How Russia and others use cybercriminals as proxies

US adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity. One such cybercriminal was involved in the 2016 US election interference.

Yun Dong-jin/Yonhap/AP
Employees watch electronic boards monitoring possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul.

It had taken American prosecutors a long time to hand down the indictment, but finally they had their man. In 2013, authorities had tracked down Alexsey Belan, a notorious Russia-linked cyber criminal, and were getting ready to extradite him to the United States.

But Mr. Belan, a Latvian-born hacker wanted by the FBI for launching assaults on US networks using thousands of hacked computers, slipped from the clutches of European law-enforcement agents.

According to the US government, Russian intelligence officials had brought Belan into a new scheme: hacking a National Security Agency tool that allowed agents to scour millions of personal Yahoo email accounts. The Justice Department believes the FSB, Russia’s top domestic spy agency, coaxed Belan into stealing information from 500 million accounts.

US officials’ struggle to catch Belan illustrates a larger challenge as authoritarian countries integrate cyber tools into their military arsenals. To beef up their hacking capabilities, Russia, China, and other digital adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity.

“You have to appreciate that [Russians] always use proxies to do their dirty work,” says Tom Kellermann, chief executive officer at Strategic Cyber Ventures in Washington. “The US hunts their hackers and they go behind bars; in Russia, [it’s] well known who they are, and they’re called upon to act. They’re considered untouchable as long as they pay homage to the state.”

More formidable adversaries

American network defenders have gotten used to dealing with more sophisticated hackers over the years. But as such hackers team up with nation states and intelligence agencies that have deeper pockets than even the best-resourced cybercriminal gangs, that poses a much greater challenge for US law-enforcement officials.

“We were kind of used to thinking that there were different levels of adversaries,” says Israel Barak, chief information security officer at Cybereason, a Boston-based cybersecurity company that tracks international cybercriminals. “The proliferation and funding of nation states changes that equation.”

According to a Cybereason report earlier this year, Russia and China – seeking an advantage in the cybersecurity industry – outsource large hacking endeavors to groups and companies that are sometimes interconnected with cybercrime.

Not only does using freelancers and private companies allow US adversaries to quickly build up their hacking capabilities, but the difficulty of pinning down the perpetrators of cyberattacks also makes it easier for Moscow and Beijing to avoid accountability. 

“Because the connection is so tricky [to prove], it gives the state the option to deny all activity.” says Andrei Soldatov, a Russian intelligence journalist for Agentura.Ru.

For example, in 2014 Chinese national Su Bin was arrested for participating in a cyberespionage ring to hack into US defense contractors Lockheed and Boeing and steal fighter-jet plans. Even after it was revealed in 2016 that his co-conspirators were Chinese military officers, Beijing denied any involvement in the operation. A California court sentenced him to four years in prison.

Russia’s ramped-up capabilities, thanks to its cooperation with cybercriminals, has frustrated American officials, who are pushing to bolster US digital capabilities after Moscow allegedly directed a campaign of hacks, leaks, and fake news aimed at derailing Hillary Clinton’s candidacy last November.

Joint Chiefs of Staff Chairman Gen. Joseph Dunford said at a June 13 congressional hearing that 70 percent of the Defense Department’s 133 cyber-mission teams were ready for battle, but the US still faces a major hurdle when facing off with authoritarian adversaries around the world: the law. There isn’t an equivalent in Russia and China to the Computer Fraud and Abuse Act, a US law that often lands American hackers behind bars for digital trespassing.

“You don’t have any problems with democracy or accountability,” says Mr. Soldatov, the Russian journalist.

Spreading faster

But using freelance hackers – beyond the grasp of the laws of nation states and potentially immune to domestic prosecutors – could have serious implications when it comes to the spread of international cybercrime. Cybercriminals are not only forgiven past offenses, but also are allowed to continue their illicit activities – perhaps in part because that makes them more valuable assets to the nations who hire them.

Take Evgeniy Mikhailovich Bogachev, a 33-year-old hacker who resides in the Russian resort town of Anapa on the Black Sea coast, who has managed to become one of the world’s most prolific digital scofflaws under the nose of Russian authorities.

In 2009, Mr. Bogachev pioneered “Zeus” a form of malicious software that targeted banks and drained the accounts of unsuspecting victims. Using that same malware, Bogachev also created one of the largest botnets in 2011, known as GameoverZeus. At its peak, it took over as many as 1 million computers around the world – 25 percent of those machines located in the US – and caused $100 million in losses, according to the FBI.

Russian officials may have used Bogachev’s extensive network to gain visibility into sensitive US networks, experts say. US law-enforcement officials, in tandem with authorities from 10 other countries, were eventually able to take down the botnet, and charged Bogachev with computer hacking, bank fraud, wire fraud, and money laundering. Bogachev also was included on the list of individuals sanctioned for alleged Russian digital interference in the 2016 US presidential election.

“They were utilizing some of the most capable cybercriminals in the world as cyber militia members,” says Mr. Kellermann. “They were allowed to operate with impunity as long as they didn’t touch anything Russian, and shared with [Russia’s main foreign intelligence agency]. They were called upon to be patriotic after Crimea, and if they weren’t, they would be targeted.”

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to How Russia and others use cybercriminals as proxies
Read this article in
https://www.csmonitor.com/USA/2017/0628/How-Russia-and-others-use-cybercriminals-as-proxies
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe