The First Documented Russian Hack in...1981?



active-measures-thomas-ridI'm reading "Active Measures: The Secret History of Disinformation and Political Warfare" by Thomas Rid and wanted to share this story with you which was new to me! It's warmly recommended, a great read

In October 1981, in a highly embarrassing incident for the Kremlin, a large Soviet nuclear-armed submarine ran aground near Sweden's Karlskrona Naval Base, violating Swedish Territorial waters. 

To deflect some political heat, Russian intelligence launched an innovative active measures campaign that took advantage of a new semi-electronic messaging system called the Mailgram, an invention of Western Union.

All of a sudden, on November 8, 1981, a dozen Mailgrams started appearing across Washington, offering dirt on Swedish-American relations. They were sent to the Swedish Ambassador and several newspapers in the United States and Europe.

How was this hack possible?

A sender could phone in a message to Western Union, and they would transmit it electronically to a post office close to the recipient where the message would be printed out and delivered by mail. 

Western Union did not independently confirm the recipient’s address or the telephone number to which the unauthenticated caller asked to bill the charges. “Obviously,” concluded the FBI, “the true senders of the Mailgrams were aware that they could have the charges billed to the addresses or telephone numbers of the alleged senders without verification. The setup was easy to exploit since the attackers spoofed false senders and had Western Union send the bill to the impersonated users! 

My realization was that Russia has been at this for a very, very long time, and with the advent of the internet they have the ultimate tool to scale their active measures and cause massive international havoc.

Source: House of Representatives Permanent Select Committee on Intelligence, "Soviet Active Measures" July 13-14, 1982, 97th Congress, 2nd session (Washington, DC: Government Printing Office Exhibit IX,p. 202.




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews