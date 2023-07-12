Hackers’ efforts are increasingly taking a toll on the Russian economy and frustrating Putin's war effort - ALEXANDER KAZAKOV/SPUTNIK/KREMLIN POOL/EPA-EFE/Shutterstock

Russian citizens were shocked last month when a broadcast of Vladimir Putin appeared to show the president declaring martial law and announcing that Ukrainian troops had invaded the country.

“Ukrainian troops armed to the teeth by NATO and with Washington’s consent and support have invaded Kursk, Belgorod, and Bryansk,” the president appeared to say in an address broadcast on a number of radio stations and TV channels.

Yet the announcement was a hoax powered by AI deepfake technology.

Hackers used computer algorithms to create Putin’s likeness and even synchronised his lips and voice to broadcast the false message.

Once upon a time, infiltrating Russia’s strictly censored state media to broadcast fake news using Putin’s image would have been unthinkable.

Russians were alarmed in June when an broadcast featuring a deepfake Vladimir Putin announced a general mobilisation

Yet cyber-attacks on Russia’s infrastructure have become increasingly common over the last 18 months.

Last week, Russian Railways said hackers had infiltrated its ticketing systems in a “massive” attack, the RIA Novosti newswire reported.

The state rail operator’s website and mobile app went offline, which the company blamed on “multiple attacks with a constantly changing vector and tools” originating from “around the world”.

This was not the only large-scale cyber incident to hit Russia in recent months. The nation’s interbank payments system went down briefly in June, disrupting flows of money between its financial institutions.

A group of Ukraine-affiliated hackers claimed the credit for knocking the Bank of Russia’s telecoms provider offline, preventing the central bank from digitally communicating with the outside world.

In April, another attack disabled IT systems at the Federal Customs Service, forcing inspectors to fall back to pen and paper.

While they may appear small on their own, these attacks contribute to Russia’s ongoing economic meltdown.

Estimates from the OECD say Putin’s war economy will shrink by 2.5pc in the worst-case scenario this year, wiping about $56bn (£43bn) from its gross domestic product.

Alan Woodward, a security expert from the University of Surrey, points to the riotous community of Russian Telegram bloggers who chronicle every IT outage as proof of Western-backed attempts to use Russia as a proving ground for cyber attack techniques.

“Russia is slightly hampered because it is one of the two parties in the war so is almost a ‘legitimate target’ provided the attacker is not probably a Western country,” he says.

This semi-official cyber war against Russia is starting to bite, with even Putin’s ministers being forced to admit the situation is getting worse for them.

Deputy digital minister Aleksandr Shoitov said a fortnight ago: “The attacks are really getting harder. They also masquerade as [distributed denial of service] attacks. Hackers use rather difficult vulnerabilities.”

In a vain attempt to reassure ordinary Russians he added: “But the country is holding out, we are working effectively, we are raising the front of our security.”

Those reassurances may fall on deaf ears, however. Local news reports described the customs service as having been “partially paralysed” in April.

A spokesman for freight business Delko said that in the days after the attacks, just 44 vehicles instead of the usual 200 were able to pass through customs checkpoints as officials struggled to cope with normal traffic volumes.

Suspicion for these disruptions inevitably falls on Ukraine, but in recent weeks Russia has begun pointing fingers at Volodymyr Zelensky’s Western allies.

US intelligence services were blamed by Russia in June for a major cybersecurity breach affecting Apple iPhones in the country.

The FSB spy agency, itself no stranger to hacking the West, said the US was behind an “intelligence action” that saw diplomats’ phones compromised.

Addressing the claims, Apple said: “We have never worked with any government to insert a backdoor into any Apple product and never will”.

Russia-headquartered antivirus company Kaspersky’s founder described the “extremely technologically sophisticated spyware” that engineers found on the phones of “senior and top management”.

“We believe that the main reason for this incident is the proprietary nature of iOS,” said Eugene Kaspersky in June, referring to the Apple software that powers all iPhones.

“Detecting and analysing such threats is made all the more difficult by Apple’s monopoly of research tools.”

A company spokesman stopped short of pointing fingers at the West, however.

“We cannot speculate on the connection between any specific individuals or groups and the cyber attacks that have taken place,” the spokesman said. “As a cybersecurity vendor, our job is to do technical attribution and to analyse attacks.”

Identifying the culprits behind such cyber attacks is difficult, made more so by the inherently murky world of online disruptions.

Dr Lukasz Olejnik, an independent geopolitical researcher, voices what some Western cyber industry sources will only hint at when it comes to cyberattacks targeting Russian companies: “We cannot rule out involvement of Western state cyber operators, or Ukrainian services – none of this would be disclosed during this war, though.

“Western states are guaranteed to be active,” he adds, “but they would rather focus on efficient uses of such activities, not flashy defacements or data leaks… Some of [that] is surely done by ‘amateur’ hackers.”

Rafe Pilling, director of cyber security company Secureworks’ counter threat unit, says that verifying claims of who hacked what in a country like Russia is fraught with problems.

“You can check if someone claimed to be taking something down in advance or you can check if it was unavailable [beforehand] but even that can be somewhat difficult,” he says.

“In the same way that for a period of time where any IT outage in the West was a Russian cyber attack, I imagine there’s a similar climate either existing or developing inside Russia, in relation to these groups,” Pilling adds.

Ransomware is the main threat to Russian companies, according to Kaspersky – a finding that mirrors the trend seen in the UK and US, where the main threat comes from Russian-speaking cyber gangs wielding the malicious software to scramble their targets’ computer systems.

Customer requests to unscramble files encrypted by ransomware in January 2023 alone reached fever pitch, “exceeding half of the requests from the entire last [three months] of 2022,” the company said.

Whoever is behind the ongoing digital assaults on Russia, one thing is plain: while the country may have once been seen as a cyber aggressor, the last year has shown it is just as vulnerable as the West.

