Predicting the Cyber Winter
My descend to cyber paranoia started with an innocent LinkedIn message titled Друг Миха (Friend Miha). It was from Vadim, an old-time Russian friend from my past. He and his brother Genya were known all across the corporation and they knew everybody and everything: Genya was that crazy PhD professor who was always working on kernel-related dark technical projects, he knew Pi up to the 100th decimal place and rarely spoke more than 3 words in a sentence. Vadim, on the other hand, was speaking at least 8 languages (including mine!), was master of Russian martial arts (Система) and had superb wilderness survival skills. Genya and Vadim were the infamous dork-and-playboy brothers, technology geniuses that loved hard mathematical problems and shared a passion for chess and extreme outdoor activities. You know, a regular Russian emigrants that did totally normal things.
I didn’t see either of them for over 7 years, so I was delighted when Vadim sent me a LinkedIn message wondering what am I doing at my new job and if I’d like to come over for a chat about good old times. Who would say no to a chance to reconnect with the famous Russian brothers, right? And who would notice a small remark at the end of the message that said: “I see you are free on Thursday between 3 pm and 6pm, da?”
So, here I was, standing outside an unmarked building with no activity visible through the windows, ringing a doorbell underneath two surveillance cameras that quietly tracked my movement. The receptionist buzzed me in after a considerable wait and was very apologetic. I can call her Mary, she said, with a thick accent that clearly told me that her name is anything but Mary. If she’d say Nadezhda or Svetlana, or anything Russian-sounding, I wouldn’t mind at all, but by giving me an obviously fake name, she really raised my attention. “Sorry, I didn’t know today you drive your wife’s car. Why you not drive your car?” Huh? How does she know what cars do I drive? And that, my friends, was the moment where all of my tingly sensors went into full alert.
Vadim danced into the reception with a big grin on his face, like we saw each other no longer than a week ago. Slavic comradery knows no time boundaries — once you are a друг, you’re always a друг. “Privet! Kak delishki?”, boomed Vadim with his ever-charming voice while he led me into a main room of his facility. A bright room with several busy people behind computers. A room that was packed to the brim with monitors. A lot of monitors. I mean, stacks and stacks and stacks of monitors! More monitors than I ever saw in any global network control room! Except, this. Was. Not. A. Control. Room. I was able to see that in a second!
“Zdorovo, zdorovo”, I squeaked meekly while I tried to put the big picture together. Was Vadim not just a normal Russian immigrant? Were he and Genya planted here decades ago? Is this one of those Russian hacking cells that I read about in media? Did I just enter a Russian hackers den? Gosh, is that how they knew about my free time today? And what car I drive? My paranoia turned to 11 and I got that numbing feeling when you watch a shady activity in front of your eyes and you have no idea what should you do.
Monitors behind Vadim were flashing with Gmail, Facebook, Twitter, Amazon and other popular sites, in fully automated cycles: opening the website, logging-in, scrolling through pages of data, closing the session and moving to the next target. It looked like an automated harvester of personal information, capturing everything about everyone. Like an industrial scale of digital combine harvester, vacuuming everything and anything accessible. Hey, did the name of a person that I know just flash across one of the screens? Was that his Gmail with his private emails? And is that an IRS tax report that belongs to my neighbor? He makes that much money, that slacker???
A broad-shouldered person at the nearest computer stopped fighting with the keyboard and turned around. Of course it was Genya, the quiet dorky Russian brother! “Oh, кореш, is life good, yes?” Somehow I was crazy enough to ask the obvious: “Genya, what exactly are you doing here?”, and hoped that there will be some totally rational explanation for an obviously shady shenanigans on the screens behind him. Genya laughed and pointed to the monitors: “This? Da, you like? We are Информационный бизнес, an Information Business. We find the way to collect information. We then get the information. We sell information. Nyet illegal.”
It looks like this shadow business of personal information gathering is booming lately: some groups focus on collecting and reselling the access credentials (usernames and passwords), others specialize in bulk data harvesting and selling (like Vadim and Genya), and then there are groups that monetize the harvested data: they extract credit card numbers, package and resell emails of high-value targets (mostly politicians) and dig out the secrets. Big secrets. Secrets that can influence business, political or other outcomes.
I got some rather disturbing insights from my discussion with Vadim and Genya:
- Hacking is now mostly “privatized” and is no longer performed exclusively by nation-state units. Russian GRU Cyber-attack Unit and Chinese PLA Unit 61398 are still the most elite hacking cells of all, yet many nation-states rather buy the information “services” from independent hacker cells; If a Tier-2 hacking provider can do the job, why pay more, right?
- The maturity of hacking tools is out of this world. Tools now use artificial intelligence to mimic human behavior, and use nearly-infinite capacity of cloud encryption cracking farms that chew through any encrypted data with ease. That encrypted and DRM-ed email you wrote? About 20 minutes of 100,000 cloud VMs will crack it like an egg.
- The US internet is now the prime target for mass information harvesting: US has high concentration of valuable information, no enforced cyber control and complete dependency on digital communication. All that is lately coupled with oblivious ignorance about cyber security and no cyber hygiene at all. Just try pipl.com and see what data can be harvested about you.
- The “fake news” environment created the swamp where relevant disclosures are no longer trusted. Massive hacking attack just happened? Most of the population will not believe it, will declare it a propaganda and will not react at all. They will keep reusing the same password that was compromised, not thinking at all about the consequences.
Vadim and Genya absolutely love what they do and although shady, their work is not illegal. They are proud about their data vacuuming tools and what value they can extract from the wide-open digital swamp out there. Vadim was happily bragging how some of harvested information that they sold last year popped-up on Wikileaks and was published all over the mainstream media. Great success!
Genya then went all personal on me: he easily dug out my SSN number and showed me taxes I paid each year in the last decade. He tracked out what my car registration is and its movement across the tolling system in Seattle area. He could even view my wife’s Amazon shopping history, laughed at our family pictures and admired my credit score. Nothing that I thought is private, was private. He could read me like an open book! Remember, the Information Technology is my vocation — I felt ashamed! Vadim told me that I shouldn’t be embarrassed — the hacking tools are just so much more sophisticated these days, I didn’t stand a chance.
In other words, the cyber winter is coming.
When I asked Genya if he is collecting, storing and selling my personal information too, he kindly said Nyet. What he probably meant was not yet. So from now on, I use VPN tunnels everywhere, Tor browser for everything, password generators and 2-form authentication on each and every online service I use. You know, typical cyber security hygiene that I should do all the time anyway. Sorry, you have no idea what I’m talking about? Sounds too complex and too technical? I have a comfy message for you: please carry on, it will all be just fine and there is nothing to worry about.
Because the cyber winter is coming. And hungry digital wolves will go after the weak, uninformed and unprotected.
