On September 26, Russia’s state-owned media outlet RT (formerly Russia Today) published an interview with Sergey Naryshkin, director of the Foreign Intelligence Service (SVR).
A veteran of Soviet intelligence, Naryshkin is one of President Vladimir Putin’s trusted allies. The two reportedly forged a friendship while training at the Soviet KGB academy in the 1970s. Putin went so far as to say in 2007 that he favored Naryshkin as his successor.
In his RT interview, Naryshkin wove together misleading rhetoric and fact to portray Russia as a guardian angel of cyberspace rather than a security threat. A voluminous record suggests otherwise.
Naryshkin was asked if the “international community” needed to “recognize the existence of cyber powers and their abilities” and perhaps impose “restrictions” on the use of such powers. He responded that Russia is in fact at the forefront of the global effort to impose cyber order:
“You know that the Russian state is making attempts to create an international information security system on various international platforms.”
The claim is misleading.
Russia’s proposals to create an international cybersecurity system follow decades of allegations of cyberattacks against foreign targets, including multiple European countries, the United States and others.
An international cybersecurity system already exists within the International Telecommunication Union (ITU), the United Nations’ agency for information and communication technologies, which launched a Global Cybersecurity Agenda in 2007. Russia is an ITU member along with another 193 countries.
To be sure, Russia is involved in the ITU via its communications and mass media ministry. Statements made by the Russian representatives can be seen on the ITU website and repeat general recommendations and measures already embedded in the Global Cybersecurity Agenda.
President Putin has said Russia proposed a cybersecurity partnership with the U.S. on several occasions, but that the U.S. met the idea with skepticism and rejected the proposal.
None of that erases history.
Russian hackers have launched attacks that compromised energy, public health, and communications systems, disrupted food production chains, targeted the integrity of political elections, and stole and leaked private data.
Various private cybersecurity firms as well as state investigations worldwide traced most of those attacks to the Russian intelligence services.
According to the Netherlands’ AIVD intelligence agency, one the world’s most notorious team of hackers works in the Naryshkin-led SVR. The AIVD shared with the FBI intelligence it collected by hacking into SVR computers and video cameras, providing hard evidence of Russia’s involvement in hacking of networks of the U.S. Democratic Party.
The U.S. also believes that various Russian intelligence services may be collaborating in conducting cyberattacks. After obtaining a grand jury indictment against six members of the GRU, Russia’s military intelligence service, the U.S. Department of Justice in October 2020 described the sweeping Russian multiyear campaign of cyberintrusion this way:
“These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort.”
“Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.”
Information technology firms like Microsoft, Fire Eye and Trend Micro, along with various countries, have attributed a majority of the biggest cyberattacks of the last decade to the Russian hacking team popularly known as Cozy/Fancy Bear, (a.k.a. APT28, Pawn Storm and Sofacy), which according to the Dutch intelligence is a hacker unit within the SVR.
Russia has consistently denied any involvement in all of these cases.
 In Estonia, “Web War One,” dubbed the “first major cyber conflict,” was a 2007 attack on a government website system that lasted for 21 days.
 In Germany, cyberattacks in December 2014, August 2016, and September 2017. The first completely paralyzed the country’s parliament for days, while the other two compromised the networks of political parties.
More recently, Germany and the European Union this month accused Russia of attempting to interfere in German parliamentary elections by launching a massive cyberattack to steal data from lawmakers and use it to manipulate public opinion.
 In Ukraine, attacks against energy and communication infrastructure began by freezing entire cities during the winter of 2015. Ukrainian intelligence said the cyberattacks were by Russian state operatives and continue to this day.
 U.S. intelligence agencies determined that the attack against the Democratic Party in 2016 was aimed at helping Kremlin-favored Republican Party candidate Donald Trump win the presidential election.
 In France, front-running presidential candidate Emmanuel Macron in 2017 said his IT team detected an attack aimed at stealing his campaign data to help his Kremlin-backed, right-wing opponent Marine Le Pen.
 The 2016 hack of the World Antidoping Agency (WADA), after which the medical records of U.S. athletes were leaked. The attack was seen as retaliation for WADA's investigation of Russia’s state-backed doping of its athletes, which led the International Olympic Committee and others to disqualify Russian national teams from competing on the global stage.
 NotPetya, a 2017 attack described by IT experts as among the “most devastating cyberattacks in history,” infected and damaged networks and computers worldwide, including hospitals and other critical health facilities.
 SolarWinds, which Microsoft called the “largest and most sophisticated attack ever.” The attack this year targeted nine U.S. government, military and intelligence networks, along with some 100 private companies. The Wall Street Journal estimated that repairing the damage caused by the attack to the U.S. government agencies, tech companies, hospitals and thousands of private citizens would cost some $30 billion.
The list can go on: Since its emergence sometime between 2004 and 2007, the Russian hacking team’s operations targeted at least 19 countries, according to the IT firm CrowdStrike.
Naryshkin has repeatedly denied Russia’s role in the cyberattacks, and even claimed that the U.S. and the U.K. have attacked themselves as a pretext for blaming Russia.
In 2014, the U.S. Department of Treasury imposed sanctions against Naryshkin and 16 “members of the Russian leadership’s inner circle” for their role in the Russian aggression against Ukraine.
Apart from serving as a spy chief, Naryshkin is the founder and chairman of the Russian Historical Society (formerly the Presidential Commission for Protection of Historical Truth) – a federal institution tasked with revising history “in Russia’s interests.”