February 11, 2019 1:00 pm
Updated: February 12, 2019 2:45 pm

Russia Rising, part 3: Hackers targeting Canadian elections, banks and institutions

WATCH: The United States charged seven Russian intelligence officers last week for allegedly targeting anti-doping agencies based in Canada.

A A
View link »
Visit Curious CastListen on Apple PodcastsListen on Google PodcastsSubscribe with RSS

On the third episode of Russia Rising, we visit the front-lines of a growing cyber-war, where hackers from Russia, Iran, China and other countries are battling for control of everything from your online bank account to your city’s hydro grid.

Global News
Help us improve Globalnews.ca
Story continues below

To understand how these hackers operate, we speak with a guy who used to be one: Alexandr Varskoy is a former Russian hacker, who grew up during Russia’s gruelling economic transition in the 1990s. The internet provided a kind of escape during those difficult years, he says, adding that he and his friends used to hack companies for fun.

“When you’re 15, it’s cool to hack into Microsoft or Vodafone and say ‘hi’ using your codename,” Varskoy explains. “At first it was just for fun, to prove yourself to your friends in the hacker scene. We learned computer programs and codes. And if there were codes with restrictions, the challenge was to find a way to crack those restrictions.”

WATCH: U.S.-Russia nuclear treaty ‘in real danger’: NATO chief

Varskoy asks to borrow my laptop and quickly shows he hasn’t lost his touch. He easily navigates to an online chat forum for the famous “Hacktivist” group Anonymous and shows me a post from 2016 calling for cyber-attacks on Hillary Clinton’s presidential campaign. “When the political games started, the cyber world entered a dangerous time,” he says.

READ MORE: Meet the Canadian on the frontlines of a cyberwar

In addition to discussing politically motivated cyber attacks, we also explore the underworld of financial cybercrime by speaking with Canadian Nicholas Palmer. Originally from Nova Scotia, Palmer now lives in Moscow. And his day job is hunting Russia hackers. “Russian-speaking cybercriminals are a very talented group of people,” he says.

Palmer is the director of international business at GroupIB, a private cyber-security firm based in Russia. He has spent his career preventing and responding to cyber-attacks on internet users and businesses around the world, but he says cybercriminals from Russia and Ukraine represent his greatest challenge.

“We’ve seen them very easily enter bank’s networks, move laterally to different sensitive systems within the banks, and conduct very highly skilled attacks against theoretically well-protected networks.”

A cybersecurity firm in Moscow shows cyber attacks happening in real-time.

Jamie Baker / Global News

Palmer shows me one example of a fake Royal Bank of Canada webpage, which prompts users to enter their online banking password. “Unfortunately, we detect thousands of these (phishing websites) that are hosted in Russia, Ukraine and other such countries,” he says.

Example of a fake Royal Bank of Canada ‘phishing’ website

Nicholas Palmer / GroupIB

Finally, we explore the third — and probably the scariest — type of cyber threat: cyberwarfare. Satyamoorthy Kabilan is a leading expert in cybersecurity who has advised the Canadian government, among others, on how to protect against cyber attacks that target a country’s infrastructure.

Kabilan points to recent examples, such as a cyber attack on the power grid in Ukraine or a computer virus that shut down hospitals in the U.K. “We’ve seen in the past, for example, malware developers — they may just be small groups — but yet they can bring entire health systems to their knees when their malware actually hits a large organization,” Kabilan says.

“The recognition needs to be there that almost anyone can play this game and could enter the whole cyberwarfare space or hybrid threat space very, very easily.”

WATCH: Rod Rosenstein explains how Russian cyber attack was carried out

Kabilan says that cyber attacks big and small often start with a single email, which arrives in the inbox of some unsuspecting computer user. The email contains an attachment or a link and the user clicks on it.

“The biggest problem with cybersecurity is not the fact that we’ve got big firewalls and everything in place and that those get breaches all the time. Even with those in place, what they rely on is someone clicking it; someone clicking a link, someone actually bringing the payload in. Someone actually letting them get into the system.”

Contact:

Twitter: @JeffSempleGN

E-mail: RussiaRising@Curiouscast.ca

Guests:

Alexandr Varskoy, Former Russian Hacker

Nicholas Palmer, Cyber Security Expert, GroupIB

@GroupIB

Satyamoorthy Kabilan, Cyber Security Expert, Public Policy Forum

@The_Fuzz74

We LOVE that you are loving the “Russia Rising” podcast! If you haven’t subscribed yet — what are you waiting for?

Subscribing’s easy! Here’s how…

On your iPad or iPhone:

  • Open the Apple Podcasts app, search for Russia Rising and select it from the list of results.
  • Once on the Russia Rising’s page, click the “subscribe” button to have new episodes sent to your mobile device for free.
  • Click the name of an episode from the list below to listen.

On your Android Phone or Tablet:

  • Open the Google Podcasts app, search for Russia Rising and select it from the list of results.
  • Once on the Russia Rising’s page, click the “subscribe” button to have new episodes sent to your mobile device for free.
  • Click the name of an episode from the list below to listen.
Report an error

Comments

Want to discuss? Please read our Commenting Policy first.