After Trump Hacks, CrowdStrike Boots Russian Hackers 'Cozy Bear' and 'Fancy Bear'
What other foreign animals still lurk in the dark woods?
Though a full-bore cyberattack continues to keep top United States defense officials awake at night, there’s another, more pressing threat: cyberespionage. On Tuesday, cybersecurity firm CrowdStrike announced that it had successfully repelled two independent Russian hacking organizations — dubbed Cozy Bear and Fancy Bear — both of which had infiltrated the Democratic National Committee’s networks. Reports suggest that the hackers were on the hunt for information on Donald Trump, but the infiltration goes deeper than that.
Cozy Bear and Fancy Bear, despite their cutesy monikers, are all business. CrowdStrike’s detailed account of the hack reads like an awed, indignant hymn: “our team considers them some of the best adversaries… Their tradecraft is superb.” These two groups know very well both how to gain access and how to cover their tracks. They found their way into the vault and settled in as if to hibernate so as to remain undetected. Cozy Bear was inside for over a year, whereas Fancy Bear gained access more recently. CrowdStrike suspects that both were working independently — in other words, not cooperatively — for separate Russian intelligence agencies.
Both groups maintained network access. The DNC claims that the hackers were not interested in financial or personal information — they wanted dirt on Hillary Clinton and Donald Trump. Back in April, the DNC information technology team at last realized that there’d been a breach; they brought in CrowdStrike, which then installed software to detect illicit access. Until that point, the Washington Post reports, the hackers were surveilling several dozen of the research staff’s computers each day. And stealing files. And researching Clinton and Trump.
The fact that these Russian hackers had access to private U.S. government computer networks is not altogether surprising. We should assume that, even now, many hackers still have access to government networks. Many more bears are lurking in the woods.
Former Pentagon cybersecurity expert and Efflux Systems CEO Mike McNerney tells Inverse that cyber espionage is a much more pressing issue than cyberwarfare. With espionage, our adversaries have both the capability to carry out and maintain such attacks and the motivation to do so.
“Everybody’s coming in all the time trying to steal trade secrets, trying to get some kind of an edge — no doubt about that,” McNerney says. “I’m very worried about that. I think the answers to that are a lot less clear. Protecting critical infrastructure is fairly clear: it’s about technological standards, cyber hygiene, some form of common-sense regulation, and deterrence and national policy.” But sneak attacks like this one are “a lot harder to solve.”
And, for now, it’s less clear what, if anything, our government should do as retribution. “When does that, if ever, rise to the level of national calamity? There are people that are angry enough about that that they could consider it a hostile act. What does that engender in response?”