13 May 2017

*** Untangling the Web of Russia's Cyber Operations

DAMIEN MEYER

If the Russian state falls into another period of crisis, the cyber operatives working for the Kremlin could turn against it, much as Moscow's criminal contacts have in the past. 
Still, the benefits of hiring criminal hackers to conduct cyber operations abroad will continue to outweigh the risks for the Russian government. 

As investigators around the world keep working to dismantle Moscow's hacking networks, digital meddling in foreign elections will remain a mainstay of Russian intelligence operations. 

Russia's interest in foreign elections didn't end with the U.S. presidential race. Two days after the first round of the French presidential election on April 23, a cybersecurity firm based in Japan reported that Russian hackers had targeted Emmanuel Macron's campaign in the runup to the vote. Macron, one of two candidates who advanced to the runoff slated for May 7, had accused the Kremlin of discrediting his campaign, and his staff complained of constant, sophisticated phishing attempts throughout the race. Phishing, though not the most advanced technique, has proved highly effective for conducting criminal activity and espionage; the Kremlin allegedly used the same tactic to interfere in the U.S. vote. Recent developments have shed light on the apparent ties between Russia's state security apparatus and the world's most sophisticated cybercriminals.

Laying Out the System

On April 12, Russian media published a letter from Ruslan Stoyanov, a former security expert at Kaspersky Lab who is currently in prison in Russia on charges of treason. Stoyanov alleged in his letter that the Kremlin had recruited hackers to help with its various cyber campaigns in exchange for immunity from prosecution for their criminal exploits abroad. Allegations like Stoyanov's are difficult to confirm, but the pattern of activity outlined in his letter conforms to previous suspicions over Moscow's cyber strategy.

About a month before Stoyanov's letter surfaced, the U.S. Department of Justice indicted four individuals for their alleged involvement in stealing credentials from 500 million Yahoo accounts. Two of the four defendants are agents with Russia's Federal Security Services (FSB) who, according to the indictment, used their offices to protect two "hackers for hire" — Alexsey Belan and Karim Baratov. The hackers profited off the breach, incorporating it into their existing spamming campaign. Cooperating with the Kremlin, moreover, afforded the cybercriminals protection, just as Stoyanov later described; the circumstances surrounding Belan's escape from arrest in Europe in 2013 suggest he had official help. For the FSB, meanwhile, the intrusion offered access to information on figures of interest, including Russian journalists, government officials and high-profile businesspeople. One can imagine that this kind of intelligence collection may have also proved useful in Russia's efforts to influence the U.S. election, although no evidence has linked the two incidents.

A Symbiotic Relationship

Moscow's ties to the world of cybercrime are just the latest manifestation of a well-established trend. The Russian state has been entwined in crime since long before the dawn of the internet, often in a kind of symbiosis with criminal organizations. Under Soviet rule, for example, Russian officials generally turned a blind eye to smugglers, who then sold them contraband luxury goods. The black market was the closest thing to a free market for most of the Soviet era, and it offered the Kremlin a way to relieve pressure on the Soviet people and economy. But even after the liberal reforms of the late 1980s and the Soviet Union's collapse in 1991, Russian capitalism struggled to break free of its corrupt roots. The early post-Soviet years were a period of plunder. Criminals took advantage of the state's weakness to line their pockets. Then, as Russia regained its footing, the country's gangsters and bandits began to cooperate with the government — a pattern that has played out in several countries over the years.

Many of the most successful criminals to emerge during the 1990s were themselves a part of the crumbling Soviet system. Military personnel and KGB agents stationed around the world capitalized on their access to valuable arms and intelligence to keep themselves afloat as their government imploded. Soldiers and intelligence officers made the most of their precarious position by selling off state property — including, in at least one instance, a submarine — for their own profit. Viktor Bout, a former army linguist and officer in Russia's Military Intelligence Directorate (GRU), offers perhaps the most infamous example. Before his arrest in 2008, Bout had become one of the world's most prolific arms dealer, alternately preying on and working with the Kremlin to suit his business.

Today, Russia is enjoying a period of strength relative to the chaos of the 1990s. If history is any guide, however, its fortunes could easily change, and with them, the criminal class's allegiances. Stoyanov's letter warned of the danger that the hackers currently in the Kremlin's employ could turn against it one day.

No comments: