Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:21 PM
Gadi Evron
Gadi Evron
Connect Directly

A Russian Strategist's Take On Information Warfare

Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.

Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.He wrote several books, but the one I will be speaking of is called literally Information Warfare (Informatsionnaya voina -- Информационная война). In it, he discusses the human animal and how viruses of the mind can work just as well as viruses in computer systems, exploring many models of exploitation.

While he covers many concepts, the one I was introduced to originally is the story of the fox and the turtle.

Here is a slightly altered, and shortened, version (full and accurate version below):

A turtle walks through the forest, enjoying the view. She runs into a fox, who says: "Turtle, turtle, get out of your shell and you can fly." The turtle stares skeptically at the fox, and keeps on walking. Eventually, traveling through the forest the turtle comes across a television set. She watches as hundreds of turtles get out of their shells, and fly. She gets out of her shell, and she flies.
When I first heard this story, I was confused. What was the moral of the story? Deception? Perhaps strategy?

A friend of mine explained it as Sergei Rastorguev did at the end of the story: "The turtle didn't know and never will, that information warfare -- it is the purposeful training of an enemy on how to remove its own shell."

While Rastorguev's explanation applies to many aspects of information warfare, my interpretation for the purpose of this post is more limited and is about the nature of information warfare -- and not necessarily with our enemies, if the Estonian case study and its lessons are to be quoted. Specifically, on how entire populations become energized into action as I wrote in the post-mortem analysis of the incident. (See also: Authoritatively, who was behind the Estonian attacks?)

The point is engagement.

In information warfare there is no blood. People don't see soldiers coming back in body bags, nor do they have any feeling of loss. But to wage war, one needs the engagement of the people.

Rastorguev is not the only modern Russian thinker to discuss information warfare from the psychological aspect, there are others such as Pochepcov, Lopatin and Tsigankov, and even the 50s thinker on Reflexive Control, Lefebvre. But this story by Rastorguev makes the point far clearer than entire books on the subject.

Psychological warfare does not (necessarily) mean social engineering, but rather also population manipulation. According to what I read, this is seen as true by Russia for defense as well as offense, in protecting the citizenry against such outside influences of information-psychological warfare.

In the west, our view of information warfare (or if some of you would prefer, cyber warfare) is very limited. We know little more than what some security vendors tell us and what we read in the news, which leads us to mistaken conclusions such as information warfare is mainly about DDoS rather than espionage, or that China is behind every single computer attack (which is naturally not true).

Russians are very smart people, and we would do well to listen to what they have to say. Much like in science fiction in the 1970s, we seem to be living under the illusion that the whole world thinks the same as the United States.

According to United States publications, information warfare is a category that includes computer attacks and information operations, both. I always found this to be a confusing Americanism, and concentrated on the technical aspects alone. Estonia taught me that the original definition is correct, and the human element should not be separated from the computerized aspects, when considering the whole of the subject -- much like in information security (or cyber security, if you prefer).

The following translation of the fox and turtle story was done by Ilya Konstantinov, as a favor to me. As to why the fox is female, you better ask a Russian literary expert, as that's just how it is in Russian fables.

There used to be an ordinary turtle who constantly carried a heavy shell on its back. The shell pressed her to the ground and every step she took was hard effort for her. That's why her life, measured by the number of those uneasy steps, was also hard.

On the other hand, when a hungry fox came running from a nearby forest, the turtle hid her head inside the shell and patiently awaited until the danger was over. The fox kept hopping around, trying to bite at the shell, trying to turn her upside down; all in all, trying all the steps typical of an aggressor, and yet the turtle prevailed.

Once upon a time, the fox got a big wallet, brought in a lawyer and, sitting across the turtle, proposed a buyout offer for the shell. The turtle considered it throughly, but due to her limited imagination, she had to refuse. And yet again, the fox left with nothing.

Time passed, the world changed, new means of telecommunication have entered the forest. One day, coming out of her house, the turtle saw a TV screen hanging off a tree, showing films of flying turtles, shell-less. Breathless with excitement, the woodpecker-announcer spoke of their flight: "Such a lightness! What a speed! How beautiful! Such an elegance!". The turtle watched the show that day, and the next day, and the day after... And then a thought arose in her little mind, about how stupid she is to carry around that weight - the shell. Wouldn't she be better getting it off? Life would be much easier. Scarier? Yeah, a bit scarier, but the news anchor-owl announced that the fox has turned to the Krishnas and became vegetarian.

The world is changing. The forest is also completely different; there are less and less trees and distinctive animals, and more and more indistinguishable stray dogs and jackals. "And really, why shouldn't I fly? The skies -- they're so big and wonderful!" "If only I gave up the shell, and -- right away -- life would be easier!" -- thought the turtle. "If only she gave up the shell, and -- right away -- she'd be easier to eat" -- thought the fox, signing on the bill for yet another advertisement of flying turtles And one beautiful morning, when the skies seemed larger than ever, the turtle has made her first and last step towards freedom of her protection system.

The turtle didn't know and never will, that information warfare -- it is the purposeful training of an enemy on how to remove its own shell.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron.

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are, and Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.