Russia: Retaliation Against Cyber Cossacks

Archives

July 8, 2021: Many Russians are coming to realize that the 2014 invasion of Ukraine has been a disaster for Russia. Because of that invasion Russia has become the second most sanctioned country on the planet, surpassed only by Iran. Part of the reason is that Russia has a larger and more diversified economy than Iran. The government downplays the impact of the sanctions but the average Russian knows better, and notes their living standards declining year after year. Russia is visibly less affluent than Ukraine, and even more so than Eastern European countries that suffered under Russian-imposed communist governments until the late 1980s when the communist-era economic system collapsed in Russia and ended the Soviet Union and the Cold War in 1991.

Many of the Soviet era policies have been returning since 2000 and this has limited economic growth. The government won’t admit it, but Russia’s neighbors have and are taking advantage of the Russian decline. For example, despite Ukraine being at war with Russia, and Turkey being an ally of Russia in Syria, business is business when it comes to the arms trade. Ukraine and Turkey have increased their trade in weapons and weapons technology since 2014. Ukraine is taking advantage of the fact that Russia and Turkey are more frenemies of convenience in Syria than true allies. After all, Turkey is a member of NATO, a cold war era organization created to deal with Russian aggression. Ukraine is seeking to join NATO and being on good terms with Black Sea NATO nations like Turkey, Romania and Bulgaria is important. This annoys Russia a great deal but there is not much they can do about it that does not make the situation worse. Russian actions since 2014 have triggered a huge increase in military spending in Europe, especially East Europe.

Russia has also lost much of its most profitable arms export customers with the continuing decline in orders from China and India. Russia is still the largest supplier of military equipment to India, but those exports have declined by nearly half since their Cold War peak which reached over 80 percent of Indian weapons imports. In the last decade that has fallen to fifty percent and continues to decline. The post-2014 sanctions are part of the reason for the decline of arms sales, but the main reason is that Russian weapons are still second rate as is their after-sale support.

July 7, 2021: Western neighbor and ally Belarus continues to suffer from widespread unrest triggered by the blatant rigging of the August 2020 elections. Belarus fought back with police-state tactics that angered its European neighbors and trading partners. This led to European sanctions and now Belarus has responded to that by banning Europe-to-China traffic (air, truck and railroad) via Belarus territory. Worse, people smugglers were quietly informed that they would have no problems from Belarussian border guards when moving their illegal migrants from the Middle East and Africa into Europe. This creates more anti-government anger in Belarus and more headaches for Russia.

In Belarus, tampering with the vote has been common since the 1990s but it gets worse and worse as more voters turn against the government via larger and larger pro-democracy demonstrations. For 26 years Belarus president-for-life Alexander Lukashenko has ruled as a loyal ally of Russia. That has not revived the Belarussian economy or improved the lives of Belarus voters. A new post-Soviet Union generation of voters has seen how life is better in democracies, especially other former victims of Russian rule like neighboring Poland, Lithuania, Latvia, Estonia and Ukraine. They blame Lukashenko for the poverty and mismanaged economy in Belarus, as well as an incompetent response to covid19.

The current crisis came right after August 9th 2020 when Lukashenko was elected to another term. Unlike past rigged elections, this time there were major and sustained public protests against his decades of rigged elections, corrupt rule and inability to do much of anything effectively. Since the late 1990s Lukashenko has won reelection with 80-90 percent of the vote in visibly fraudulent voting. Lukashenko has been in charge since 1994, when he consolidated power in the wake of the dissolution of the Soviet Union, and the creation of Belarus. Lukashenko is a Soviet era official, who runs Belarus like the Soviet Union still existed. Belarus is a police state, where elections, and everything else, is manipulated to keep the politicians in power. It's a tricky business, but so far Lukashenko has kept the security forces up to snuff, and on his side. He bribes or bullies key officials to keep the country running. Lukashenko has maintained good relations with Russia, getting him cheap fuel supplies and other aid. Belarus is small (9.5 million people) compared to neighbors Russia (146 million) and Ukraine (42 million) and Russia wants to absorb Belarus and Ukraine to rebuild the centuries old Russian empire that the czars created and the communists lost. Lukashenko, like the majority of Belarussians, oppose being annexed by Russia. At this point Russia is not seeking to annex Belarus or send in security forces to help suppress what has turned into a rebellion against Lukashenko.

Lukashenko is becoming more of a liability for Russia but is currently still a “favored ally.” Russia would like to be rid of Lukashenko but there is no one in Belarus with his skills and experience. Russia has created a major problem for itself in Belarus. Not as bad as the mess in Ukraine, but still another setback in the Russian effort to rebuild Soviet-era Russian empire.

Russian president-for-life Vladimir Putin has made no secret of his desire to make Ukraine part of the Russian Empire once more. Putin does not name Ukraine, but he does constantly refer to his goal of making Russia a superpower again and to do that he needs a larger Russian-speaking population that would provide a huge boost to the economy. Belarus won’t do, only Ukraine will. Russian plans to absorb Ukraine came apart in 2014 when Ukraine organized a strong military response much faster than Russia expected. Ukraine has continued to resist and done so by becoming a major trading partner with China and Turkey, two Russian allies who believe business is business. Ukraine is continuing to seek membership in NATO. Russia has discouraged this by insisting that if Ukraine became a NATO member it would be considered a warlike act against Russia and Russia would respond. The problem is that Russia has not got sufficient conventional forces to grab Ukraine or do much of anything to anybody. Threats to use nuclear weapons have been made so often that they no longer have much impact. The only real offensive weapon Russia has is its Cyber Cossacks, or hacker gangs who can use Russia as a sanctuary from retaliation as long as they do not go after Russian businesses or government agencies. In addition, the hackers have to do some “government work” occasionally to steal stuff from targets that are generally avoided as too dangerous and not very lucrative, like foreign militaries and intel agencies. Like the original Cossacks who worked for the monarchy to do the dirty work, often against neighbors, the Cyber Cossacks work to rebuild the old empire. The communists outlawed the czarist Cossacks, who went underground until the communist empire fell. The most effective post-Soviet Cossacks are the Cyber Warriors who operate much like the mounted marauders the Czars depended on for centuries. The problem with Cyber Cossacks is that foreign targets can and increasingly will retaliate with their own Cyber Warriors. The original Cossacks were never very effective against professional troops and avoided them. We’re about to see a replay of that conflict.

July 6, 2021: Russia has finally carried out it’s long threatened “de-dollarization” plan and converted all the dollars in its National Wealth Fund (NWF) to Euros and Yuan. Abandoning the dollar is part of a plan to neutralize the power the dollar and the United States have over the global banking system. Russia needs this to get around a lot of sanctions Russia, and trading partners like Iran are suffering under. Russia realized there would be costs to abandoning the dollar and within weeks of selling off all its dollars its NWF lost $2.2 billion, or two percent of its value. This was not surprising because American economy continues to outperform the Euro nations (most of Western Europe) and the Chinese currency is unstable and unpredictable compared to the dollar. Abandoning the dollar also made Russia more likely to become too dependent on the Chinese currency (the yuan). By selling off dollar denominated assets (bonds, government debt) and switching to yuan denominated equivalents Russia becomes more dependent on (and vulnerable to) Chinese financial and territorial threats.

July 5, 2021: The NATO countries participating in the annual Exercise Sea Breeze joint training in the Black Sea began their activities on June 28th and will continue for two weeks. This is the 21st Exercise Sea Breeze and since 2014 Russia has considered this NATO joint training a hostile act, especially since Ukraine has been a regular participant, which is normal for nations seeking to join NATO. While the Russian harassment made for great headlines, NATO officers pointed out that the Russian efforts to disrupt Sea Breeze made the exercises more realistic and at Russian expense.

July 3, 2021: In the central African nation of Mali, the May coup was led by an army colonel who was threatened with a cutoff in military and economic aid. When foreign donors, including France, intensified their criticism, the coup leader threatened to call on Russia to replace the Western foreign aid donors and troops in Mali. While this threat made for great headlines it ignored the reality of how Russia and China operate in Africa, where these two nations are often the cause of corruption and never the cure. Russia is too broke to provide foreign aid and if you want Russian troops or military contractors you have to pay for them, preferably in advance. China is even more mercenary, demanding payment in natural resources or other assets. China is a buyer, not a peacekeeper or charity. Russia tries to emulate China, but is not as effective. An example of this is continuing to play out in Venezuela, where Russia has some troops and has been assisting the socialist dictatorship there that has trashed its economy even though Venezuela has the largest national oil reserves in the world. To make their Venezuelan efforts pay off Russia, more than China, has to make sure the current government stays in power at least long enough to pay off its debts to Russia.

July 2, 2021: Russia based hacker group REvil carried out the largest ransom attack ever when they claimed to have crippled the VSA network management software developed by a U.S. firm Kaseya and used by thousands of businesses worldwide. REvil demanded $70 million in cryptocurrency to undo the damage. REvil has reduced that to $50 million as they noted the rapid and apparently effective Kaseya response. Kaseya was the first to detect the hack and has issued regular updates to its customers on how Kaseya is dealing with the hack. This included rapid development of a software patch that the thousand or so customers suffering from the hack could apply to undo the damage. The degree of damage varied from customer to customer, with some promptly shutting down their networks and quickly applying the Kaseya patches. Other customers delayed their response and more damage was done. Kaseya says their patches reverse any damage REvil has done and that no one should send REvil money to have their systems cleared of the infection. Kaseya pointed out that there was no guarantee that the REvil fix would work as promised. Groups like REvil have been known to provide flawed unlock software and sometimes the fix does not remove hidden malware that makes it easier for another hack to be carried out. If REvil continues to reduce their ransom demands this incident will become a very public battle between the Cyber Cossacks and their supposedly defenseless victims. We might get an interesting action film out of all this because historically the Cossacks are rarely defeated when they make a surprise raid.

This REvil attack comes less than a month after the American president warned his Russian counterpart that the U.S. considers some of Russian based hacker attacks an act of war and unless the U.S. and Russia can reach an agreement on how to deal with this the U.S. will respond in kind. In one recent attack the U.S. did respond and seized some of the cryptocurrency ransom before the Russian based hacker group could take possession of it.

In mid-2020 it became known that the U.S. president had secretly given the CIA permission to take more aggressive action against hacker groups responsible for attacks on the United States. This seems to explain a number of unexplained incidents where hacker groups had identities of members revealed or their operations sabotaged or disrupted. The CIA, NSA and Department of Defense had long been asking for this authority. Granting it to the CIA allowed the CIA to bring in NSA and Department of Defense experts for joint operations. Russian hackers have been responsible for a lot of the successful hacking operations inside the United States. Chinese, North Korean and Iranian hackers have also been active and they are also on the CIA target list.

The basic problem here is an old one; attacks via the Internet are not easy to trace back to the source if the attackers are careful. Russian and Chinese hackers have been very careful and very successful as have been their American (mainly NSA) and Israeli counterparts. The fundamental problem here is what criteria for “proof” do you use before declaring a particularly damaging (as in loss of life and military equipment) attack an act of war and counterattack in a meaningful sense. This is a question that has yet to be answered. Russia has admitted that hackers in Russia have long been active, usually only against foreign targets to avoid arrest. Russia does not admit that these hackers often do jobs for the Russian government. This is a custom with criminal gangs going back centuries but a denial still sort-of-works for diplomats.

July 1, 2021: After six months of effort, the government has only been able to persuade 16 percent of the population to get vaccinated against covid19. Russ now has four locally developed vaccines but all are similar and not trusted by Russians, or anyone else. The reason for the mistrust is the refusal of Russia to provide details of its vaccine trials that allegedly prove the effectiveness of Russian vaccines. This lack of corroborating trials data prevented many nations from approving the use of Russian vaccines. In nations where both Western and Russian vaccines were used the Russian vaccine appeared to perform less effectively. Russia seemed to confirm that when it recently offered booster vaccine shots because Russian vaccines were not handling covid19 variants, something the Western vaccines have no problem with. A Russian vaccine, Sputnik 5, was the first one to be put to use and was suspect from the start, especially the refusal to provide source data for the drug trials. This is mandatory for any trials to be believed and especially for drug trials. Chinese covid19 vaccines ran into similar problems and many nations that received these vaccines free-of-charge could not find enough locals willing to take the Chinese or Russian vaccine. Even North Korea openly bans the use of these vaccines and is seeking Western vaccines.

June 24, 2021: UN foreign aid officials complain that Russia is threatening to block renewal of UN authorization to send foreign aid to northern Syria via Turkey. There are a million Syrians, most of them pro-rebel civilians in Idlib province where some 20,000 rebels and Islamic terrorists are holding out in the half of Idlib province they still control. The civilians are in desperate need of this aid but Russia sees that aid as sustaining the Islamic terror groups who keep attacking Russian bases in adjacent Latakia province. There are many rebel and Islamic terrorist factions in Idlib and by the beginning of 2021 these had overcome enough of their internal disputes so they could maintain more effective resistance to the slowly advancing Syrian troops and growing number of Russian airstrikes. The leaders of this opposition are Syrian al Qaeda members, some with a decade of combat experience. At the beginning of the 2011 civil war al Nusra, an al Qaeda affiliate formed and, under different names, remains the largest Islamic terrorist organization in Syria. Al Nusra evolved into a larger coalition (Tahir al Sham) which has been leading the rebel effort to hold onto some of Idlib province while trying to keep the rebels from fighting each other. During 2020 new leaders and new realities reduced the number of mutually hostile factions. The factional fighting became a major problem in 2017 and during 2020 the factions came to realize that without one “rebel leader”, or at least some form of ceasefire between factions, the Syrians, Russians and Turks could negotiate with or crush the factions separately.

June 19, 2021: In northeast Syria (Hasaka province) a Russian military patrol intercepted and turned back an American patrol trying to enter a town on the M4 highway that is claimed by the Assad government. This is also about control of the M4 highway. In January Russia announced it had negotiated the reopening of the M4 highway for commercial traffic after being closed for a month while Turkish forces cleared some Islamic terrorist rebels who were periodically attacking traffic. The M4 is the main east-west highway from Aleppo to the Assad stronghold Latakia province and its Mediterranean ports.

June 18, 2021: At the UN India joined China, Russia and 33 other nations in abstaining when asked to back a non-binding resolution calling on the Burmese military to abandon its February 1st coup. China had lobbied hard to prevent a positive response to this resolution, by letting everyone know that anyone to backed this resolution could expect less cooperation in settling any current disputes with China. India was also admitting that the current Burmese military government was probably going to survive and India would have to deal with that for a long time, like it did with the previous Burmese military government which lasted from 1962 to 2010. Myanmar (Burma) is a neighbor of China and India and formerly part of the British colonial holdings in South Asia. The Burmese generals are seeking to maintain its close ties with China and Russia while it struggles to establish control of the country because this time, unlike 1962, the population is fighting back. China assured the Burmese generals that as long as Chinese economic interests in Burma were safeguarded China would continue to pay the military billions of dollars a year. Some of that money was already being paid to the military because the military owns a lot of the companies that have lucrative contracts with China. Other Chinese investments are supposed to pay the Burmese government. The military wants it all. China will continue to use its veto powers in the UN to block UN actions against the Burmese military. Even before the coup Burmese generals maintained their connections with China and that was the main reason China has sold $1.4 billion worth of military equipment to Burma since 2010. Russia sold $800 million worth. Together China and Russia accounted for over 90 percent Burmese spending on imports of military gear. In 2011 the Burmese generals were forced to end nearly half a century of military government and allow elections. Russia has indicated that its support, at least as an arms supplier, would continue if a civil war developed and the generals could still pay for Russian arms, in advance if necessary. The 2021 coup triggered an economic crisis and popular opposition that is moving towards civil war. Anti-government demonstrations continue despite troops and police being ordered to open fire. Some of the demonstrators are shooting back. So far nearly a thousand demonstrators have been killed by the security forces and ten times that number wounded or arrested. The Burmese military is comfortable with a cozy relationship with China and Russia but most Burmese are not.

June 17, 2021: The UN rebuked the Central African Republic’s (CAR) security forces and some of its militia allies. The UN claims CAR security units and their allies had committed atrocities and targeted UN peacekeepers with hostile threats and acts. Earlier this month the Security Council condemned atrocities by CAR forces and attacks on UN peacekeepers may be considered war crimes. Russia and Rwanda both have troops in the CAR. The U.S. recently claimed there is evidence Russian military advisers have led military operations that have “confronted” UN peacekeepers. Russia denies the allegations.

June 8, 2021: In southern and central Syria Israeli air strikes hit targets in Damascus, Tartus (a Mediterranean port with a Russian naval base) and the T4 airbase in Homs province. These attacks killed at least eleven Syrian troops and militia. The attack on Tartus avoided damaging the Russian naval base.