How Russia and others use cybercriminals as proxies
| Washington
It had taken American prosecutors a long time听to hand down the indictment, but finally they had their man. In 2013, authorities had tracked down Alexsey Belan, a notorious Russia-linked cyber criminal, and were getting ready to extradite him to the United States.
But Mr. Belan, a Latvian-born hacker wanted by the FBI for launching assaults on US networks using thousands of hacked computers, slipped from the clutches of European law-enforcement agents.
According to the US government, Russian intelligence officials had brought Belan into a new scheme: hacking a National Security Agency tool that allowed agents to scour millions of personal Yahoo email accounts. The Justice Department believes the FSB, Russia鈥檚 top domestic spy agency, coaxed Belan into stealing information from 500 million accounts.
US officials鈥 struggle to catch听Belan听illustrates a larger听challenge听as authoritarian countries integrate cyber tools into their military arsenals. To beef up their hacking capabilities, Russia, China, and other digital adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity.
鈥淵ou have to appreciate that [Russians] always use proxies to do their dirty work,鈥 says Tom Kellermann, chief executive officer at Strategic Cyber Ventures in Washington. 鈥淭he US hunts their hackers and they go behind bars; in Russia, [it鈥檚]听well known who they are, and they鈥檙e called upon to act. They鈥檙e considered untouchable as long as they pay homage to the state.鈥
More formidable adversaries
American network defenders have gotten used to dealing with more sophisticated hackers over the years. But听as such hackers team up with nation states and intelligence agencies that have deeper pockets than even the best-resourced cybercriminal gangs,听that听poses a听much greater听challenge for US law-enforcement officials.
鈥淲e were kind of used to thinking that there were different levels of adversaries,鈥 says Israel Barak, chief information security officer at Cybereason, a Boston-based cybersecurity company that tracks international cybercriminals. 鈥淭he proliferation and funding of nation states changes that equation.鈥
According to a Cybereason report earlier this year, Russia and China 鈥 seeking an advantage in the cybersecurity industry 鈥撎齩utsource听large hacking endeavors to听groups and companies听that are sometimes interconnected with cybercrime.
Not only does using freelancers and private companies allow US adversaries to quickly build up their hacking capabilities,听but the difficulty of pinning down听the perpetrators of听cyberattacks also makes it easier for Moscow and Beijing听to avoid accountability.听
鈥淏ecause the connection is so tricky [to prove], it gives the state the option to deny all activity.鈥 says Andrei Soldatov, a Russian intelligence journalist for听Agentura.Ru.
For example, in 2014 Chinese national Su Bin was arrested for participating in a cyberespionage ring to hack into US defense contractors Lockheed and Boeing and steal fighter-jet plans. Even after it was revealed in 2016 that his co-conspirators were Chinese military officers, Beijing听听in the operation. A California court听听him to four years in prison.
Russia鈥檚 ramped-up听capabilities, thanks to its cooperation with cybercriminals, has frustrated American officials, who are pushing to bolster US digital capabilities after Moscow allegedly directed a campaign of hacks, leaks, and fake news aimed at derailing Hillary Clinton鈥檚 candidacy last November.
Joint Chiefs of Staff Chairman Gen. Joseph Dunford said听at a June 13 congressional hearing that听70 percent of the Defense Department鈥檚 133 cyber-mission teams were ready for battle, but the US still faces a major hurdle when facing off with authoritarian adversaries around the world: the law. There isn鈥檛 an equivalent in Russia and China to the Computer Fraud and Abuse Act, a US law that often lands American hackers behind bars for digital trespassing.
鈥淵ou don鈥檛 have any problems with democracy or accountability,鈥 says Mr. Soldatov, the Russian journalist.
Spreading faster
But using freelance hackers 鈥 beyond the grasp of the laws of nation states and potentially immune to domestic prosecutors 鈥 could have serious implications when it comes to the spread of international cybercrime. Cybercriminals are not only forgiven past offenses, but also are allowed to continue their illicit activities 鈥 perhaps in part because that makes them more valuable assets to the nations who hire them.
Take Evgeniy Mikhailovich Bogachev, a 33-year-old hacker who resides in the Russian resort town of Anapa on the Black Sea coast, who has managed to become one of the world鈥檚 most prolific digital scofflaws under the nose of Russian authorities.
In 2009, Mr. Bogachev pioneered 鈥淶eus鈥 a form of malicious software that targeted banks and drained the accounts of unsuspecting victims.听Using that same malware, Bogachev also听created听one of the largest botnets in 2011,听known as听GameoverZeus. At its peak, it took over as many as 1 million computers around the world 鈥 25 percent of those machines located in the US 鈥撎.
Russian officials may have used Bogachev鈥檚听听to gain visibility into sensitive US networks,听experts say.听US law-enforcement officials, in tandem with authorities from 10 other countries, were eventually able to take down the botnet, and charged Bogachev with computer hacking, bank fraud, wire fraud, and money laundering. Bogachev also was included on the list of individuals sanctioned for alleged Russian digital interference in the 2016 US presidential election.
鈥淭hey were utilizing some of the most capable cybercriminals in the world as cyber militia members,鈥 says Mr. Kellermann. 鈥淭hey were allowed to operate with impunity as long as they didn鈥檛 touch anything Russian, and shared with [Russia鈥檚 main foreign intelligence agency]. They were called upon to be patriotic after Crimea, and if they weren鈥檛, they would be targeted.鈥
