Treasury Hits Russian FSB for Underwater Reconnaissance of Internet Cables

Moscow plans to attack undersea cables in future conflict

An undersea fiber optic cable
An undersea fiber optic cable / Getty Images
June 12, 2018

The Treasury Department on Monday announced the imposition of economic sanctions against Russian entities engaged in targeting undersea internet cables and cyber spying inside critical U.S. infrastructures.

The department announced sanctions on five companies and three Russians linked to the Federal Security Service, the main Kremlin intelligence service, known as the FSB, that has been linked to Russian election meddling in 2016.

For the first time, Treasury revealed one of the sanctioned companies, Divetechnoservices, has worked with the FSB since 2007 to spy on underwater cables used to connect the internet around the world.

"Russia has been active in tracking undersea communication cables which carry the bulk of the world’s telecommunications data," the department said in announcing the sanctions.

The Russian underwater equipment company in 2011 was paid $1.5 million by the FSB to procure a submersible craft for underwater cable spying.

Treasury officials declined to comment further on Russian underwater reconnaissance activities.

American defense officials, however, have said Russia has been aggressively probing undersea cables in the Atlantic over the past several years.

Russia's Yantar intelligence-gathering ship, which makes annual forays to the U.S. East Coast, is believed to be conducting reconnaissance of undersea cables, according to defense officials.

The Washington Free Beacon reported in 2015 that the Yantar is equipped with deep-sea surveillance craft and cable cutting equipment. The ship was engaged in identifying undersea cable trunk lines and nodes.

Pentagon intelligence officials said one major target of the Russian underwater reconnaissance is identifying links used by the Department of Defense Information Network, or DoDIN, which uses dedicated military links and leased communications and computer systems.

The underwater surveillance also has been detected in European waters.

The surveillance has raised fears among intelligence and security officials that Moscow is preparing to cut undersea internet cables in a future crisis or conflict to disrupt targeted nations, like the United States or the nations of Europe.

Severing underwater internet cables would severely disrupt the highly networked U.S. military as well as civilian populations.

The internet is connected around the world through a series of undersea cables. Several major international internet cables enter the United States through the East Coast, including through New York and near Washington.

Security analysts say it would be difficult but not impossible to completely cut off internet access to a particular state because of the numerous cables.

However, carefully targeted cable attacks could disrupt military logistics or cause other cables to be overloaded.

The newsletter Defense One reported recently that an accidentally severed undersea cable in the Mediterranean 10 years ago forced the U.S. military to curtail drone operations in Iraq.

"We are now seeing Russian underwater activity in the vicinity of undersea cables that I don't believe we have ever seen," Navy Rear Adm. Andrew Lennon, commander of NATO's submarine forces told the Washington Post in December. "Russia is clearly taking an interest in NATO and NATO nations' undersea infrastructure."

In Europe, Air Chief Marshal Sir Stuart Peach, chief of British defense staff, warned in December that attacks on undersea cables could produce catastrophic results on economies.

A lack of formal state ownership of undersea cable networks means the network currently does not have strong protection under international law, he said.

The air chief warned that Russia poses an immediate danger to undersea cables.

"There is a new risk to our way of life, which is the vulnerability of the cables that criss-cross the seabeds," he said in a speech, adding that NATO has made protecting the cables a priority.

The Treasury Department said in a statement that Divetechnoservices has been supporting underwater gear for the FSB since 2007.

The three Russians slapped with sanctions under the 2017 Countering America's Adversaries Through Sanctions Act were officials of Divetechnoservices. They include the company's general director, Aleksandr Lvovich Tribun, program manager Oleg Sergeyevich Chirikov, and owner and former director Vladimir Yakovlevich Kaganskiy.

"The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia's offensive cyber capabilities," said Treasury Secretary Steven T. Mnuchin in a statement.

"The entities designated today have directly contributed to improving Russia's cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies."

Mnuchin said the United States is committed to aggressively targeting companies and people working for the FSB.

Underwater spying operations are not new. The Navy partnered with the National Security Agency in the early 1980s to tap into Russian undersea communications cables in the Sea of Okhotsk in the Russian Far East.

The operation known as Ivy Bells was compromised by turncoat NSA analyst Ronald Pelton, who was convicted of spying for Moscow in 1986. At his trial, government officials tried to prevent the disclosure of the Ivy Bells program.

The FSB was one of two Russian intelligence agencies linked to Moscow's cyber-enabled covert influence operation targeting the 2016 presidential election. The GRU military intelligence services also was involved in the election meddling that included cyber attacks on political figures and the release of private emails, as well as social media influence activities.

Treasury said Russia's cyber activities have included the destructive NotPetya cyber attack that shut down networks around the world, including one facilitating Britain's health care system.

Other attacks have included Russian intrusions into the U.S. energy grid that Treasury said in a statement threatened U.S. security.

Two U.S. military commanders warned in 2016 that cyber intrusions against critical infrastructures had sharply increased between 2010 and 2015 and warned that a Russian-origin malware, BlackEnergy, posed a particular danger to the electric grid. The malware was used to shut down Ukraine's electric grid in a 2015 cyber attack.

The Treasury Department noted that Russian cyber reconnaissance of critical infrastructure could "potentially enable future offensive operations; and global compromises of network infrastructure devices, including routers and switches, also to potentially enable disruptive cyber-attacks."

The FSB was sanctioned in March and earlier in 2016 for conducting cyber attacks.

The sanctions block all property and interests in property, and U.S. financial institutions are prohibited from conducting any business with the people or companies.

The sanctions have the effect of making it very difficult for the entities involved to conduct any business that involved international financial institutions that do business in the United States.

In addition to the underwater equipment company, sanctions were imposed on the Russian company Digital Security, which Treasury said had participated in activities that have boosted offensive cyber capabilities of Russian intelligence services, including the FSB.

Two other subsidiaries of Digital Security, ERPScan, and Embedi, were also sanctioned.

Additionally, Treasury slapped sanctions on the Kvant Scientific Research Institute that is owned or controlled by the FSB.

Mark Schneider, a former Pentagon policymaker who worked on Russian affairs, said militarily the ability to destroy U.S. underwater cable systems is a very serious threat.

"Fiber optics has substantially replaced satellite communications and this has had the side effect of degrading our space launch industry," Schneider said.

"Information plays a major role in the modern U.S. approach to warfare," he added. "If our cable systems are taken out, our military could be in a very bad situation. The threat is asymmetric because Russia has internal lines of communications. The threat is made even worse by the [anti-satellite weapons] asymmetry."

Steffan Watkins, a researcher who monitors Russian maritime surveillance, said Treasury did not sanction the Russian Navy's Main Directorate of Deep-Sea Research, known as GUGI, that has been linked to technical spying operations in the Atlantic.

"The conclusion I draw is these sanctions don't have anything to do with the alleged cable tapping that's made so many headlines, or they would have said so more directly, and would have named the department which does cable tapping, the GUGI—not the more well-known FSB," he said.

Published under: Russia , Sanctions