Wednesday, March 12, 2014

Does the Voronezh Military Hacking School Exist?

Yesterday, Aleks Gostev wrote a very informative article about the similarities between four pieces of malware: Red October, Turla (aka Snake, Uroborous), Flame/Gauss, and Agent.btz.

It's a carefully crafted piece that doesn't leap to conclusions without sufficient evidence; something that I've praised the members of Kaspersky's Global Research and Analysis Team for many times. In fact, many U.S. security companies who are competitors of Kaspersky Lab could learn a lot from the manner in which GReAT researchers write their reports.

One of the things that was new to me about Agent.btz was that ThreatExpert included an alias for it named Voronezh.1600. Aleks pointed out that it may be a reference to the "mythical Voronezh school of hackers, in Russia."

That made me laugh because I wrote about the Voronezh Hacking School in the 2nd edition of my book "Inside Cyber Warfare". In fact, there's an entire chapter dedicated to Russia's information security framework including universities and research institutes who are engaged in information security/warfare training, research and development.

While it's true that there's scant evidence about the existence of a Voronezh Hacking School, there's certainly enough to not label it a "fantasy". In fact, it was a Russian public television program that kicked things off about the existence of such a place with a segment on the Voronezh Military Radio-electronics Institute in June, 2001.

Here's a recap from my book:
In June 2001, Russian Public Television ORT presented a segment on the Voronezh Military Radio-electronics Institute. The ORT correspondent stated that the institute started a secret school devoted to information security in 1997 and another secret school devoted to information warfare. The information warfare school began training professional hackers for the military in 2001. Both schools were located in the Department of Automatic Control Systems. 
The Voronezh Military Radio-electronics Institute has been re-organized twice in the last five years. In 2006, the institute merged with the Voronezh Aviation Engineering School to form the Voronezh Aviation Engineering University. In 2008, President Putin signed Russian Federation Order No. 1951 that further restructured military higher education and established the Military Aviation Engineering University at Voronezh. The order authorized the University 15,092 total civilian and military personnel. According to a May 2009 article in a Voronezh paper, the University is expanding with the cadet body growing from 4800 to 6500. The Voronezh paper interviewed University head Major-General Gennadiy Zibrov who detailed further expansion plans. 
The restructured University almost certainly includes the two secret schools covering information security and information warfare. The University’s current web site shows departments for Electronic Warfare and Electronic Warfare (Information Security). The five year program in Electronic Warfare (Information Security) leads to designation as Specialist Data Protection for both the military and “law enforcement agencies.” 
The Voronezh Military Aviation Engineering University (VAIU) continues to engage in research and development in the area of electronic warfare as well as aviation armament, system maintenance and other related projects. 

Even if the producers of ORT's 2001 television program got their facts wrong about a "military hackers school", there's certainly no shortage of Russian universities that teach how to attack and defend networks. For example, we recently discovered three textbooks used at Bauman Moscow State Technical University's Dept. of Information Security. Here's the table of contents for "Countering Cyber Attacks: The Technological Bases:

"CIS" stands for Critical Information Systems. The program teaches both offensive and defensive methods.

If you're wondering why we are interested in Russian universities and research laboratories that engage in information security and information/electronic warfare R&D, it's because without that knowledge you cannot accurately estimate capability in the Capability-Opportunity-Intent model. The Report of the National Commission for the Review of the Research and Development Programs of the United States Intelligence Community (2013) determined that:
"The increasing pace and adoption of global scientific and technological discovery heighten the risk of strategic or tactical surprise and, over time, reduce the advantages of our intelligence capabilities. To counter these effects, the strategy of the IC first must be to seek global knowledge of—as well as influence over and access to—R&D developments.”
To that end, we are converting our database of Russian and Chinese R&D in the areas of information security, aerospace, and other key areas into an easy to use R&D search engine. If you'd like more information about our alpha-stage product, please contact us. We have a few limited opportunities for alpha customers.


  1. Maybe the school doesn't exist, but of more interest: does a Voronezh Military Hacking School tee shirt exist? I'm no expert in Russian, Cyrillic typography, or Soviet military ornamentation, but just like a PLA Unit 61398 tee shirt, a Voronezh Military Hacking School tee shirt really should exist.