Cyber criminals striking deals with some countries
It had taken American prosecutors a long time to hand down the indictment, but finally they had their man. In 2013, authorities had tracked down Alexsey Belan, a notorious Russia-linked cyber criminal, and were getting ready to extradite him to the US. But Belan, a Latvian-born hacker wanted by the FBI for launching assaults on US networks using thousands of hacked computers, slipped from the clutches of European law-enforcement agents.
According to the US government, Russian intelligence officials had brought Belan into a new scheme: hacking a National Security Agency tool that allowed agents to scour millions of personal Yahoo e-mail accounts. The Justice Department believes the FSB, Russia’s top domestic spy agency, coaxed Belan into stealing information from 500 million accounts.
US officials’ struggle to catch Belan illustrates a larger challenge as authoritarian countries integrate cyber tools into their military arsenals. To beef up their hacking capabilities, Russia, China and other digital adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity. “You have to appreciate that (Russians) always use proxies to do their dirty work,” says Tom Kellermann, Chief Executive Officer at Strategic Cyber Ventures in Washington. “The US hunts their hackers and they go behind bars; in Russia, (it’s) well known who they are, and they’re called upon to act. They’re considered untouchable as long as they pay homage to the state.”
American network defenders have gotten used to dealing with more sophisticated hackers over the years. But as such hackers team up with nation states and intelligence agencies that have deeper pockets than even the best-resourced cybercriminal gangs that pose a greater challenge for US law-enforcement officials.
“We were kind of used to thinking that there were different levels of adversaries,” says Israel Barak, chief information security officer at Cybereason, a Boston-based cybersecurity company that tracks international cybercriminals. “The proliferation and funding of nation states changes that equation.”
According to a Cybereason report, Russia and China outsource large hacking endeavours to groups and companies that are sometimes interconnected with cybercrime.
Not only does using freelancers and private companies allow US adversaries to quickly build up their hacking capabilities, but the difficulty of pinning down the perpetrators of cyberattacks also makes it easier for Moscow and Beijing to avoid accountability.
“Because the connection is so tricky (to prove), it gives the state the option to deny all activity,” says Andrei Soldatov, a Russian intelligence journalist for
For example, in 2014 Chinese national Su Bin was arrested for participating in a cyberespionage ring to hack into US defence contractors Lockheed and Boeing and steal fighter-jet plans. Even after it was revealed in 2016 that his co-conspirators were Chinese military officers, Beijing denied any involvement in the operation. A California court sentenced him to four years in prison.
Russia’s ramped-up capabilities, thanks to its cooperation with cybercriminals, has frustrated American officials, who are pushing to bolster US digital capabilities after Moscow allegedly directed a campaign of hacks, leaks and fake news aimed at derailing Hillary Clinton’s candidacy last November.
Joint Chiefs of Staff Chairman Gen. Joseph Dunford said at a June 13 congressional hearing that 70 per cent of the Defence Department’s 133 cyber-mission teams were ready for battle, but the US still faces a major hurdle when facing off with authoritarian adversaries around the world: the law. There isn’t an equivalent in Russia and China to the Computer Fraud and Abuse Act, a US law that often lands American hackers behind bars for digital trespassing. “You don’t have any problems with democracy or accountability,” says Soldatov, the Russian journalist.
But using freelance hackers — beyond the grasp of the laws of nation states and potentially immune to domestic prosecutors — could have serious implications when it comes to the spread of international cybercrime. Cybercriminals are not only forgiven past offenses, but also are allowed to continue their illicit activities — perhaps in part because that makes them more valuable assets to the nations who hire them.
Evgeniy Mikhailovich Bogachev, a 33-year-old hacker, for instance, has managed to become one of the world’s most prolific digital scofflaws under the nose of Russian authorities. At its peak, it took over as many as one million computers around the world — 25 per cent of those machines located in the US — and caused $100 million in losses, according to the FBI.
Russia and China outsource large hacking endeavours to groups and companies that are sometimes interconnected with cybercrime