A version of this article appeared in the Globe’s tech newsletter, Innovation Beat (sign up here).
Turn on the news, and the prospect of war in Eastern Europe is apparent. Russian troops are amassed on Ukraine’s border. Washington worries of cyberattacks, among other things, if the US stands in Vladimir Putin’s way. Kyiv sits at the center of a longstanding struggle between two nuclear powers.
And the analysts at Somerville-based Recorded Future are busy keeping track of it all.
The cybersecurity firm, based out of a former laundromat in Davis Square, is no stranger to tracking domestic and global conflicts. In recent years, it has scoured the dark web, chat forums, and social media for intelligence on America’s most pressing events, including the Jan. 6 insurrection and the cyber attack on the Colonial Pipeline.
Now, as the crisis in Ukraine unfolds, the firm is trying to answer key questions for its clients: What types of cyber attacks might occur? How bad could this get? Who’s doing what, and where? (The company’s clients range from US Cyber Command to the City of Los Angeles to banks and technology firms.)
I discussed this with Stuart Solomon, the president of Recorded Future, this week. Solomon said his company has three teams, or roughly 25 to 30 analysts, dedicated to unpacking the crisis in Ukraine. The intelligence they collect gets put into a briefing which is uploaded daily to a portal that Recorded Future clients have access to.
At the moment, the group is tracking three main things: who was behind the cyber attacks that resulted in websites being defaced and malware being put into Ukrainian government systems; the global reaction to diplomatic talks between the US and Russia; and first-person accounts on social media verifying Russian troop movements along Ukraine’s border.
The intelligence is crucial for the company’s clients, Solomon said. “Any kind of disruption, positive or negative, in the global economy matters,” he said. “[They] want to be able to plan for the potential disruptive events.”
But there are big questions on Recorded Future’s mind. It is likely that a Russian-backed group was behind the recent cyber attacks in Ukraine, but the team is trying to verify that. When studying those attacks, Solomon said, analysts are looking for techniques and patterns that may help them in analyzing similar attacks that happen elsewhere.
As for what’s next, Solomon said a range of cyber actions is likely. It’s possible Russia could run an influence (or disinformation) operation “against interests in the United States to shake public confidence,” as it has in the past. Or cyber hackers could disrupt Internet traffic in the US or Ukraine, he said.
When asked how likely it is that these events will pan out, Solomon was provocative. “I would actually argue that across a broad spectrum, it’s happening this very moment,” he said. That would seem to assure his analysts will be busy for days to come.