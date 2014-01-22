By Jim Finkle
WASHINGTON Jan 22 A U.S. cybersecurity firm
says it has gathered evidence that the Russian government spied
on hundreds of American, European and Asian companies, the first
time Moscow has been linked to cyber attacks for alleged
economic - rather than political - gains.
According to the firm, CrowdStrike, the victims of the
previously unreported cyber espionage campaign include energy
and technology firms, some of which have lost valuable
intellectual property.
CrowdStrike declined to go into detail about those losses
or to name any victims, citing confidentiality agreements
related to its investigation.
Officials with the Russian Interior Ministry could not
be reached for comment early on Wednesday in Moscow.
"These attacks appear to have been motivated by the Russian
government's interest in helping its industry maintain
competitiveness in key areas of national importance,"
Dmitri Alperovitch, chief technology officer of CrowdStrike,
told Reuters on Tuesday evening.
Cybersecurity researchers have in the past said that China's
government was behind cyber espionage campaigns against various
corporations dating back as far as 2005, but China has
vehemently denied those allegations. Alperovitch said this is
the first time the Russian government has been linked to cyber
intrusions on companies.
Governments have been using computer networks to spy on each
other for more than 30 years in the type of surveillance
programs conducted by virtually every nation, according to
CrowdStrike. It is only in the past decade that some nations
have started using cyber espionage as a platform for gaining
data to help promote their national economic interests,
according to Alperovitch.
CrowdStrike has been following the activities of the Russian
group of hackers, which it dubbed "Energetic Bear," for two
years. The firm believes the Russian government is behind the
campaign because of technical indicators, as well as analysis of
the targets chosen and the data stolen, according to
Alperovitch.
"We are very confident about this," he said.
Victims include European energy companies, defense
contractors, technology companies and government agencies,
according to the CrowdStrike report.
Manufacturing and construction firms in the United States,
Europe and Middle East as well as U.S. healthcare providers were
also cited as targets in the report that was posted on the web
early on Wednesday morning,
CrowdStrike described the activities of the Energetic Bear
hackers in its annual cyber threat report, released on
Wednesday. It also documented attacks by hacking groups in China
and Iran and described the activities of the activist Syrian
Electronic Army.
Alperovitch, who is of Russian ethnic origin and now lives
in the Washington, D.C., area, is an expert on cyber espionage
who rose to prominence while working for McAfee Inc. While there
he managed a team of researchers who produced a landmark January
2010 report that described how Chinese hackers had launched an
unprecedented series of attacks known as "Operation Aurora" on
Google Inc and dozens of other companies.
In 2012, he co-founded CrowdStrike, which collects
intelligence about the activities of hacking groups around the
world and sells software to thwart such attacks.
He told Reuters that the data his firm has obtained about
Energetic Bear suggests that authorities in Moscow have decided
to start using cyber espionage to promote Russia's national
economic interests.
"They are copying the Chinese play book," he said. "Cyber
espionage is very lucrative for economic benefit to a nation."