Russian cyberattacks target Romania
MICHEL MARTIN, HOST:
We want to turn now to another potential front for the war in Ukraine - cyberspace. Russia has employed cyber warfare tactics for some time now, and analysts say the conflict in Ukraine could also escalate online to include attacks affecting multiple countries. NPR cybersecurity correspondent Jenna McLaughlin interviewed the head of Romania's new National Cyber Security Directorate about what he's seeing, and she's with us now to tell us more. Jenna, welcome. Thanks for joining us.
JENNA MCLAUGHLIN, BYLINE: Of course. Hi, Michel.
MARTIN: So we've been hearing a lot about possible spillover from the war in Ukraine, including the chance for cyberattacks against U.S. businesses in retaliation for sanctions. But Romania has actually been seeing some of those impacts firsthand. Can you just tell us about that?
MCLAUGHLIN: Absolutely. So I spoke with Dan Cimpean, who leads Romania's civilian cybersecurity agency. It's basically the equivalent of the Department of Homeland Security's CISA. And he broke down the last two months for me. He said that they've detected an increase of 120 times the rate of malicious cyberactivity as compared to normal. Now, that includes a pretty big range of malicious activity. It's everything from bad actors scanning for vulnerable devices all the way up to actual intrusions, attacks against mail servers as well as discovering malware that's been linked to Russia and specific Russian hacking groups. Actually, on the same day that Romanian officials met with French officials at a NATO base and condemned the war in Ukraine, a large oil and gas company in Romania was hit by a cyberattack, and lots of their data was encrypted, disrupting operations temporarily.
MARTIN: What a coincidence. What worries him most right now as this hot war continues?
MCLAUGHLIN: Yeah. That's funny. He said he doesn't believe in coincidences himself, and it is his job to worry every day. But his top concern in terms of threat at this moment was the increased scanning for vulnerabilities and critical infrastructure that they're seeing. He said his agency is actually getting the same kind of intelligence as U.S. officials, and it's really concerning. But the good news is, he says, most of the attacks have been unsuccessful, and none have been particularly sophisticated or novel.
MARTIN: Does he have a sense of why Romania? What did he say about why Putin might want to target Bucharest?
MCLAUGHLIN: So he refused to definitively name and shame Russia for the recent wave of attacks. He says that that process of attribution takes time, though there have been some indicators the attacks could be coming from that region. Cimpean said it's all about geopolitics.
DAN CIMPEAN: Romania is one large country on the eastern flank of NATO. So it's a country that has a border with Ukraine right now.
MCLAUGHLIN: At the end of the day, Romania is both a NATO and EU member with a sizable economy and political heft, and it's practically on Russia's doorstep.
MARTIN: Did Cimpean have anything to say about how prepared Romania is to respond to these attacks?
MCLAUGHLIN: Yeah. So Cimpean mentioned that the directorate he leads represents one of the biggest investments in civilian cybersecurity out there. They should be able to eventually hire over 1,200 employees, though they only have about 60 right now, so they still need to ramp up quite a bit. Romania is also actually known as being a haven for hackers. There's a ton of skilled computer science talent, private-sector IT companies, so they don't really need to recruit outside the country, though he said that it's sometimes hard to retain that talent. People go work elsewhere, or sometimes they even turn to cybercrime. Here's what Cimpean said about that.
CIMPEAN: So they have the brains. They have the technical skills. They have the tools in-house. Unfortunately, some of those choose a criminal career.
MARTIN: Well, that's disturbing. But what about the rest of the EU? It seems like so far, the big cyber war that some analysts at least were predicting or at least worried about hasn't quite materialized. Do we have a sense of why that might be?
MCLAUGHLIN: Yeah. That's the million-dollar question everyone keeps asking me, and it's really hard to know for sure without being able to read Putin's mind or sort of analyze the defenses on each hacking attempt individually. But we've got to keep in mind that there have been a fair number of Russian digital attacks during the war, including knocking out some European satellites the Ukrainian military uses to communicate in the first days of the war, disrupting communications and ramping up denial-of-service attacks, among others. And that's also not to say that there couldn't still be something more disruptive that Russia could do, especially as military officials become frustrated with the lack of their success.
MARTIN: That was NPR cybersecurity correspondent Jenna McLaughlin. Jenna, thank you.
MCLAUGHLIN: Thank you so much. Transcript provided by NPR, Copyright NPR.