Musings on cyber “atomic bomb”

Castle Bravo Test

Do you remember this comment from Andrey Krutskikh back during Infoforum 2016?

“You think we are living in 2016. No, we are living in 1948. And do you know why? Because in 1949, the Soviet Union had its first atomic bomb test. And if until that moment… the Americans were not taking us seriously, in 1949 everything changed and they started talking to us on an equal footing.  I’m warning you: We are at the verge of having ‘something’ in the information arena, which will allow us to talk to the Americans as equals.”

Basically, he said at the time that Russia was on the verge of developing the cyber equivalent of an “atomic bomb.”  Seems like a fairly significant boast.

So, here it is a year later and there have been a few cyberwarfare victories under Russia’s belt.  Two of which were pretty significant IMHO.  I’ve been trying to see if I can figure out which of the recent Russia cyberwarfare campaigns (or maybe something else we in the public arena don’t know about yet) is the “atomic bomb” that Krutskikh was crowing about.

The way I see it, there are four possibilities:

  1. Global election tampering
  2. Equation Group Infiltration
  3. Something we don’t know about because it isn’t public
  4. Something we don’t know about because it hasn’t happened yet

If he’s referring to the use of cyberwarfare capability for election tampering, that would be what most folks thought he meant on the basis of the timing.  Specifically, just a short while after the statement, we started seeing systematic attempts to influence election outcomes: the US, France, and so forth.  What makes this option seem less likely to me though is that election tampering isn’t exactly new for Russia – they were tampering with elections (their own and other countries) for years.   So was it instead the method by which they’ve effected the tampering that makes it “atomic bomb” level impact?  I’m a little dubious that this was what he meant by “atomic” level capability.  Hiring a bunch of trolls is a far cry from atomic bomb level capability.  But maybe he’s into hyperbole.  Could happen.

It could also be that he’s referring to the infiltration of the NSA Equation Group by the FSB/GRU Shadow Brokers.  We know that the Shadow Brokers published the Equation Group toolset a while back (if anybody was unclear on this point, see WannaCry.)  We can intuit since the toolset was dated (2013) that, whatever infiltration they did, it’s either been uncovered or closed off — there’s no way that a covert infiltration could continue after they posted that they had acquired the toolset and also the files were pre-2013.  But if it was closed of in 2013, why would he be bringing it up in 2016?  The level of impact (systematic infiltration of the NSA Equation Group) seems pretty severe – maybe “atomic” level – but the timing of this seems off.

The last two possibilities – i.e. something we haven’t seen yet – seem most likely to me in light of the above.  Specifically, that Russia has an as-yet-undisclosed cyberwarfare capability that we haven’t seen yet.  It’s possible that’s “tin foil hat” territory – and frankly is the result of wild-ass speculation on my part – but if so it should be interesting times ahead.