Russia’s ‘Sandworm’ hackers will slither into the sunset

This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox. 

In the sci-fi universe of Dune, sandworms are colossal, apex-predatory monsters that burrow underground on the planet Arrakis. Real-life sandworms are slightly less terrifying, but equally good at evading capture.

No, these aren’t actual worms. “Sandworm” is the codename that cybersecurity researchers bestowed on a particularly brazen Russian military intelligence unit known for egregious digital aggression. (This story’s feature image is selected with apologies to Andy Greenberg, the hacking unit’s unofficial biographer.)

A codename is needed no longer. On Monday, the U.S. Justice Department indicted six people it alleges to be members of the marauding crew. You can read the full document—which John Hultquist, a threat-tracker in the Mandiant unit of the cybersecurity firm FireEye, calls “a laundry list of many of the most important cyberattack incidents we have ever witnessed”—here.

Sandworm is, indeed, behind a slew of big, bad hacks. You may remember 2017’s destructive NotPetya cyberattack, the repeated shutdowns of portions of the Ukrainian power grid, or the web server-crippling assault on the 2018 Winter Olympics in Pyeongchang. Or perhaps you’ll recall Sandworm interfered in the 2016 U.S. election and in the 2017 French elections.

It’s an open question as to what surprises Sandworm might have been—or, indeed, might still be—planning for the 2020 U.S. presidential election. If nothing else, British officials said Monday the hackers were plotting hijinks for the 2021 Tokyo Olympics.

But the U.S.’s indictment, well-meaning though it is, is unlikely to bring anyone to justice. Since these hackers operate in a jurisdiction outside of Uncle Sam’s reach—specifically, the tower at 22 Kirova Street in the Moscow suburb of Khimki—they will be able to continue their cyberwarmongering unimpeded.

Some people fear the official accusation could even inspire more flagrant bellicosity. “These indictments might prove to embolden them rather than curb their behavior,” warns Chester Wisniewski, principal research scientist at the British cybersecurity firm Sophos.

Other experts, like Sam Curry, chief security officer at the cybersecurity firm Cybereason, are more hopeful. “It’s hard to believe that this behavior will lead to meaningful changes in Russian foreign policy,” he says. “But the goal isn’t just bringing the perpetrators to justice. The goal is to lay the building blocks for future work and a more peaceful, democratic, collaborative physical and cyber world one day.”

It’s an admirable, if quixotic goal; in the meantime, the world ought to prepare for the worst. “We’re no safer than we were yesterday,” Wisniewski says. Were the Sandworm hackers “to be arrested, their replacements are already in training, and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred.”

A Dunish sandworm will survive even if cut apart. With this indictment, Russia’s Sandworm is barely knicked.

Robert Hackett

Twitter: @rhhackett

Leave a Reply

Your email address will not be published. Required fields are marked *