Russia Breaks into US Soldiers’ iPhones in Apparent Hybrid Warfare Attacks

The U.S. Army’s Asymmetric Warfare Group, tasked with finding ways to counter emerging threats, recently sounded the alarm about the dangers of Russia’s hybrid warfighting concepts and warned that the U.S. military as a whole may be ill-suited to respond to them in a crisis. Now, American troops and their NATO allies say they have been subjected to a campaign of surveillance and harassment via their cellphones, the internet, and social media, hallmarks of this so-called “Russian New Generation Warfare.”

On Oct. 4, 2017, The Wall Street Journal published a report detailing a number of cyber attacks and other electronic assaults on NATO forces stationed in the Baltic States of Estonia, Latvia, and Lithuania, as well as Poland, all of whom are members of the alliance. U.S. officials and their allies all indicated that Russia was almost certainly behind the interference.

“It had a little Apple map, and in the center of the map was Moscow. It said, ‘Somebody is trying to access your iPhone,’” U.S. Army Lieutenant Colonel Christopher L’Heureux explained to The Journal about an attack on his cell phone. “They were geolocating me, whoever it was. I was like, ‘What the heck is this?’”

L’Heureux is presently in charge of the NATO battle group in Poland, a unit consisting of rotating troops from various alliance members. There are similar organizations in each one of the Baltic States as part of the alliance’s Enhanced Forward Presence concept aimed at deterring Russian aggression. The program is a direct response to Russia’s continued intervention in Ukraine and its revanchist foreign policy that has included a number of veiled threats against a countries along its western borders.

A US Army soldier riding in a Stryker armored vehicle holds a patch with the flag of Poland during a visit to the country in 2015., Poland Ministry of National Defense

The Army officer told The Journal that unspecified hackers had breached the phones and Facebook accounts of six troops under his command. One possibility is that Russian officials were looking to gauge the exact size, composition, and location of NATO forces in the area.

However, additional incidents the newspaper uncovered point to a broader and potentially more serious campaign to harass alliance personnel and potentially confuse or disrupt operations. Since January 2017, troops in the Baltics and Poland have reported apparent intrusions into their personal phones where hackers mined their data, erased information, uploaded music, and remotely activated applications.

Most worryingly, a source told The Journal about an incident in Latvia, where a stranger, likely a Russian intelligence agent, approached an American service member at a sporting event and then began dropping personal detail about them and their family in conversation. The same source mentioned a similar interaction on a train in Poland.  

These reports match up almost word for word with information the Asymmetric Warfare Group collected regarding the ongoing conflict in Ukraine. The unit explained in its December 2016 handbook on Russian New Generation Warfare that the hybrid strategy had effectively blended electronic and cyber warfare with psychological operations to disrupt Ukrainian military activities.

A member of a Ukrainian artillery unit talks on a handheld radio., Ukraine Ministry of Defense

“Electronic warfare devices allow Russian Forces to broadcast … messages directly against opposing Ukrainian forces as discussed earlier with cellular text messages,” the manual explained. “These can be very specific and directed at individuals, such as by threatening their wives and children by name, or generic and sent to entire units as was the case in Ukraine.”

Kremlin-backed forces in Ukraine even coupled these unconventional assaults with conventional military operations. The Asymmetric Warfare Group described one instance where separatists, undoubtedly with Russian support, zeroed in on a Ukrainian position possibly by pinpointing its radio transmissions, hit it with artillery, then sent texts asking to their opponents “asking how they liked” the barrage.

Off the battlefield, armed with information scraped from phones and social media, Russia could make things especially personal, sending Ukrainian soldiers “text messages on their phone with threats against their families and accurate information of family locations,” according to the handbook. “Tactics such as this can have a tremendously negative psychological impact on young soldiers that are out of direct contact with their loved ones.”

Poland Ministry of National Defense

The Asymmetric Warfare Group warned in the handbook that the potential for these problem was only likely to increase given that the incoming generation of American military personnel were “truly ‘digital natives’” who have spent their entire lives interaction with the internet and social media. The U.S. military would have to learn to balance this reality with the obvious need for operational security.

“Digital operational security violations now have strategic-level implications,” the unit’s handbook noted. “Never before has the actions of one lone individual been so visible and prone to manipulation by the adversary.”

Of course, the Baltics are no stranger to any of this and there are significant indications that the alliance had been growing increasingly concerned about these threats even before 2017. In March 2017, former Estonia President Toomas Hendrik Ilves went before the U.S. Senate Judiciary Committee, ostensibly to talk about Russian meddling in the 2016 American presidential election campaign, but also on the broader emergence of cyber warfare.

“Virtually every history of what is now known as ‘cyber-war’ or ‘cyber-warfare’ begins describing an attack on Estonia at six months into my presidency in 2007, when my country’s governmental, banking and news media servers were hit with ‘distributed denial-of-service’ or ‘DDOS attacks,’” he explained in his prepared remarks. “The attack on Estonia in 2007 was different and new. This was as far as we can tell the first time a nation-state had been targeted using digital means for political objectives.”

Former Estonian President Toomas Hendrik Ilves at the Warsaw Security Forum in 2016., Alexey Vitvitsky/Sputnik via AP

Not strictly speaking “hacking,” denial of service attacks bombard a website or websites with an extreme amount of traffic, effectively rending them unusable. Though this can impact a private company’s ability to conduct their business, assaults on government systems could slow the ability of authorities to disseminate information in a crisis or otherwise communicate with the public rapidly.

Since then, Estonia in particular has been the subject of more active intrusions, including Russia’s abduction of Internal Security Service officer Eston Kohver in 2014. The Kremlin released Kohver after more than a year in a Cold War-esque prisoner swap for a suspected Russian spy the Estonian government had detained.

It should be no surprise then that Estonia is also home to the NATO Cooperative Cyber Defense Centre of Excellence, which stood up in 2008. By 2015, the United States and 15 other alliance members contribute to its activities, and non-members Austria and Finland are also participants.

The organization works to develop new technology, strategies, and tactics for cyber warfare operations, along with studying the international law surrounding them. In February 2017, it released the Tallinn Manual 2.0, named after Estonia’s capital, an updated analysis of how international rules and regulations apply to cyber attacks and defenses. The importance of the legal aspect cannot be overstated, as there is still no consensus as to how severe an incident in cyberspace must be before a government can treat it the same way as a physical strike. 

Czech cyber security experts at work during a NATO exercise in 2016., NATO

Still, “International cooperation of like-minded nations in cyber defense is becoming inevitable,” Sven Sakkov, the center’s director, said at a ceremony, to welcome the organization’s two newest participants, Belgium and Sweden, in May 2017. “We are witnessing a growing interest towards our applied research, trainings and exercises, but the preparedness of nations to contribute themselves reflects more than just recognition to the work that has been done.”

The inclusion of Finland and Sweden, Scandinavian countries not part of the alliance, but who share extensive land and maritime borders with Russia, are particularly notable. In the face of Russia’s more aggressive policies, both countries have indicated a desire to cooperate more close with NATO, and have even begun to consider applying for full membership in the bloc. This has in turn prompted Russian President Vladimir Putin and other Kremlin officials to threaten possible retaliation with broad allusions to military or other offensive actions, which could include cyber attacks.

The U.S. military itself also appears to be taking an increasingly active role in attempting to counter Russian cyber warfare and propaganda campaigns in Europe. In June 2016, the U.S. Army Special Operations Command revealed the existence of two forward-deployed special operations headquarters in Europe in a double issue of the official Special Warfare magazine.

A US special operator works on a computer during an exercise in Lithuania., SOCEUR

Among possible other duties, the two units, on for Eastern Europe and on for Southern Europe, were running “influence and information activities designed to prevent or end conflict and to counteract threats facing the U.S. and our allies,” according to one article. “PSYOP [psychological operations] soldiers are involved in every aspect of regional special operations forces … initiatives,” it added.

As of 2016, according to the Asymmetric Warfare Group’s handbook, the Army’s main command in Europe was running a media campaign to apply a “Pinocchio Scale” to Russian media reports akin to The Washington Post’s Fact Checker. “It is never an easy task,” the manual conceded.

Easy or not, the Army and other services will have to incorporate more and better procedures to protect against Russian cyber and electronic harassment, or the potential for worse during an actual crisis. At the moment, it looks as if NATO personnel, including American troops, may already be active targets in one of Russia’s hybrid warfare campaigns.

Contact the author:

Joseph Trevithick Avatar

Joseph Trevithick

Deputy Editor

Joseph has been a member of The War Zone team since early 2017. Prior to that, he was an Associate Editor at War Is Boring, and his byline has appeared in other publications, including Small Arms Review, Small Arms Defense Journal, Reuters, We Are the Mighty, and Task & Purpose.