The race for vaccine: cyber provocations by US and UK secret services in the age of coronavirus

12:32 29.05.2020 • Sergey Sayenko , international affairs journalist

The outbreak of the COVID-19 pandemic has forced people everywhere to radically change the way they look at global events and relations between countries. The assistance that Russia and China provided to some European countries during the difficult period in the fight against the spread of coronavirus in March, April and May and the resulting growth of pro-Russian and pro-Chinese sentiment there was bad news for Washington, which, to put it mildly, had paid less than needed attention to the needs of its Old World partners.

Fully aware of the difficult epidemiological situation in their countries and the need to explain what was going on, the US and Britain resorted to the time-tested practice of blaming Russia and China for illegal actions that Moscow and Beijing have allegedly been carrying out in cyberspace.

On April 16, Tonya Ugorets, FBI Assistant Director for Combating Cybercrime, went on record saying that numerous cyberattacks had been launched against several research institutions and pharmaceutical companies developing vaccines against coronavirus, emphasizing that many countries are interested in collecting such data. On April 25, CNN reported, citing its own unnamed source in the White House that massive attacks on US government and medical institutions designed to steal coronavirus-related data indicated that they could only have come from Russia and China. In a bid to add significance to this fact, they quoted John Demers, Assistant Attorney General for National Security at the US Department of Justice, who spoke about the growth of cyberattacks on medical, research centers, universities and other institutions involved in the study of the virus.

Picking up where the Americans had left off, on May 2, Britain’s Daily Mail wrote, albeit without any proof, about hacker attacks allegedly staged by Russia and Iran on British universities and scientists developing vaccines and test kits. The following day, the allegation was repeated by The Guardian, which emphasized that China might have had a hand in those attacks.

To attract more attention to this issue, on May 5, the US Cybersecurity and Infrastructure Security Agency, along with Britain’s National Cyber Security Center, published guidelines for international organizations in the field of health and medical research for preventing interference with computer systems of institutions working in this field. The document warned about the threat of cyberattacks and the need to change passwords and establish two-factor authentication.

On that same day, British Foreign Secretary Dominic Raab said during a media briefing that cyberattacks have various motives - from fraud to espionage. He also mentioned the existence of clear evidence of criminal groups targeting national and international organizations involved in the development of a vaccine and drugs against COVID-19.

As usual, Kiev tried to cash in on the situation and show that it too was in the game. On April 6, the Security Service of Ukraine (SBU) posted on its website information about the detection during the previous two months of a number of cyberattacks against Ukrainian agencies engaged in the fight against coronavirus, most of which were allegedly carried out by Russian security services. It said that in the first three months of 2020 alone, the SBU had foiled 103 cyberattacks on the Ukrainian government’s information resources. The SBU also emphasized that Russian hackers had tried to gain remote access to the country’s state institutions by sending out coronavirus-related emails.

On May 6, The Daily Mail published an article about the March 14 cyberattack on the Hammersmith Medicines Research lab developing a coronavirus vaccine, which resulted in the theft of highly confidential details of hundreds of Britons taking part in medical trials. The article emphasized that an ongoing investigation points to hackers based in Georgia (!!!) with links to Russian intelligence agencies and the Kremlin. Given the strained relations between Moscow and Tbilisi, this information looks very suspect. Simply put, it’s a fake.

Notably, none of these cases showed any evidence of the involvement of those accused in the cyberattacks. Moreover, amid the difficult situation with the global spread of the virus, there are many interested parties out there eager to obtain information about the vaccines that are being developed, including hacker organizations, seeking financial rewards for their illegally obtained information.

It should be noted that such lumping together Russia, China and Iran as the imaginary perpetrators of cyberattacks may reflect a US and British desire to sell the world public opinion on the idea that there is a group of “rogue countries” capable of any illegal actions in cyberspace and ignoring  universally accepted moral principles . Simultaneously, in the event of a significant deterioration in the epidemiological situation in the world, the West may focus its fight against cybercrime on China as the country where the COVID-19 pandemic originally came from.

Therefore, the United States and its allies keep using the tactic of leveling unwarranted accusations at their geopolitical rivals as such accusations do not require significant outlays and are a relatively safe means of exerting pressure. It is highly symptomatic that having started with unfounded accusations of real cyberattacks, they are now imitating hacker attacks on themselves and are even inventing such cyber hits in a clear attempt to draw public attention to their work by raising the specter of the ever-present Russian or Chinese hackers. In their investigations of hacker attacks, Western politicians more and more look like the ex-US Secretary of State Colin Powell with a test tube on the UN floor, as they are floating unverifiable and fake arguments about the imaginary “Russian” trace in the hacker attacks and risk going down in history as just small-time provocateurs.

The arsenal of evidence of Russia’s "involvement" remains unchanged: hackers are said to have accessed the Internet via Russian IP addresses, and the malware (viruses) they created allegedly carry some unique "family seal of Russian hackers." The absurdity of the former argument is obvious even to a rookie computer programmer, however, because  the Internet is full of paid and free services and programs designed to hide the IP address of the exit point to the Worldwide Web, not to mention the countless professional software and specialized crypto-exchanges in DarkNet, which can easily be used to hide the source of the attack. Therefore, even if they determine the Russian localization of IP addresses, it only means that the hackers either used the Russian segment of the Internet to cover up the traces of the crime, or that someone intentionally sought to make it look as if the attack came precisely from Russian territory.

The theory of some special “hacker style” used by Russian programmers begs for a separate explanation. To begin with, most modern malware came about as a result of a major leak from the secret computer laboratories of the US National Security Agency (NSA). On August 16, 2016, a huge archive of special global surveillance spyware developed by US intelligence agencies appeared in the public domain. This fully confirmed accusations previously made by Edward Snowden, namely about the US intelligence agencies having at their disposal an impressive arsenal of instruments of aggressive computer attacks, which rendered the existing computer security tools absolutely useless since NSA programs were based on the previously unknown “zero day vulnerabilities.”

Software utilities from the “NSA catalog” were literally sorted out by program code symbols by hackers from all over the world, and to this day they are at the heart of most computer cracking tools. Well, hacker groups from different countries use technical methods and scenarios for staging computer attacks of their own, as well as comments written in their national languages that are “wired” into the program code, either specially made or neglected. However, if necessary, all these "generic features" can be easily imitated. If you know the characteristics of a group, it is easy to repeat the characteristic features of its work and use the elements of the group’s national written language. All you need to do is to add one or two Cyrillic characters to the program code, and - bingo! – you now can link it to  hackers from Russia.

Such evidence is usually used by US and British "investigators" of cyber-attacks. It is then picked up and actively circulated by Western media, which levels baseless accusations against "Russian hackers and the special agencies standing behind them" of attacking Czech hospitals, Georgian television channels, Ukrainian state institutions, etc.

Sadly, to most foreign readers, not well-heeled in matters of sophisticated computer technology, these arguments look pretty convincing. As a result, the Western citizen has no doubt that Saudi Arabia is to blame for the falling oil prices, that all epidemics were invented in China, and if a computer crashes, then it is very likely that Russian hackers might have a hand in this.


The views of the author are his own and do not necessarily reflect the position of the Editorial Board.