Q: There have been Russian hacking attempts aimed at US, British and Canadian COVID-19 vaccine research. How has Canada dealt with this and what do you recommend we do so we can protect intellectual property and national sovereignty against these intrusions?
A: This attack was undertaken by a group called Advanced Persistent Threat 29 (APT29), also known as Cozy Bear, or the Dukes. APT29 is the cyber espionage arm of the Federal Security Service and its international counterpart the SCR, part of the Russian federal Security Agency, formerly known as the KGB. Most notably, they were partially responsible for the hack on DNC servers and its chairman John Podesta, whose email password was compromised by a heavy spear phishing attack.
Russian government hackers were able to access other systems to which Podesta had credentials. They stole reams of data, including election strategies for key 2016 battleground states. It’s presumed that a similar tactic was used in the latest Cozy Bear trap on US and UK medical research labs working on a COVID-19 vaccine. In the CSE statement that exposed the hack it’s important to note a couple of things. First, attribution— governments don’t generally attribute hacks to a group or foreign government unless they are absolutely 100% sure of who is behind it. Second, the CSE stated the data was stolen, but more importantly, that hackers tried to inhibit progress on efforts to combat the virus.
This is significant as it defines an extremely malicious intent, which is to harm Canadians and our British and American allies. In my opinion, this constitutes an attack on Canadians. So why did they do it? Russia’s research capabilities are not quite equal to those in Western nations. A recent Washington Post report by George Will claimed that 1/3 of Russian healthcare facilities don’t even have clean running water or hot water for that matter. How can we expect a government that can’t provide clean running water in its hospitals to develop the vaccine for COVID-19? As the Russians and Chinese do when they can’t do it themselves, they steal intellectual property from others.
Putin’s real motivation, as always, is political. He has handled the pandemic very poorly. Several Russian health administrators who expressed criticisms of his handling [of the pandemic] have mysteriously fallen out of hospital windows over the past month. His approval rating among Russians is tanking along with the price of oil. Putin, whose power is based on the illusion of it must now demonstrate to his people that he can save them with a vaccine. He’ll do it by hook or by crook. In my opinion, orders to hack these institutions came right from the very top.
The CSE warned Canadian medical institutions in March that they could be hacked. That was an extremely important and very good first move, which should have given these institutions time to shore up their security. The CSE’s decision to attribute the hack to Russian intelligence services was also excellent. Exposing attackers in Russian government makes them vulnerable and demonstrates their intent. CSE should be hitting back at [Russia], in concert with the Five Eyes partners. The government should not shy away from using its power to push back against malign foreign actors and to disrupt them using threat-reduction measures. Given that the hack was employed to disrupt and hinder efforts to address the pandemic, one must assume that the hack was also intended to intensify COVID’s affects and cause harm to Canada and our allies. As such, the attack should also be brought to the attention of our NATO partners.
Read more here:
