Why Russia outsources its spy work to hackers
System protects criminals who help the Kremlin
Almost all naSAN FRANCIS CO tions engage in some type of cyber espionage, but Russia stands apart in that rather than using intelligence and military staff, it outsources the work to criminal hackers from its thriving cyber underground.
While this has long been known in intelligence circles, the charges against Russian intelligence officers in the Yahoo hacking case bring it out into the open.
“The Russians are pretty much No. 1 in terms of using criminal organizations as partners,” Michael Chertoff, former secretary of Homeland Security, told USA TODAY in a phone interview.
The charges against the four Russians in the massive hack attack against Yahoo represent the first official U.S. government recognition of what Chertoff describes as “the unholy alliance between criminal hackers operating in Russia and the Russian intelligence services.”
The indictments take away the fig leaf that Russia is not involved in these activities and lay out in stark relief the Russian system of offering protection from prosecution for criminals who work for the government on the side, experts say.
“Having criminals as cutouts has allowed the authorities to obfuscate their role in carrying out these kinds of cyber attacks,” said Chertoff, who is now executive chairman of The Chertoff Group, which advises companies on security and risk management.
Outsourcing hacking only makes sense in Russia because it’s where the nation’s cyber talent is, said Vitali Kremez, research director at Flashpoint, a cyber intelligence company.
Russia’s technical universities are among the world’s best, and the country each year produces a bumper crop of highly-skilled graduates. But it lacks a robust tech industry, so many end up working in the criminal underground.
“There’s no Silicon Valley in Russia; it’s not able to provide good conditions for them to thrive,” Kremez said. By working in the underground, they’re able to lead lavish lifestyles, enjoying travel, beautiful cars and an in- come that the army or intelligence services could never provide.
What was remarkable to Kremez is the extent to which the hackers and the agents interacted.
“They’re all in the same underground ecosystem, they all lived there,” Kremez said.
Two hackers and two Russian agents were charged. One of the agents, Dmitry Dokuchaev with Russia’s Federal Security Service, spent considerable time on Russian criminal underground sites using an alias.
In fact, “he was actually funding one of the more meaty Russian underground forums, which was called Verified. He was very active, he didn’t look like an agent, he looked like a cybercriminal,” Kremez said
The hacking of the 500 million Yahoo accounts was in many ways a by-product of the information on specific individuals the Russian government was looking for. Out of those millions of accounts, agents would search for links to specific people they were interested in, then use those credentials to delve deeper.
The more information hackers have about an individual and their various online accounts, the easier it is to craft phishing emails that are likely to lure them into clicking on dangerous links or otherwise compromise their systems.
In exchange, the criminals get to use the data for their own purposes, so both sides benefited.
“This was the treasure trove both for intelligence and for criminal actors,” Chertoff said.
Ironically, the creation of that criminal underground and the mercenary hackers who work within it was in part funded by U.S. intelligence agencies, which made use of the markets there to purchase information computer code vulnerabilities in popular programs that could be used to hack and crack networks, noted Bruce McConnell, a global vice president at the EastWest Institute, a think tank that works on cyber issues.
The case is a wake-up call for companies that might have been under the false impression that state-sponsored hacking was aimed only at other governments.
Customer information is in many ways now simply plunder, much as in ancient times soldiers were rewarded with whatever loot they could find after they’d won a battle.
“In this case, after collecting the data on their political targets, which includes employees of commercial entities in transportation and financial services, the hackers were given free rein with the spoils — the data from 500 million Yahoo users,” said Tim Matthews, vice president of marketing for the computer security company Imperva.
“The Russians are pretty much No. 1 in terms of using criminal organizations as partners.” Michael Chertoff, former secretary of Homeland Security