SVR HQ Yasenevo, Moscow

Old Pals, Three Intelligence Chiefs Naryshkin,
Putin and FSB Director Aleksandr Bortnikov

Naryshkin is seen a one of Putins strongmen or “siloviki” (in Russian) whose a career politician with senior roles tracing back to Putins predecessor Dmitry Medvedev. Naryshkin is now likely be in line for the order of Lenin when he retires by some accounts. Born in 1954, Sergey speaks French and English and has two children. Appointed to the role of SVR director in 2016 despite accusations In 2015 that he had plagiarised large parts of his doctoral thesis on economics, accusations he denied.
Naryshkin replaced Mikhail Fradkov, a former prime minister who headed the SVR since 2007 and has served as chairman of the Russian Duma.

The SVR was formed in 1991 as a successor to a division of the KGB and according to the Moscow Project the SVR handles external intelligence gathering and operates human intelligence officers, both under diplomatic cover and as covert officers.
They are perhaps best known for its penchant for long-term, deep-cover spy rings. As per the Moscow Project site, “One of these deep-cover SVR spy rings was uncovered by authorities in the United States in 2010. These so-called “illegals” had been trained by the KGB and had been living in America for over a decade. The FBI arrested ten of these agents in 2010, and they pleaded guilty to conspiring to serve as unlawful agents of the Russian Federation. The agents were later swapped in a high-profile trade for four Russians who had been imprisoned for spying for the west.”

Taking a look at the SVR homepage we see their mission statement which they state as

The SVR is low profile in comparison to the FSB and GRU intelligence branches, but it’s often imperceptible to know the differences between involvement in various operations that make it to the evening news in America. While the GRU was mentioned by Robert Mueller in the Hillary Clinton email hacking scandal, but the SVR was also involved. It also tried to recruit Carter Page, Trumps former foreign advisor and was specifically mentioned in the political opposition report referred to as the Steele dossier or Trump-Russia Dossier.
So now that we have a glimpse of who the SVR are, what kind of damage could they have done while the commander in chief was busy tweeting.

While you Were Tweeting!

It’s no secret that Trump has been pro-Putin to the point of openly admiring him as one of the worlds strong men and refusing to condemn him for acts of aggression. Aggression such as bounties on US servicemen being offered by Russian operatives in Afghanistan, US military vehicle ramming in Syria, aviation harassment, election interference and most recently the Solarwinds Hack which I’ll get to.

Trump early on set the tone for his feelings on the intelligence community comparing them to Nazis and refusing to read the daily intelligence briefs choosing instead to hear them orally and frequently interrupting and veering off topic. Amidst all that were the firings and resignations of intelligence leadership such as Dan Coats [DNI], Robert Mueller [FBI], Chris Krebs, Director of the Cybersecurity and Infrastructure and the list goes on. Even recently there were discussions in the oval office of ousting Gina Haspel [CIA chief] and Christopher Wray [FBI chief]. And of course let’s not forget the secret conversations with Putin and other world leaders moved to that “Highly Secure” server in the white house which has all led some to declare Trump a “Russian Asset”.

It’s against this backdrop, we find ourselves at the autopsy table of what was discovered by Fireeye last week, the SolarWinds hack.

How Bad is it Doctor?

To refresh memories or get you up to speed, the SolarWinds hack was a massive cyber attack launched against multiple US intelligence agencies, government agencies and businesses that was first detected by a company called Fireeye in the last few days.
Being familiar with SolarWinds products myself, I most commonly associate them with network monitoring software for viewing the health status of servers, switches, routers and other network devices that use the SNMP protocol. Founded in 1999 by Donald and David Yonce and heaquartered in Austin, Texas, it counts 300,000 clients in it’s portfolio of which 18,000 could be affected by the breach including several intelligence agencies, dept of energy (Yes the one who overseas Nuclear power plants), National Nuclear Security Administration (Yea the one that manages the Nuclear stockpile) Dept of Commerce, DHS and most of the Fortune 500 companies.

One industry analyst web.archive.org reckons that Solarwinds is installed on

– More than 425 of the US Fortune 500

– All ten of the top ten US telecommunications companies

– All five branches of the US Military

– The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States

– All five of the top five US accounting firms

– Hundreds of universities and colleges worldwide

Yikes!

What the hackers seemed to be able to do was to infiltrate the software update process of the Solarwinds Orion product essentially piggybacking on otherwise trusted software updates. The attackers took advantage of the normal and recommended best practice of keeping software up to date which went undetected for 6 months. 6 months is a long time to go unchecked on anyone’s network.

Once in the target networks, the attackers waited patiently until they collected enough data on authorized users to impersonate them, allowing the hackers to move through a victim’s network undetected for months, according to an analysis by the cybersecurity firm CrowdStrike.
It’s also said that each of the attacks require meticulous planning and manual interaction to go undetected, which would be indicative of SVR’s tactics and capabilities in the past.

So the original question becomes, how bad is it? those in the know have used the word a “Grave Threat”. Many high value targets such as Los Alamos national labs (think nuclear weapons design) and Boeing have reported suspicious activity already on their networks. It has been said that Solarwinds wasn’t the only vector of attack which potentially makes the attack much larger than already detected.
Analysts are also saying, the threat removal will be highly complex as just because it’s detected doesn’t mean it’s gone.

On a worst case scenario, Putin could have quietly neutered a US response to Russian aggression by having the ability for instance of taking out the national grid or interrupting the command and control systems of the Nuclear arsenal. US defense strategy was long focused on physical infrastructure including naval assets (destroyers/carriers), land assets (ICBM’s) and Air assets (bombers/fighters) for example as a triple deterrent to Soviet/Russian Federation aggression.
Cyber defense is in it’s relative infancy and Trump has done the intelligence community no favors as I think I’ve shown. Of course it’s not just military supremacy, If I were in the Kremlin at Putins desk, I’d be looking at opportunities for Ransomware injection into Fortune 500 companies, access to company sensitive data such as year end results before they’re published for an old stock market flutter. Opportunities abound for an authoritarian like Putin and America should be worried!
The nature and sensitivity of the targets that Putins men went after will likely never disclose the real scope of the damage caused, but even if it were a scratch and not a mortal wound, the failing of the intelligence communities not to detect an enemy inside the gates for 6 months or more looks bad (Recommended related read: My article on Snapshot Trends in Intellectual Property theft).
I sense that a root and branch review will happen in post-trump America which will involve protecting the protectors of their freedom and ensuring politicization of national security doesn’t happen again.