MOSCOW (Pakistan Point News / Sputnik - 12th December, 2018) The deputy director of the Russian National Cyberthreat Response Center, Nikolai Murashov, on Tuesday described methodology of cyberattacks that took place during mass social and political events in Russia and told about lack of support from Western countries in creating a unified ceyberattack prevention framework.
Murashov elaborated on the ways how heavy cyberattacks were organized during Russian President Vladimir Putin's "Direct Line" Q&A session in June 2017 and during the presidential election in March 2018. He also revealed information on cyberattacks aimed at Sochi Olympics' information resources in 2014 and FIFA World Cup in 2018.
The deputy director noted that Western claims against Russian alleged involvement in cyberattacks worldwide were never supported by reliable technical data. He further shared the statistical information proving that the United States and the European Union are the world's main sources of cyberattacks. Moreover, according to Murashov, the United States, the United Kingdom, and the European Union are hampering efforts to introduce an international ban on development of malicious software.
The Russian National Cyberthreat Response Center was created in 2018 as an initiative of the Federal Security Service director, Alexander Bortnikov. The main responsibility of the center is to coordinate Russian authorities on the issues related to detection, prevention and elimination of the consequences of computer attacks. Among other responsibilities of the center are the sharing of the information between governmental institutions and foreign partners, analysis of previous attacks, and creation of a strategy to prevent attacks in the future.
According to Murashov, heavy cyberattacks from abroad were undertaken on the Russian information resources. Over 4 billion attacks on Russian key information infrastructure were conducted in 2018, while 2.4 billion were detected in 2017. He reminded that WannaCry, NotPetya, and BadRabbit viruses hit almost 100 countries in 2017, and over 500,000 computers have been affected, with over 60 percent of those in Russia.
Murashov said that critical information infrastructure was repeatedly attacked during the mass events in Russia.
He described a case that occurred during the Olympic Games in the Russian resort city of Sochi in 2014.
"Before the opening of the Olympics, on early morning of February 5, 2014, mass cyberattacks began, and they targeted the Olympics' official information resources and a range of non-official ones," Murashov said.
Information structure of the FIFA World Cup, which took place in Russia in 2018, was also under a heavy cyberattack.
"The information structure of the football World Cup alone has been targeted by over 25 million malicious attacks," Murashov said.
According to the deputy director, the methodology of cyberattacks is rapidly developing every year, which is especially evident in the attacks occurring during important social and political events. A wave of cyberattacks orchestrated by an intelligence service of a foreign country aimed at the whole Russian internet segment was detected during Russian President Vladimir Putin's "Direct Line" Q&A session in June 2017.
"The analysis showed that the attack was carried out with the use of a new modification of previously known malicious software of Russkill family. Having assessed the possibilities of this modification, we came to the conclusion that we were dealing with an intelligence service of a foreign state, perfectly knowledgeable in the operating algorithms of the DNS [Domain Name System] root servers," Murashov added.
According to Murashov, the biggest attack occurred during the day of the Russian presidential election on March 18, 2018.
"The main aim of the attack was to disrupt operation of vote-monitoring system across the country, which could then open door to unleashing a vote results discrediting campaign," the deputy director said.
Murashov added that Western cyberattack allegations against Russia were never supported by accurate technical data. He further discussed the cyberthreat ranking published by the Russian National Cyberthreat Response Center, which is based on the research conducted by US Webroot and Symantec, Japanese NTT Security, and Chinese CNCERT/CC companies. The United States occupies the first line in the ranking, followed by France and the Netherlands.
Murashov specified that many information and communication technologies giants are acting under US jurisdiction. A distinctive feature of the industry is that producers try to introduce new products and services onto the market quickly, and that they do not have time for a thorough test of products' and services' security. As a result, hardware and software errors remain undetected, sometimes for years, making the products vulnerable.
Murashov said that international ban on development of malicious software, proposed by Russia, could have become a real step forward in international user security, however the United States, the United Kingdom, and the European Union block it.
The deputy director noted that in most cases the developers of the software are not responsible for the security of their product. At the same time, vulnerabilities of the products open opportunities for creation of new viruses used in mass cyberattacks. He recalled that Article 273 of the Russian Criminal Code qualified malicious software development as a crime.
"But not many states have followed suit. Almost everywhere, there is no ban on the development of similar software. Moreover, US, UK, and EU representatives do everything to hamper approval of any recommendations on such activities' criminalization at forums where global information security is discussed," Murashov said.
Murashov added that the United States had unilaterally blocked IT security cooperation with Russia.
"We are puzzled by US authorities' move to in fact unilaterally block mechanisms enabling our two countries' cooperation on ensuring information and communications technologies security," Murashov said.
He recalled that these mechanisms were created as part of the initiative announced by the Russian and the US presidents in 2013, and at that time it envisaged a high-level Russian-US working group on cyberthreats.
"The United States, its closest allies, and EU states are opposing Russian initiatives within UN framework on ensuring global cybersecurity and countering the criminal usage of information and communications technologies ... We call on the United States to resume constructive dialogue. We are also inviting all interested parties to engage in open and equal cooperation aimed at conflicts in information space prevention," Murashov added.
The deputy director also announced that Russia is ready to make public its correspondence with the United States considering Moscow's alleged meddling in the 2016 US presidential election, if the US side gives its consent, since under the intergovernmental regulations such information can only be made public if both sides agree on that.
"In this context, we are ready to make all the correspondence public if the US side gives its consent," Murashov said.
Murashov further told reporters that information related to the Russian alleged meddling in the US elections was not revealed to Russia by the United States until fall 2016.
"We received the first message on October 31, 2016, as far as I remember. Then, a range of annexes followed, which contained certain technical information on the hack that happened. We have analyzed all the information, and we have sent an answer, which we believe was exhaustive, to the US side before [US] President [Donald] Trump's inauguration," Murashov said.
The investigation about the Russian alleged meddling in the US election has been carried out by Special Counsel Robert Mueller for more than a year, however the real proofs of such meddling were not yet presented to the public.
