How Russia and others use cybercriminals as proxies

Employees watch electronic boards monitoring possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul. (Yun Dong-jin/Yonhap/AP)


US adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity. One such cybercriminal was involved in the 2016 US election interference.

JUNE 28, 2017 It had taken American prosecutors a long time to hand down the indictment, but finally they had their man. In 2013, authorities had tracked down Alexsey Belan, a notorious Russia-linked cyber criminal, and were getting ready to extradite him to the United States.

But Mr. Belan, a Latvian-born hacker wanted by the FBI for launching assaults on US networks using thousands of hacked computers, slipped from the clutches of European law-enforcement agents.

According to the US government, Russian intelligence officials had brought Belan into a new scheme: hacking a National Security Agency tool that allowed agents to scour millions of personal Yahoo email accounts. The Justice Department believes the FSB, Russia’s top domestic spy agency, coaxed Belan into stealing information from 500 million accounts.

US officials’ struggle to catch Belan illustrates a larger challenge as authoritarian countries integrate cyber tools into their military arsenals. To beef up their hacking capabilities, Russia, China, and other digital adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity.

“You have to appreciate that [Russians] always use proxies to do their dirty work,” says Tom Kellermann, chief executive officer at Strategic Cyber Ventures in Washington. “The US hunts their hackers and they go behind bars; in Russia, [it’s] well known who they are, and they’re called upon to act. They’re considered untouchable as long as they pay homage to the state.

American network defenders have gotten used to dealing with more sophisticated hackers over the years. But as such hackers team up with nation states and intelligence agencies that have deeper pockets than even the best-resourced cybercriminal gangs, that poses a much greater challenge for US law-enforcement officials.

“We were kind of used to thinking that there were different levels of adversaries,” says Israel Barak, chief information security officer at Cybereason, a Boston-based cybersecurity company that tracks international cybercriminals. “The proliferation and funding of nation states changes that equation.”

According to a Cybereason report earlier this year, Russia and China – seeking an advantage in the cybersecurity industry – outsource large hacking endeavors to groups and companies that are sometimes interconnected with cybercrime.

Not only does using freelancers and private companies allow US adversaries to quickly build up their hacking capabilities, but the difficulty of pinning down the perpetrators of cyberattacks also makes it easier for Moscow and Beijing to avoid accountability. 

Because the connection is so tricky [to prove], it gives the state the option to deny all activity.” says Andrei Soldatov, a Russian intelligence journalist for Agentura.Ru.

Joint Chiefs of Staff Chairman Gen. Joseph Dunford said at a June 13 congressional hearing that 70 percent of the Defense Department’s 133 cyber-mission teams were ready for battle, but the US still faces a major hurdle when facing off with authoritarian adversaries around the world: the law. There isn’t an equivalent in Russia and China to the Computer Fraud and Abuse Act, a US law that often lands American hackers behind bars for digital trespassing.

“You don’t have any problems with democracy or accountability,” says Mr. Soldatov, the Russian journalist.

Spreading faster

But using freelance hackers – beyond the grasp of the laws of nation states and potentially immune to domestic prosecutors – could have serious implications when it comes to the spread of international cybercrime. Cybercriminals are not only forgiven past offenses, but also are allowed to continue their illicit activities – perhaps in part because that makes them more valuable assets to the nations who hire them.

Full article: How Russia and others use cybercriminals as proxies (The Christian Science Monitor)

Comments are closed.