Source: www.schneier.com – Author: Bruce Schneier
Comments
Clive Robinson • July 29, 2025 12:44 PM
Hmm,
I would have said that it should have been expected, and whilst annoying and destabilising it’s not life threatening as such.
Or at least not yet… I would not rule out a “False Flag” attack to cover some other activity such as “Intelligence Gathering”.
Which is maybe why the Guardian article cautiously says,
“A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation with a Belarusian group called Cyber Partisans, and linked it to the war in Ukraine.”
So yes it sounds like an anti-vlad attack by “hacktevists”.
But is it?
Ask yourself why the airline and why at this time? Yes it’s very public and yes it’s very embarrassing but is that all it is?
Consider,
“Silent Crow has previously claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurer, the Moscow government’s IT department and the Russian office of the South Korean carmaker Kia. Some of these resulted in big data leaks.”
However consider these targets from an Intelligence gathering perspective. Such personal data will say much about Russian armed forces and their families. Especially in the command ranks from captain upwards to the lower staff ranks.
In a way it’s similar to the alleged Chinese hack of the US OPM database, only more current and wide spread.
The attackers will have gained,
1, Financial details
2, Mobile Phone, Email etc details
3, Home address details
And these can be used to not just track the military personnel but their immediate and extended families. Including work addresses and education addresses.
Just the sort of thing you need if you are about to start a revenge terror campaign.
The Russian guard labour will be able to protect only a limited number of the immediate family members of the more senior ranks and have little or no chance with the extended families and lower ranks.
The drone attacks on the Russian bombers has made it abundantly clear that the Ukrainian “specials” can work behind Russian lines for very extended periods of time setting up complex attacks with relative ease so far.
It is “Very Russian” to attack peoples families in this way Putin has personally authorised hundreds of such terror attacks having entire families defenestrated in Russia and targeting individuals in most European and other Western Nations.
Whilst the UK Met Police have more or less ignored atleast 30+ questionable deaths as accidents and suicides, many in the Russian community indicate it is assassination on Putin’s orders.
Oh fun fact, the Ukraine has continued carrying Russian Gas to Europe “under contract” through out the war so far. However those contracts are all ending in the next few months and it’s doubtful the Ukraine will renew them…
This will represent a significant fiscal loss to Russia, but it has given European nations time to put alternative energy sources in place even though they are eye wateringly expensive in Austria, Germany and similar.
Keeping the energy tap on has been critical for the european industrial economy and the wider national economies in the East and South East of Europe.
Hopefully winter coming will be mild because keeping the European Economies going and out of significant inflation is very important to their ability to support the Ukraine.
anon • July 29, 2025 3:58 PM
I expect they grounded their own fleet so they’d be able to pull spares from the still-airworthy aircraft. Blaming it on the kraines just makes sense.
AlexT • July 29, 2025 3:59 PM
@Clive
Asuming your data collection theory (which sounds plausible) why pull the plug in such a public fashion?
Clive Robinson • July 29, 2025 5:54 PM
@ AlexT, ALL,
With regards,
“why pull the plug in such a public fashion?”
You could ask similar with,
“Why did the vikings / marauders burn the place down when they raided?”
It appears not to make sense after all leave enough of the village then they villagers will have enough to get back to a point where you can raid them again.
The reason was two fold, firstly to “send a message far and wide” with the smoke being visible for miles. Secondly so that the villagers had less materials etc to build back with thus they would be less likely to build fortifications.
Similar logic applies. Firstly by making the attacks public they “get the message out far and wide way beyond the censorship and spin which Putin uses to control public perception (though he will try). It also spreads the message that they can attack any where any time and Putin’s boys can not stop them. But importantly people are not hurt just inconvenienced Thus there is little moral outrage against the attackers but there is annoyance against the authorities for allowing it to happen. Thus the people tend to blame Putin for their immediate misfortune their disrupted holidays etc.
But it has a longer term effect because it will be remembered. Which also aids in building a sense of futility almost a sense of doom and helplessness in people like a form of disaster shock that instills a sense of systemic failure. That after a while becomes anger that because Putin started this he brought it down on their heads. Such disquiet has economic effects as well as political.
Secondly it forces Putin’s hand, as he represents himself as a man of both action and iron. Therefore he has to “be seen to act” publicly. Which due to the wide spread nature the attack has spread it will take significant resources creating not just “Security Theater” but actually denying those resources to military activities for attacking the Ukraine.
These things might appear small but Putin is in an awkward position at the moment economically. By playing deferment tricks the rapidly building economic cost has been kept hidden and actually made to look like economic growth by burning through the reserves there is little or no resilience left. So even a very small increase in pressure can be the “last straw” and collapse happens and the snow ball of recession starts to roll.
It’s why I mentioned the “energy tap” and the reversed effect of turning it off.
In the past Putin has turned the energy tap on and off to exert political pressure on other nations to bring them into line. He could do this because he had significant financial reserves thus did not see any visible ill effect on the Russian economy. Now with no reserves and the energy tap going to be turned off the desperately needed income stream into Russia from gas supply to Europe will stop.
The blowing up of the Russia Germany pipeline ment Russia had few options of which pumping gas through the Ukraine was in reality the only one.
But the destruction of the pipeline sent a message to Europe to sort their act out, and expensive though it has been they’ve stepped up on this.
This leaves Russia with only oil to export hence the build up of the tanker shadow fleet that is now suffering all sorts of odd expensive and slow to fix issues that don’t create environmental issues.
Plus the Western European seaboard “ring of nations” that the Russian Shadow fleet has to sail through their waters are now taking action to legally blockade them.
In part this is the result of shadow fleet vessels dragging anchors over subsea energy cables etc thus these vessels as far as the international view is concerned realy are seen as a “clear and present danger”.
So contrary to what has been reported in some places the Ukraine really does have “chips on the table” for peace talk negotiations and Putin knows it.
Clive Robinson • July 29, 2025 6:26 PM
@ Observer, Bruce, ALL,
With regards,
“It’s not nice when they do it to us, is it, Russia”
Not sure if you’ve heard about,
National Guard activated after cyberattack.
Yes read that again, it looks like a “kinetic response to an information attack” even though it’s not.
It’s happening in the city of St. Paul, state capital of Minnesota.
“Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state’s capital, on Friday.
The city is currently working with local, state, and federal partners to investigate the attack and restore full functionality, and says that emergency services have been unaffected.”
There is currently not many details, but enough for St. Paul Mayor Melvin Carter to say,
“This wasn’t a system glitch or technical error,” he said. “This was a deliberate, coordinated, digital attack, carried out by a sophisticated external actor, intentionally and criminally targeting our city’s information infrastructure.”
According to KAAL TV ABC 6 News,
The outages reported by the MSM “sound minor” but there is lack of information to judge if it is over caution or not.
I’m hoping it is over caution, made as a precaution for the sake of the citizens.
However the questions of,
Who?, Why?, and “If again?”
Arise.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2025/07/aeroflot-hacked.html
Category & Tags: Uncategorized,air travel,cyberattack,hacking,Russia,Ukraine – Uncategorized,air travel,cyberattack,hacking,Russia,Ukraine
Views: 5
