top of page

Country Report: Russian Hacking Practices

Written by Collin Boyd, Master of International Policy Candidate


The Russian Federation and, formerly, the Soviet Union have ideologically opposed the West since the beginning of the Cold War. On top of ideological differences, Russia’s general mistrust of European states stems from its lack of natural land barriers to protect itself. A strong and united Europe, as well as a technologically and ideologically strong United States, is a direct threat to Russia. These facts contribute to modern-day hacking operations, which is seen as a Russian foreign policy directive to protect the Russian homeland.

Brief History

Russian hacking may feel new to those who have been exposed to such operations in recent weeks, but it has been in place since the 1990s. Used as part of the FSB’s (formerly known as the KGB) espionage tactics, an early Russian hack called Moonlight Maze struck a wide range of American networks in the late 1990s.

However, the United States has not been Russia’s only target. In 2007, Russian hackers targeted Estonian internet providers which resulted in their internet capabilities being crippled for a few weeks. In 2008, a similar attack happened in Georgia during the Russo-Georgian War, which targeted internet providers and various news agencies to distort information getting out about the conflict. In the past decade, there have also been numerous attacks on allies of the United States, such as leaking campaign documents of the French President Emmanuel Macron in 2017. Later that year, a ransomware attack targeting Ukraine wiped out government ministries, power grids, and even healthcare networks. This particular malware, NotPetya, is one of the most destructive ever seen. “To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze NotPetya.

Occurrences in the United States

In recent years, significantly more attention has been paid to Russian hacking activities in the United States. In the 2016 election cycle, Russian hackers and cyber espionage groups worked to undermine the election process in two different ways. One, a long-running and multifaceted misinformation campaign on social media sites, such as Facebook, sought to sow doubt and division between American citizens. The nature of social media sites and the already growing political polarization has made this kind of cyber activity difficult to combat. Two, hackers stole email information from the Democratic National Committee resulting in the spreading of campaign information and strategies. Four years later, similar tactics once again were used in the 2020 election cycle. According to declassified intelligence reports, there was no persistent cyber effort to gain access to election infrastructure like voting systems; however, there were substantial disinformation campaigns to disparage then-candidate Biden and the Democratic Party and to support former President Trump similar to social media efforts in the 2016 election.

During this election cycle and in conjunction with the COVID-19 pandemic, social media sites took precautions to combat both medical and political disinformation. Twitter adjusted its practices of non-intervention in regulating user speech to creating and utilizing vast moderating capabilities to curb misleading information. For example, former President Trump and his allies had tweets removed or prominently labeled for being misleading. Facebook also increased its moderation practices by utilizing thousands of global fact-checkers to remove and label misleading posts.

In the past six months, more awareness and brazen attacks have brought cyber issues to the forefront. One of the more recent cyber attacks, the Solarwinds hack, targeted software systems used by federal agencies. Although the full extent of data harvested by this hack is not yet known, the scale of the attack is worrisome. Now, Russians have pivoted to essential industries that directly affect millions of Americans. Ransomware attacks on the Colonial gas pipeline impacted thousands of gas stations across the southeast United States as Colonial temporarily could not transport gasoline. As news broke of the attack, a gas shortage panic spread to American consumers as stations ran out of gasoline. Just in the past month, another ransomware attack targeted JBS, a major meat processor, prompting a halt in the meat processing which affected hundreds of workers in the United States. Again, as news broke, panic buying of meat led to shortages and price increases. These attacks target many of the computer systems in a company’s network, including billing and shipping. For both Colonial and JBS, they couldn’t process payments from distributors downstream, leading to the temporary closure of operations. Attacks on gasoline and meat in the past months signal to many that Russia is seeking to disrupt America more directly.

Is This Legal?

The short answer is, yes, cyber attacks are legal. International agreements of cyber warfare state that attacks that fall short of significant or substantial injury or death are allowed. Experts have also concluded that espionage and theft (ransomware) do not meet the high threshold of an armed response to cyber attacks. Russia is adept at toeing the line with activities that cause maximum disruption without the blatant death and destruction that traditional warfare may bring, such as bombings, drone strikes, and armed invasions. Plausible deniability by the Russian government creates a cover. The Kremlin and Putin have denied all recent cyber attacks on the United States, including SolarWinds, Colonial, and JBS. However, these cyber attacks have been traced to Russian-based groups, but it is unclear if there is a direct link to the Russian government or to Putin himself.

What Can the United States Do About It?

Part of the problem with these recent cyber attacks is that the American information infrastructure was and continues to be built in vulnerable ways. For example, American tech companies push expedience to market as opposed to fully-fledged out and tested products, which, over time, can lead to widespread security vulnerabilities, especially when such software is baked into government services. Furthermore, the costs and focus of cyber security often take a back seat even after more attacks have taken place. Specifically, companies tend to budget funds to pay a ransom in case they are attacked instead of upgrading their security system. Both Colonial and JBS paid the ransoms demanded by hackers against FBI recommendations. Even though the ransoms were recovered by CIA experts, American companies need to take cyber security seriously and invest heavily in their own systems now as opposed to waiting for a cyber attack.

More alarmingly, however, is that these cyber attacks are likely to continue for a long time. For one, the United States and other liberal democracies have not yet found effective deterrence options. Sanctions are becoming less reliable as a deterrent and more of a “cost” of doing cyber business. Two, a huge reason these cyber attacks are happening stems from the theft of the National Security Agency’s (NSA) own cyber hacking tools. In 2017, a group called the Shadow Brokers leaked sensitive NSA hacking tools online for others to copy. Since then, such tools have been used by North Korea, China, and Russia to conduct cyber warfare activities worldwide, including against U.S. city governments. The United States government and U.S. companies need to address their cybersecurity practices and invest in the future. Otherwise, Russia and other adversaries will continue to target U.S. industries, and Americans will have to hope they don’t hit on something truly catastrophic.


Recent Posts

See All


Post: Blog2_Post
bottom of page, pub-3890248928535752, DIRECT, f08c47fec0942fa0