A Russian spymaster has denied that his agency carried out the infamous SolarWinds supply chain attack in a public relations move worthy of the Internet Research Agency.
Sergei Naryshkin, head of the SVR spy agency, made his denial in a BBC interview broadcast on Tuesday.
"I'd be flattered to hear such an assessment of the work of the Foreign Intelligence service which I run. Such a high evaluation," said the spymaster in remarks translated by the BBC. The SolarWinds supply chain attack saw US and UK government institutions probed by Russian spies, as well as FireEye – itself a major US cybersecurity contractor.
"But I don't have the right to claim the creative achievements of others as my own," continued the SVR chief. As for whodunnit, he was less equivocal. When asked who carried out the SolarWinds attack, Naryshkin had an answer: the US and Britain.
After all, what proof was there that he and his spy agency were to blame? "There is none at least, none that has been made public. Have you seen proof?" he asked his BBC interviewer, who maintained a poker face.
"No, neither have I," said the spymaster. "At the same time we looked into who might be behind all of this."
Naryshkin then read aloud from a typed document, prepared with a noticeably large font size, and claimed that the Snowden revelations "proved" the US and UK were to blame because American spies deliberately weakened a default random number generation algorithm used in RSA products about a decade ago.
Divide and conquer
Nonetheless, the SVR chief's move is not without precedent. Before the fall of the Berlin Wall, Soviet Russia was well practised in two disciplines of military thought known as dezinformatsiya and maskirovka. Neither term translates well into English but one was about spreading false information among its enemies for political or socially disruptive gains and the other focused on battlefield deception.
These two broad concepts were briefly combined by policy wonks in the free world into something (misleadingly) called the Gerasimov Doctrine in the early 2010s, a term the US academic who coined it now hates – while grudgingly conceding that the spreading of disinformation in an effort to break down the West's trust in state institutions is Russia's aim in itself, even if the whole idea wasn't plucked out of thin air by one general as the term suggests.
- SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach
- Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency
- Who knew Uncle Sam had strike teams for SolarWinds, Exchange flaws? Well, anyway, they are disbanded
- It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US
As Stanford Internet Observatory's research manager Renee DiResta explained at last year's Black Hat conference: "Russia simply wants to divide people along existing social fissures, so they only have to reaffirm what their targets already believe."
"Russians are not trying to tell a story," explained DiResta in her 2020 talk, "They are simply dividing the population of the adversary."
So Sergey Naryshkin sat in front of the BBC's cameras and declared that the SVR didn't carry out the SolarWinds attacks, despite clear evidence presented by the global cybersecurity industry and the US and UK governments. It's not about making a truthful statement, it's about making the West doubt itself.
Not only the West: Russian-headquartered Kaspersky Lab made tentative findings after the SolarWinds attack that the Turla malware crew, which is thought to have links to SVR sister agency the FSB, might have been involved. On top of that, FireEye itself made public some of Russia cyber unit's tactics, techniques, and procedures, a move echoed post-attribution by the UK's National Cyber Security Centre. ®