From: New East Europe

One of the most popular topics of public debate in recent months has been the cyber espionage activities by the United States and their global impact. It is true that PRISM is a tool used by the National Security Agency. It is also true that it is not the first programme, nor the only one, and definitely not the last one. The release information about its existence does not aim to halt these types of activities, but rather weaken relations between the European Union and the US on many (especially economic) fields and to build an atmosphere of mistrust in
the eyes’ of the Europeans.

There should be a balance in this situation. It is obvious that many European politicians and security experts knew about the “cyber-priority” even though there was lack of knowledge about the technical specifications and maybe the scale of these types of programs, but their existence was no secret. Secondly, the US National Security Administration and its Central Intelligence Agency are not only the intelligence agencies that use extended cyber espionage tools. We can easily point to China with their APT-1 division, North Korea with its Cyber Offensive Division of Military Forces, Iran and its fast growing technological capabilities or the Russian Federation with the Federal Security Service and its Foreign Intelligence Service that has strong competencies in cyber-security and cyber-offense activities.

In this context there is a need to mention two main Russian programmes: SORM (Система Оперативно-Розыскных Мероприятий) and PAK (Comprehensive information and communication control of the internet). These are not espionage tools but they have this kind of ability which shows that Russians have the potential (or they already use) to make a system similar to the US PRISM.

For Central and Eastern European countries, this is not good news. It should be recalled that the last seven years had many examples of a cyber-attack that was proved to come from Russia (or there was strong evidence for it). Estonia in 2007 was attacked and paralysed, Lithuania in 2007 was victim to denial of service attacks (DDoS) and the defacement of many news sites, Georgia in 2008 faced a cyber-attack prior to Russia’s military actions, and Poland in 2009 saw cyber incidents during Vladimir Putin’s visit. Again in Georgia, in 2012, CERT.ge (Georgia’s Computer Emergency Response Team) found Russian traces that could intercept critical information (Georgia is not in the CEE region, but these cases mentioned show the Russian Federation’s potential) while in the Czech Republic in 2013 there was a cumulated attack that paralysed many bank and news sites – evidence also points to Russia. Many specialists concluded that Russia treats this region as an area for training their cyber capabilities. The examples mentioned above are only a few of the incidents recorded in Central and Eastern Europe.

The case of the Finnish Ministry of Foreign Affairs, revealed in November 2013, also leads to the conclusion that the tools in the cyber arsenal of the Russian Federation are more and more sophisticated. The potential leak of four years of information from Finland/EU is something that should be analysed in detail and be a strong motivation for further cyber-security activities; especially when there are suspicions that the malware used in Finland could also be used in other countries.

Read Complete Article