7 disturbing facts about Putin’s cyber-warriors – and what the leak means for Switzerland

Thousands of pages of classified documents show how Russia plans and prepares cyber attacks around the world. A research network revealed this on Thursday.

Not only are the reports about the attack instruments commissioned by the Russian army disturbing, but also their origin. Developers and technicians from private IT firm NTC Vulkan have helped prepare Russian hacking operations abroad and train agents to attack critical infrastructure.

And that brings us to the main conclusions we draw from the “Vulkan Files” and the responses to them.

1. The lead developer of Russian cyberweapons now works at Amazon

The journalists doing research for the news magazine “Spiegel” call him Sergei N. and ask:

AWS stands for Amazon Web Services – a world leader in cloud computing. The Amazon subsidiary operates data centers around the world and its clients also include the Swiss Confederation.

At the request of the Spiegel, AWS only said that the security of customer data is the top priority.

2. The danger posed by the West cannot be estimated

According to reports, AWS hired the senior Vulkan employee in 2018, four years before the invasion of Ukraine. At that time, many HR managers in Western organizations apparently still thought that it would not be a problem to employ Russian IT specialists.

It should be noted that there were some business ties between NTC Vulkan and US companies. According to their website, several major manufacturers, including IBM, Boeing, and Dell, work with Vulkan.

It concerned commercial software development, without clear connections to secret services and hacking operations. And meanwhile, business relationships would no longer be maintained.

It is also not really reassuring that Vulkan has been active for a very long time, according to the research. According to a ZDF report, Google confirmed that a Vulkan email address was identified in 2012 in connection with malware from the Russian hacker group “Cozy Bear”.

4. No one in the West wants to talk about this security risk

Until the Russian invasion in February 2022, Vulkan employees openly traveled to Western Europe and attended international IT and cybersecurity conferences, the Guardian writes. Today, former employees live in Germany, Ireland and other EU countries. Some work for global technology companies. And it’s unclear whether Western counterintelligence agencies are watching them.

Investigative journalist Andrei soldatov asks:

Even if someone leaves Russia and takes his immediate family with him, he still has friends and relatives at home, which makes him vulnerable.

However, the journalist, who lives in exile in London, also thinks it is not fair to send IT engineers back to Russia because of their previous jobs. Because these people would have had little choice. The Kremlin views such engineers as pawns whose job it is to support Russia’s war effort.

3. Russia no longer distinguishes between war and peace

Russian investigative journalist Andrei Soldatov, who fled to Britain, was able to see the secret documents stolen by the whistleblower. And concludes that the Russian army has adopted the aggressive mentality of Putin’s secret police.

The leaked documents intensified cooperation between the Russian military and the secret services. Soldierov estimates that Putin’s “siloviki”—senior intelligence and military officials—have become much more aggressive since the collapse of the Soviet Union.

5. That the cyberweapons themselves have not leaked is not good news

The documents leaked by the unknown whistleblower do not contain any concrete information about Russian malicious programs (malware) or other tools used for hacking operations.

The unknown person sent several thousand documents, “PDFs, Word files, contracts, drafts, licenses, emails” via an encrypted platform only to disappear without a trace a few weeks later.

Why did the anonymous source fail to provide the journalists with program code or other technical details about Russian cyber weapons?

Because she didn’t have access to the digital weapons arsenal? Because she couldn’t do it without revealing herself, or because she didn’t want to reveal everything to the Western media? Or has the person been caught?

In any case, German security politician Konstantin von Notz, chairman of the parliamentary supervisory body responsible for the secret services, assumes that “hundreds of such cyberweapons” are currently being developed. And these pose a significant security risk.

In memory of: In 2016, a previously unknown group, the Shadow Brokers, announced that it had acquired previously unknown US cyberweapons. That came from the NSA’s elite Tailored Access Operations (TAO) unit.

In 2017, more NSA attack tools were released on the internet. Russian elite hackers – believed to be from the “Sandworm” group of Russian military intelligence – used them for the NotPetya malware attack with devastating consequences worldwide.

An investigation revealed that a third-party IT specialist working on behalf of the NSA and other US government agencies stole more than 50 terabytes of “highly sensitive data”, including the NSA’s dangerous hacking tools based on zero-day exploits.

Even Russian program code can fall into the wrong hands. Are the associated cyber weapons still safe and which internal and external persons had access?

6. Russia fights its enemies (including Switzerland) by all means

One thing is certain: the latest revelations about NTC Vulkan are just the tip of the iceberg. The Russian IT company that was pilloried belongs to an extreme – even after the leak opaque military-industrial complex: More than 40 companies are closely intertwined through cooperation with the Russian secret services.

The aim of the public-private partnership is to develop highly effective cyberweapons “to target those whom the rulers of Moscow have declared enemies”.

John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiantwho was able to evaluate part of the «Vulkan files» says:

7. The latest revelations are disturbing – and change nothing

Are those responsible in politics, administration and the private sector aware of the dangers? And what exactly is being done against the threat from Russia?

The Federal Intelligence Service (NDB) made an evasive statement to the “Tages-Anzeiger”:

Until now, public interest in the discovered Russian war plans and cyber weapons has been relatively low. National politics seems to have overslept the subject. In any case, there were remarkably few tweets from security politicians about the #VulkanFiles.

Since the politically responsible and those responsible for IT security keep themselves in the background anyway and the intelligence services are also silent, we must inevitably be surprised at what awaits us.

Sources