It is up to each individual to build a certain level of mental resilience. This simply means not believing everything that is offered on the internet. Not to accept everything you hear as true, but to critically question whether what is claimed can actually be true. In this area, the many years of peace and the feeling that we can no longer be attacked have made the Western population uncritical of what is actually happening.

What do you want from your fellow citizens?
The realization that not everything written is intended positively for me, but is actually intended to manipulate me, for example during elections. More resilience of the population is necessary in this area.

But many people consciously seek and absorb only those messages that support their existing worldview. That is why Russian propaganda appeals so well to all those in our society who believe in the great US-controlled conspiracy.
Yes, we can’t get any further than that. But we want diversity of opinions in our society. Everyone is allowed to believe what he thinks is right. That’s fine, as long as it’s an informed opinion. But if you uncritically take something and spread it further just because it comes from a seemingly pleasant place, you should be aware that those spreading such information may be planning to take advantage of you.

Does Switzerland play a role in your daily work?
We have been working closely with Switzerland, but also with Austria, in the IT sector for many years and benefit from each other. Very intensive but also very open discussions take place with my colleague from cybersecurity in a secure environment.

This is how Russian hackers currently operate

Russian hacker groups have deliberately tried to demoralize Ukrainians abroad and turn them against their own government with thousands of personal emails. The German Tagesschau reported this in the middle of the week. They were advised to amputate their own limbs so that they could no longer be drafted into the war. Other – apparently official – letters encouraged the consumption of pigeons to survive impending food shortages.

Last December’s major hacker attack on the servers of the private mobile phone provider Kievstar had a major impact. According to Ukrainian information, almost all data was deleted, resulting in a complete network outage that lasted several days and affected 24 million people in Ukraine.

According to Yurii Myronenko, the head of Ukraine’s cyber defense, one in ten hacker attacks on his country are currently carried out by militarily organized Russian groups. The Armageddon group, controlled by the domestic secret service FSB, is at the top with 154 attacks.

The Sandworm hackers, APT28 and Cadet Blizzard, which are subordinate to the military intelligence service GRU, together carried out 165 attacks, Myronenko, connected from Kiev, told the Swiss Cyber ​​​​Security Days in Bern. Cyber ​​attacks from Belarus are also increasing, which are aimed not only at military networks, but especially at private Ukrainian providers in the energy and communications sector.

(aargauerzeitung.ch)