Christopher Mims is a technology columnist at The Wall Street Journal, which he joined in 2014. Mims received a bachelor’s degree in neuroscience and behavioral biology from Emory University. He has worked as an editor at Scientific American. He writes: “Alongside the physical violence of the Russian assault on Ukraine, a parallel cyberwar is under way that has little, if any, precedent.
The digital battle so far has proceeded in ways cyberwar specialists didn’t expect—and that has many of them concerned about how the technological dimensions of Europe’s worst conflict in decades will play out. In particular, they’re concerned about its potential to spill beyond the borders of the two combatants.
On one side is Russia, a hacking superpower that began its digital assault on Ukraine months before its tanks rolled across the border, but whose efforts have so far been surprisingly limited. On the other side, Ukraine is a relative weakling in cyberspace that has become the first country to fight back against an invader by publicly calling up an international army of vigilante hackers. The country also has hundreds of thousands of tech workers inside and outside the country who are participating in hacks and cyberattacks on targets in Russia, according to Viktor Zhora, deputy chief of Ukraine’s government agency responsible for cybersecurity.
Professionals who monitor cyber threats, both for governments and corporations, are concerned that the worst is yet to come, in the of both direct attacks by Russia and collateral damage from attacks by both countries. Those specialists are on high alert because Russia, in particular, has a history of unleashing cyber weapons that wreak havoc far beyond the computers and networks that were their original targets.
The Kremlin has repeatedly denied carrying out malicious cyberoperations.
“All of this is unprecedented,” says Jean Schaffer, a chief technology officer at cybersecurity company Corelight who spent more than 30 years working for the U.S. Defense Department, most recently as chief information security officer at the Defense Intelligence Agency. “It is not something we have war-planned and mapped out and said: ‘Hey, this is what we think is going to happen.’ ”
For a glimpse of what has specialists worried, consider a piece of malware dubbed HermeticWizard.
Hackers traced to Russia began at least as early as January targeting Ukraine with “wiper” malware, designed to destroy computers by wiping their contents completely, says Ray Canzanese, director of threat research at cybersecurity company Netskope. New versions of such mal-ware have been discovered since then, each more sophisticated and potentially destructive than the last.
HermeticWizard, which researchers detected in the past week, is the most dangerous yet, a piece of software designed to spread another, HermeticWipe, to any other potentially vulnerable computers in a network, Mr. Canzanese says. Previous Russian wipers—there have been at least three targeting Ukraine since January—weren’t paired with additional software to spread them autonomously.
Malware with such “worm” characteristics was behind the devastating NotPetya attack in 2017, the most economically damaging cyberattack in history. Attributed to the Russian state, NotPetya did billions of dollars’ worth of damage to companies like Maersk, FedEx and even Rosneft, the Russian oil company, even though its intended target was Ukraine. “Everyone in cybersecurity is saying they are bracing for the next NotPetya,” he says.
The wiper malware Russia already deployed has targeted computers within Ukraine’s government, and its banks, to erode the country’s capacity to communicate and function, adds Mr. Canzanese. This same malware also struck computers that are part of Ukraine’s border- control systems, according to one security researcher in the region, hampering the processing of refugees leaving the country.
So far, the attacks have affected just a handful of Ukrainian government contractors and financial organizations, and seem intended primarily to demoralize defenders in Ukraine.
Another kind of cyber offensive, a “denial of service” attack in which websites and other services are flooded with spam traffic, has made government and banking websites difficult to access, said Mykhailo Fedorov, Ukraine’s minister of digital transformation.
All that activity notwithstanding, cybersecurity experts are broadly surprised that Russia’s cyberattacks haven’t up to this point been more effective or devastating.
When Russia attacked Georgia in 2008, and again when it attacked Ukraine in 2014, it launched sophisticated cyberattacks that hijacked and rerouted internet traffic. In the case of Russia’s annexation of Crimea, the attacks allowed Russia to take over communications networks.
That hasn’t happened this time in Ukraine, at least as of Friday. “Many of us thought the Russians had pre-positioned themselves inside the networks of a lot of infrastructure to disrupt it long in advance,” says Chester Wisniewski, a principal research scientist at cybersecurity firm Sophos. “But we haven’t really seen that, and it’s been so odd.”
There are many theories about why Russia hasn’t shut down critical infrastructure in this war. It could be that Russia didn’t want to damage systems its leaders thought it would be able to quickly take over in a blitzkrieg. It could also be that Russia tried but that Ukraine learned lessons in the past eight years that allowed it to fortify its systems against damaging intrusion. In any case, the lack of clarity reflects how difficult it is to predict what could come next.
The situation on Ukraine’s side is also volatile. Thousands of Ukrainians are taking part in cyberattacks on Russia, targeting government services, media, transportation, and payments systems, said Mr. Zhora, the Ukrainian cybersecurity official, in the Friday briefing.
A nation-state calling for vigilantes to attack its enemies during an active conflict can lead to unintended consequences, including impacts for innocent targets, says Mr. Wisniewski.
Gangs of cybercriminals, which historically have been tolerated inside Russia in a way they are not allowed to operate in the U.S. and allied nations, have also pledged retaliatory attacks against Ukraine and its allies. But when one such group, the ransomware collective Conti, said it would attack Russia antagonists, it soon had to contend with the leak online of a huge trove of its internal communications and hacking tools.
And so a cyberwar between groups that aren’t officially connected to the combatants continues to volley back and forth.
The longer the conflict in Ukraine drags on, and the more Western firms pull out of Russia, the more opportunity and incentive Russia has to use its most potent cyber weapons against companies and nations, says Rob Gurzeev, who was one of the chief technology officers at Israel’s Unit 8200—roughly the equivalent of the U.S. National Security Agency.
An attack on oil-and-gas companies could have far-reaching impacts in the U.S. and elsewhere. “You worry that they might be holding something like their nuclear- bomb equivalent of a cyberattack, and we just haven’t seen it released yet,” says Ms. Schaffer.
The war in Ukraine has twinned cyberweaponry with tanks and other traditional tools of war in a way we haven’t seen before. The digital attacks started first, and they could well continue even after the shooting stops.
People crowded the Kyiv train station this past week seeking to escape.”
—————————————————–
On a related issue; Angus Berwick is a reporter with The Wall Street Journal in London, covering cryptocurrencies, financial crime, and markets. He joined the Journal in mid-2023 from Reuters, where he worked as an investigative reporter focused on white-collar crime and as a correspondent in Venezuela and Spain. His work has been recognized with a Gerald Loeb Award, two Overseas Press Club awards and an award from the Society for Advancing Business Editing and Writing.
Ben Foldy is an investigative reporter in The Wall Street Journal’s finance section, based in New York City. He often writes about fraud, financial crime, cryptocurrency and corporate malfeasance. —Elaine Yu and Kate Vtorygina contributed to this article. They write:
“A self-described Russian smuggler in China received a request from the manufacturer of the legendary AK-47 rifle. Russia’s largest maker of small arms, Kalashnikov Concern, needed electrical parts for drones that have been among the most effective weapons against Ukrainian armor.
The smuggler, Andrey Zverev, took the late-2022 order to a Hong Kong electronics distributor. The U.S. was trying to cut off such deals, and even sanctions-wary Chinese banks were blocking payments from Russia.
The solution: Zverev used tether, the cryptocurrency, to relay millions of dollars of funds from Kalashnikov to its supplier.
Describing the transaction several months later in messages to a group of Russians, Zverev offered the same service. “We will deliver everything you need to exterminate each other,” he wrote in a Tele-gram chat. Payment was “ideally with crypto, of course.”
Tether has emerged as one of the world’s default black-market payment methods. The digital currency says it is backed one-to-one by the U.S. dollar. But unlike government-issued dollars inside the banking system, authorities have limited ability to trace its use.
The “stablecoin” is the most-traded cryptocurrency, with as much as $120 billion in tether changing hands each day—often about twice as much as bitcoin. Transactions totaled over $10 trillion in 2023, not far off what payment giant Visa said it processed in its most recent financial year.
For Vladimir Putin’s war machine, tether has become indispensable. It helps Russian companies weave around Western sanctions and procure so-called dual-use goods that go into drones and other high-tech equipment. Import-ers working with such goods make transfers in rubles into Russian bank accounts operated by middlemen who convert the rubles into tether and pay out local currency to their foreign suppliers in places like China and the Middle East.
The U.S. Treasury Department has pressed Congress to pass legislation that would grant it the ability to block transactions in dollar-denominated stablecoins like tether. Last week, the department blacklisted a Moscow company that had partnered with a Russian bank under sanctions to provide tether-based payments.
Tether’s privately held issuer, Tether Holdings—registered in the British Virgin Islands—distributes tether to customers in exchange for dollars, which it has mostly invested in U.S. Treasurys. Customers trade tether on virtual public ledgers known as blockchains or via private exchanges, sometimes to purchase other cryptocurrencies or, as in Russia’s case, to pay for goods and services.
Tether Holdings didn’t respond to questions for this article. The company said in December it had begun a voluntary policy to freeze digital wallets used to transfer its tokens that were connected with entities under sanction.
This account of tether’s role in Russian trade is based on interviews with people directly involved, along with thousands of messages on the Telegram chat app exchanged by brokers and importers.
The Journal verified details from Zverev’s account through interviews with his associates and Russian import and tax records. The records showed a supply chain of electronics connecting Zverev’s Hong Kong supplier, Kynix Semiconductor, and Kalashnikov’s main drone subsidiary.
Zverev, 41 years old, confirmed his work in an interview and shared the bill of materials he said Kalashnikov had given him. “Kalashnikov asked me to find some possibilities,” he said. “How to buy parts in China, and how to supply them.”
Zverev saw few prospects in Russia while studying for an economics degree from a state university in the Siberian city of Omsk. After helping manage a Russian company’s supply network, he flew to Shanghai to chase new opportunities.
Zverev built ties with local factories and arranged supply routes to Russia that enabled companies to avoid paying Russian customs duties. “I became a smuggler,” he once told a Telegram group. He helped run bitcoin-mining operations in China, and resold microchips to buyers back in Russia to power their own mining rigs, which solve complex formulas to mint new bit-coin. He was using tether to charge Russian customers.
Zverev preferred tether over traditional banks because it was anonymous, he told customers. The Tether Foundation rarely froze digital wallets because of users moving “dirty money” through them, he wrote.
His preferred tether-trading platform was a Moscow based crypto exchange called Garantex. Launched in 2019, Garantex runs cash exchangers inside Russia and abroad that allow customers to swap rubles for tether and then into foreign currency. When Russia invaded Ukraine, Zverev wrote that readers should protect their savings from the plummeting ruble by buying tether on Garantex. Because Garantex worked almost exclusively with Russian clients, “the evil regulators” in the U.S. and Europe wouldn’t be able to shut it.
Garantex was blacklisted by the U.S. two months later for being a haven for cybercriminals. True to Zverev’s word, its business continued to thrive. A Garantex spokeswoman denied the exchange facilitates criminal activities and said it abides by Russian law.
In April 2023, Sergey Mendeleev, founder of Garantex, convened some of Russia’s most experienced crypto figures in a Telegram group to discuss importers’ problems. He referred queries about their China payments to Zverev. Mendeleev told the group he was launching his own payment firm, Exved, to help importers pay foreign suppliers within hours via tether.
In August, Mendeleev estimated the monthly volume of the entire “shadow trade”—as members called it—at as much as $10 billion. Others working in the trade agreed with this figure, though it couldn’t be confirmed by the Journal. Mendeleev later said Exved handled hundreds of millions of dollars of Russian foreign-trade payments in tether monthly just after starting operations.
He declined to comment. Zverev advertised his services in a separate Telegram group, mentioning: “Kalashnikov Concern is purchasing from China for its drone project, bypassing sanctions through me.”
After the invasion, Zverev had begun orchestrating the transport of electronics to Russia from China under a program introduced to import products Russia needed for the war without the original manufacturers’ consent. Electronics he purchased were loaded onto trucks and dispatched to Russia through Kyrgyzstan and Kazakhstan.
Zverev continued to use Garantex and other intermediary firms, to convert customers’ rubles into tether. He swapped the tether for yuan in Hong Kong, and then wired suppliers the money by a local bank transfer. The Garantex spokeswoman said it operates solely in Russia and has no knowledge about how Russian companies may buy tether abroad.
In December 2022, Zverev said a Kalashnikov subsidiary sent him the bill of materials that the Journal later reviewed. The document lists 248 types of electronic parts. Zverev took the order to Kynix, the Hong Kong distributor, which priced the order at about 70 million yuan, just under $10 million.
For the payment, Zverev said he used tether to “break up the connection” between both companies, making it harder for Western governments to trace the transactions.
————————————————————-
Another form of “piracy” has emerged from the several international conflicts initiated by the China-Russia-Iran-North Korea axis.
Mary Anastasia O’Grady is an American editor, and columnist for The Wall Street Journal. She has also, been a member of The Wall Street Journal editorial board since 2005. She writes predominantly on Latin America and is a co-editor of the Index of Economic Freedom. She is a recipient of the Bastiat Prize, a journalism award given annually by the Reason Foundation. It recognizes journalists whose published works “explain, promote and defend the principles of the free society.” She writes:
“Continued Houthi attacks on global shipping assets in the Red Sea have damaged Middle Eastern economies like Egypt’s. But they also may have increased threats to U.S. national security and international trade in other parts of the world.
Military-intelligence analysts I have spoken to believe that enemies of the West are looking to export the Houthi model of aggression—a kind of 21st-century piracy—to other jurisdictions. These analysts are worried that Guyanese waters could become a prime target. The role of the Houthis will be played by Venezuela.
This is speculative. But it comes from specialists who spend their days tracking the activities of nondemocratic actors out to destabilize the Americas. It isn’t the only explanation for recent shipments of military aid to Venezuela from Russia and Iran, complementing earlier deliveries from those countries and from China. But it’s a logical one and is supported by recent developments. If successful, the strategy would crimp global oil supplies, strengthen the narrative that Washington is impotent, and empower a U.S. adversary close to home.
The socialist wave in Venezuela that the late Hugo Chávez rode to authoritarian-ism has crashed. Dictator Nicolás Maduro is clinging to power through repression. According to polls, if given the chance to vote him out of office, most Venezuelans would take it.
The top choice for a new Venezuelan president is Maria Corina Machado. She’s backed by a coalition of opposition parties and won an opposition primary in October with more than 90% of the vote. She’s the first politician to overcome the problem of fragmentation among the antigovernment electorate, which makes her a giant threat to Mr. Maduro.
Unlike the anti-Chavistas who came before her, she’s a hero to working and poor Venezuelans and especially women. Their families have been torn apart by emigration as hyperinflation, poverty and crime have ballooned under the corrupt police state. This is why the regime has barred her from running in the July 28 election and has arrested members of her team. But Mr. Maduro is also looking for ways to recharge his base. Enter Guyana.
Venezuela’s claim to Guyana’s Essequibo region goes back to when the smaller, English-speaking country was still a British colony. Venezuela never accepted the 1899 ruling of a Paris tribunal that the Essequibo region belongs to Guyana. In the 1966 Geneva Agreement the matter wasn’t resolved but was put aside. As provided for in that agreement, the case is now before the International Court of Justice at The Hague. A ruling is expected this spring.
Venezuelan schoolchildren are raised on the narrative that the Essequibo was stolen from them. Railing against Guyana has long been a winning issue for Venezuelan politicians.
Yet playing the nationalism card in the face of dire unpopularity at home isn’t the only motivation that Mr. Maduro has to try to seize the Essequibo. He wants a piece of the action in the vast oil resources under the sea off the coast of Guyana.
A Venezuelan military operation to take and hold the Essequibo region’s rugged terrain would be challenging. As has been noted by at least one unnamed U.S. national-security official, Mr. Maduro doesn’t seem to have the necessary armaments. Most importantly, such a dramatic undertaking wouldn’t secure his ultimate goal of controlling the waters off Guyana.
On the other hand, a Houthi strategy of sporadically attacking commercial assets could undermine oil exploration and, Mr. Maduro has reason to hope, force a negotiation about rights to the sea.
Maduro military harassment of Guyana dates back to at least 2018. But it spiked in September when Caracas flew Russian Suhkoi jets low across Guyanese airspace. And at the same time, Venezuela began ramping up its political rhetoric and pushing military assets toward the border—including the maritime boundary—with Guyana. Venezuelan ocean-patrol vessels have long breached Guyanese waters, but in recent months they have sailed well into their neighbor’s domain.
Mr. Maduro may be blowing smoke. But the buildup of a working inventory of arms is troubling. In a forthcoming report, the Washington-based Center for a Secure Free Society says that thanks to Iran, Venezuela today has “an extensive range of military hardware.” This includes “swift Zolfaghar patrol boats, alongside a diversified drone fleet” outfitted with rocket launchers and smart bombs. Iran has also sent antiship cruise missiles, which China has supplied in the past.
Two analysts have independently told me that they’ve seen intelligence indicating that Russia recently sent weapons to Venezuela that could be used to hit Guyana or its allies hard if there is any attempt to defend against acts of piracy.
Deterring the use of the Houthi model in the Caribbean won’t be easy. But a first step requires choking off the external sources of weaponry, which the U.S. and its allies can do if they find the political will.”
Next time: U.S. response to omnipresent asymmetric warfare