Lithuania says Russian spyware infected government computers

Lithuanian officials call it “part of psychological warfare.”

Lithuania says Russian spyware infected government computers

Lithuania, Europe's southernmost Baltic state, is accusing Russia of having infected its government computers with spyware on multiple occasions.

Lithuanian intelligence detected at least three separate instances of Russian spyware on government computers. Those malicious programs primarily targeted low- to mid-ranking Lithuanian officials whose computers contained government documents.

Upon successful infection, the spyware exfiltrated every document and password it found on a machine and sent that data to a website that Russian spy agencies commonly use.

Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre, told Reuters that such behavior is business as usual for the Russian bear:

"Russians are really quite good in this area. They have been using information warfare since the old times. Cyberspace is part of that, only more frowned upon by law than simple propaganda.... They have capacity, they have the attitude, they are interested, and they will get to it – so we need to prepare for it and we need to apply countermeasures.... It is all part of psychological warfare."

MoscowCerniauskas makes a good point. If anything's become apparent this year, it's Russia's insatiable appetite for using the digital space to get what it wants.

The nation proved as much back in the summer, when we learned it had likely hacked the Democratic National Committee and stolen opposition research on then-U.S. Republican presidential nominee Donald Trump.

Two groups perpetrated the hack: COZY BEAR and FANCY BEAR, the same attackers that used Android malware to track Ukrainian artillery field units back in late-2014.

There's widely held consensus that Russia tampered with (but did not sway) the United States 2016 presidential election. As a result, other nations like Germany are preparing for possible Russian intrusions in their upcoming national elections in 2017.

Cerniauskas says he and his team didn't detect any signs of tampering in Lithuania's October 2016 election but that the country is nonetheless vulnerable to Russian meddling.

For its part, Russia has denied all charges of having conducted the spyware campaigns. President Vladimir Putin's spokesman Dmitry Peskov went so far as to tell Reuters they were "laughable" and unsubstantiated:

"Did it (the spyware) have 'Made in Russia' written on it? We absolutely refute this nonsense."

As we all know, words mean little when indicators of compromise keep showing up. It's therefore imperative that nation-states learn from the examples of Lithuania and the United States and implement certain safeguards to defend themselves.

But more is going on here. The international community has learned of a number of digital attacks that all point to Russia. It must ask itself: what is to be done? Sanctions have not deterred Russian aggression in Ukraine and the Middle East. What else can be done to put pressure on this consummate spoiler and make sure it plays nice?

Not an easy question to answer. But no doubt heads of state all over Europe are mulling it over.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

2 Responses

  1. furriephillips

    December 30, 2016 at 11:48 am #

    Why try to punish, rather than educate your citizens/users/sysadmins and give them the tools, to protect themselves & just spoil the attackers fun – no need to try to punish, just protect & defend.

  2. furriephillips

    December 30, 2016 at 11:50 am #

    Oh Graham, the conversion of the ampersands is a bit fugly!

Leave a Reply