Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:21 PM
Gadi Evron
Gadi Evron
Connect Directly

A Russian Strategist's Take On Information Warfare

Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.

Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev (Расторгуев C.П.). He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated.He wrote several books, but the one I will be speaking of is called literally Information Warfare (Informatsionnaya voina -- Информационная война). In it, he discusses the human animal and how viruses of the mind can work just as well as viruses in computer systems, exploring many models of exploitation.

While he covers many concepts, the one I was introduced to originally is the story of the fox and the turtle.

Here is a slightly altered, and shortened, version (full and accurate version below):

A turtle walks through the forest, enjoying the view. She runs into a fox, who says: "Turtle, turtle, get out of your shell and you can fly." The turtle stares skeptically at the fox, and keeps on walking. Eventually, traveling through the forest the turtle comes across a television set. She watches as hundreds of turtles get out of their shells, and fly. She gets out of her shell, and she flies.
When I first heard this story, I was confused. What was the moral of the story? Deception? Perhaps strategy?

A friend of mine explained it as Sergei Rastorguev did at the end of the story: "The turtle didn't know and never will, that information warfare -- it is the purposeful training of an enemy on how to remove its own shell."

While Rastorguev's explanation applies to many aspects of information warfare, my interpretation for the purpose of this post is more limited and is about the nature of information warfare -- and not necessarily with our enemies, if the Estonian case study and its lessons are to be quoted. Specifically, on how entire populations become energized into action as I wrote in the post-mortem analysis of the incident. (See also: Authoritatively, who was behind the Estonian attacks?)

The point is engagement.

In information warfare there is no blood. People don't see soldiers coming back in body bags, nor do they have any feeling of loss. But to wage war, one needs the engagement of the people.

Rastorguev is not the only modern Russian thinker to discuss information warfare from the psychological aspect, there are others such as Pochepcov, Lopatin and Tsigankov, and even the 50s thinker on Reflexive Control, Lefebvre. But this story by Rastorguev makes the point far clearer than entire books on the subject.

Psychological warfare does not (necessarily) mean social engineering, but rather also population manipulation. According to what I read, this is seen as true by Russia for defense as well as offense, in protecting the citizenry against such outside influences of information-psychological warfare.

In the west, our view of information warfare (or if some of you would prefer, cyber warfare) is very limited. We know little more than what some security vendors tell us and what we read in the news, which leads us to mistaken conclusions such as information warfare is mainly about DDoS rather than espionage, or that China is behind every single computer attack (which is naturally not true).

Russians are very smart people, and we would do well to listen to what they have to say. Much like in science fiction in the 1970s, we seem to be living under the illusion that the whole world thinks the same as the United States.

According to United States publications, information warfare is a category that includes computer attacks and information operations, both. I always found this to be a confusing Americanism, and concentrated on the technical aspects alone. Estonia taught me that the original definition is correct, and the human element should not be separated from the computerized aspects, when considering the whole of the subject -- much like in information security (or cyber security, if you prefer).

The following translation of the fox and turtle story was done by Ilya Konstantinov, as a favor to me. As to why the fox is female, you better ask a Russian literary expert, as that's just how it is in Russian fables.

There used to be an ordinary turtle who constantly carried a heavy shell on its back. The shell pressed her to the ground and every step she took was hard effort for her. That's why her life, measured by the number of those uneasy steps, was also hard.

On the other hand, when a hungry fox came running from a nearby forest, the turtle hid her head inside the shell and patiently awaited until the danger was over. The fox kept hopping around, trying to bite at the shell, trying to turn her upside down; all in all, trying all the steps typical of an aggressor, and yet the turtle prevailed.

Once upon a time, the fox got a big wallet, brought in a lawyer and, sitting across the turtle, proposed a buyout offer for the shell. The turtle considered it throughly, but due to her limited imagination, she had to refuse. And yet again, the fox left with nothing.

Time passed, the world changed, new means of telecommunication have entered the forest. One day, coming out of her house, the turtle saw a TV screen hanging off a tree, showing films of flying turtles, shell-less. Breathless with excitement, the woodpecker-announcer spoke of their flight: "Such a lightness! What a speed! How beautiful! Such an elegance!". The turtle watched the show that day, and the next day, and the day after... And then a thought arose in her little mind, about how stupid she is to carry around that weight - the shell. Wouldn't she be better getting it off? Life would be much easier. Scarier? Yeah, a bit scarier, but the news anchor-owl announced that the fox has turned to the Krishnas and became vegetarian.

The world is changing. The forest is also completely different; there are less and less trees and distinctive animals, and more and more indistinguishable stray dogs and jackals. "And really, why shouldn't I fly? The skies -- they're so big and wonderful!" "If only I gave up the shell, and -- right away -- life would be easier!" -- thought the turtle. "If only she gave up the shell, and -- right away -- she'd be easier to eat" -- thought the fox, signing on the bill for yet another advertisement of flying turtles And one beautiful morning, when the skies seemed larger than ever, the turtle has made her first and last step towards freedom of her protection system.

The turtle didn't know and never will, that information warfare -- it is the purposeful training of an enemy on how to remove its own shell.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron.

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-28
** DISPUTED ** SonarQube allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it."
PUBLISHED: 2020-10-28
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy...
PUBLISHED: 2020-10-28
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.