In the past decade the Russian government has mounted more than a dozen significant cyber attacks against foreign countries, sometimes to help or harm a specific political candidate, sometimes to sow chaos, but always to project Russian power.
Starting in 2007, the Russians attacked former Soviet satellites like Estonia, Georgia, and Ukraine, and then branched out to Western nations like the U.S. and Germany. U.S. intelligence officials and cyber experts say a strategy that pairs cyber attacks with on-line propaganda was launched by Russian intelligence a decade ago and has been refined and expanded ever since, with Putin’s blessing. Russia has shut down whole segments of cyber space to punish or threaten countries.
Mike McFaul, the former U.S. ambassador to Russia, says there is a bottom line to the pattern of hacking.
"For years now, the Kremlin has looked for ways to disrupt democracies, to help the people that they like to come to power and to undermine the credibility of the democratic process," said McFaul. Russia also seeks to weaken the European Union and NATO.
Stefan Meister, who has written extensively on Russian security strategies for the German Council of Foreign Relations, calls the attacks, which often include fake news, "a security strategy, not a media strategy."
"It is a growing policy that’s strong and successful and they’re getting bolder," Meister told NBC News. "They are risk takers. Putin is a risk taker, who thinks, ‘If this doesn’t work, we’ll do something else.’"
A chronology developed by NBC News from U.S. intelligence sources shows Russia was involved in the following attacks:
- April – May 2007: Estonia, a tiny Baltic nation that was occupied by the Soviet Union until 1991, angered Moscow by planning to move a Russian World War II memorial and Russian soldiers’ graves. Russia retaliating by temporarily disabling Estonia’s internet, an especially harsh blow in the world’s most internet dependent economy. The distributed denial of service (DDoS) attack focused on government offices and financial institutions, disrupting communications.
- June 2008: In a similar attack, Russia punished another former possession in the Baltic. When the Lithuanian government outlawed the display of Soviet symbols, Russian hackers defaced government web pages with hammer-and-sickles and five-pointed stars.
- August 2008: After Georgia’s pro-Western government sent troops into a breakaway republic backed by Moscow, Russian land, sea and air units invaded the country – and Russian hackers attacked Georgia’s internet, the first time Russia coordinated military and cyber action. Georgia’s internal communications were effectively shut down.
- January 2009: As part of an effort to persuade the president of Kyrgyzstan to evict an American military base, Russian hackers shut down two of the country’s four internet service providers with a DDOS attack. It worked. Kyrgyzstan removed the military base. Subsequently, Kyrgyzstan received $2 billion in aid and loans from the Kremlin.
- April 2009: After a media outlet in Kazakhstan published a statement by Kazakhstan’s president that criticized Russia, a DDOS attack attributed to Russian elements shut down the outlet.
- August 2009: Russian hackers shut down Twitter and Facebook in Georgia to commemorate the first anniversary of the Russian invasion.
- May 2014: Three days before Ukraine’s presidential election, a Russia-based hacking group, took down the country’s election commission in an overnight attack. Even a back-up system was taken down, but Ukrainian computer experts were able to restore the system before election day. Ukrainian police say they arrested hackers who were trying to rig the results. The attack was aimed at creating chaos and hurting the nationalist candidate while helping the pro-Russian candidate. Russia’s preferred candidate lost.
- March 2014: For the second time, the Russian government allegedly coordinated military and cyber action. A DDOS attack 32 times larger than the largest known attack used during Russia’s invasion of Georgia disrupted the internet in Ukraine while Russian-armed pro-Russian rebels were seizing control of the Crimea.
- May 2015: German investigators discovered hackers had penetrated the computer network of the German Bundestag, the most significant hack in German history. The BfV, German’s domestic intelligence service, later said Russia was behind the attack and that they were seeking information not just on the workings of the Bundestag, but German leaders and NATO, among others. Security experts said hackers were trying to penetrate the computers of Chancellor Angela Merkel’s Christian Democratic party.
- December 2015: Hackers believed to Russian took over the control center of a Ukrainian power station, locking controllers out of their own systems and eventually leaving 235,000 homes without power.
- June 2015 - November 2016: In the U.S., Russian hackers penetrated Democratic party computers, and gained access to the personal emails of Democratic officials, which in turn were distributed to the global media by WikiLeaks. Both the CIA and the FBI now believe the intrusions were intended to undermine the election, hurt Hillary Clinton and help Donald Trump win.
- October 2015: Security experts believe that the Russian government tried to hack into the Dutch government’s computers to pull out a report about the shoot down of Flight MH17 over Ukraine. The Dutch Safety Board headed the investigation of the Malaysia Airlines downing, and concluded that the passenger plane was brought down by a Russian-made missile fired from an area held by pro-Russian rebels.
- January 2016: A security firm announces that it believes Russian hackers were behind attacks on Finland’s Foreign Ministry several years before.
- December 2016: Earlier this month, BfV head Hans-Georg Maasen warned "There is growing evidence of attempts to influence the federal election next year," referring to German parliamentary elections likely to take place in September 2017. Maasen specifically cited Russia as the source of the attacks, adding, "We expect a further increase in cyber attacks in the run-up to the elections." Experts believe the Russians are trying to damage incumbent Chancellor Merkel, who supported sanctions against Putin’s personal associates after Russia annexed Crimea.
Scott Borg, president of U.S. Consequences Unit, a cybersecurity firm that tracks Russian attacks, says that even as Russia’s ambition grows it also acts on a much smaller scale. Said Borg, "They have tried to influence local elections in three or four eastern European countries as well as Germany."
The variety of the attacks does not surprise Meister of the German Council of Foreign Relations. He says the Russians tailor the attacks to the circumstances of each country.
"I think our politicians still underestimate the Russian activities," he added, saying protection against cyber attacks still doesn’t have the priority it should.
Despite U.S. intelligence’s belief that Russian hacks of the U.S. election were aimed at helping Trump or spreading doubt about the outcome, Meister thinks there is a simpler explanation: The Russians just revel in it.
"Their successful hacking and influencing -- we are frightened by that and that makes them happy," said Meister.
Meister and Borg also believe the rise in Russian cyber attacks has been encouraged by the most powerful men in Russia, pointing to 2012 papers by Vladimir Putin and Gen. Valery Gerasimov, the head of the military. Putin wrote an article in 2012 called "Russia in a Changing World" that advocated using a "complex of tools and methods for achieving foreign policy goals without deploying weapons." The piece called the internet and social media "effective tool[s]."
Around that same time, said Borg, Russia more effectively organized its cyber efforts, increasingly using its intelligence services to do the job rather than contracting with cyber gangs.
Both Meister and Borg believe Russia sees its cyber effort as a response to Western pressure and as an effective weapon for a nation that knows its conventional military arsenal of tanks, planes and ships is outmatched.
As a senior U.S. intelligence official told NBC News, "Nukes may give them status but cyber gives them a usable strategic capacity, potential for active measures."
"It’s pragmatic," said Borg. "If they can put in a good effort, even if they don’t have a good shot at winning, they’ll do it. The benefits are so great they are willing to take risks. If you can greatly diminish NATO or undermine U.S. relations with Europe, it’s worth it to them."