On 18 January, Lithuania experienced a cyber attack
aimed at TV3.lt—the website of a major Lithuanian TV channel—in which hackers inserted false information about Raimundas Karoblis, the minister of national defense. According to the story, Karoblis admitted to being gay and was accused of sexual harassment by a well-known radio journalist and some diplomats. In contrast to previous cyber attacks on the country, this story was written in good Lithuanian. TV3.lt removed the fake article within five minutes, but emails from the website’s account with the false story attached were sent to a number of prominent Lithuanians—politicians, ministers, foreign diplomatic missions, and other news sites. The initial IP address led to St. Petersburg, Russia, and the National Cyber Security Center of Lithuania started an investigation. The cyber attack took place
two days after Lithuania released the Magnitsky
List, which names 49 Russian citizens
banned from entering Lithuania for violating human rights.
But the point here is that every crime has a motive. To paraphrase a Russian saying, Russian hackers and designers of cyber attacks are not as stupid as they look, or as some would like them to be. It is obvious that this false story was meant to be spotted immediately. If the idea was really to compromise the defense minister, the hackers would probably have instead employed much more subtle, effective measures based on longstanding practices of the Russian intelligence services.
What, then, might be the motive of the cyber attack against Karoblis?
First, since the email contained attachments with a virus
, any official addressee who opened it–there were only a few—would have had their computers infected. So the aim could have been to get access to a decision-maker’s computer and phone data. The hackers played on the natural inquisitiveness of human nature: inventing an absurd story makes the attachment more tempting to open.
Second, the cyber attack could have been meant to test the resilience
of Lithuanian information systems, the speed and scope of their reaction, and how quickly the false message might spread and be received. News websites are attractive targets for cyber attacks because they are information disseminators. Moreover, such sites are a key source of information for citizens in case of emergency. What if these news websites contained lies, false information, or disinformation?
Third, some analysts claimed
the attack is an extension of Russia’s Zapad 2017 military exercises. In this instance, the Kremlin repeatedly shows that cyber attacks are integrated into its conventional offensive strategy. During last September’s Zapad 2017 exercises, Russian radio-electronic combat forces disabled much of Latvia’s mobile network
and as well as GPS signals in Norwegian air space
Zapad 2017 aside, Lithuania’s information environment is constantly exposed to Russian cyber attacks, big and small. Consider the following:
In September 2017, the Facebook account of Lithuania’s defense minister was hacked
In June 2017, Lithuania authorities reported
that they had found Russian spyware in three government office computers.
In February 2017, emails accusing the German-led NATO battalion in Lithuania of sexually assaulting “Lisa”— a teenager who did not exist—were sent to Lithuania’s political elite.
A cyber attack similar to those which took place during Zapad 2017 occurred in June 2015 during the international “Saber Strike” military exercise. At that time the website of the Joint Headquarters of the Lithuanian Army was hacked, and a false story claiming that NATO forces had conducted a military exercise to annex the Kaliningrad region was inserted. The story also claimed that the Forest Brothers—Baltic partisans who waged a guerrilla war against the Soviet occupation of the three Baltic states during and after World War II—would attack Kaliningrad.
Given these repeated Kremlin provocations, one wonders whether it is really possible to build the kind of mutually constructive bilateral relations Moscow says it wants.