BERLIN, GERMANY - OCTOBER 19:  Russian President Vladimir Putin attends a meeting to discuss the Ukrainian peace process at the German federal Chancellery on October 19, 2016 in Berlin, Germany. The leaders of Russia, Ukraine, France and Germany, known as the Normandy Four, met in Berlin to discuss implementation of the peace plan known as the Minsk Protocol, a roadmap for resolving the conflict in Ukraine after Russian forces invaded in 2014 and annexed the peninsula of Crimea. The United States has threatened renewed sanctions on Russia if the country did not either implement the plan in the coming months or arrive at a plan on how to do so.  (Photo by Adam Berry/Getty Images)
Adam Berry/Getty Images Europe/Getty Images
BERLIN, GERMANY - OCTOBER 19: Russian President Vladimir Putin attends a meeting to discuss the Ukrainian peace process at the German federal Chancellery on October 19, 2016 in Berlin, Germany. The leaders of Russia, Ukraine, France and Germany, known as the Normandy Four, met in Berlin to discuss implementation of the peace plan known as the Minsk Protocol, a roadmap for resolving the conflict in Ukraine after Russian forces invaded in 2014 and annexed the peninsula of Crimea. The United States has threatened renewed sanctions on Russia if the country did not either implement the plan in the coming months or arrive at a plan on how to do so. (Photo by Adam Berry/Getty Images)
Now playing
02:23
Putin: 'Patriots' may be behind election hack
Fox News/Twitter
Now playing
01:33
ADL wants Fox News to fire Tucker Carlson over racist comments
CNN
Now playing
02:36
The truth behind Covid-19 vaccines for sale on the dark web
Now playing
04:22
Levi's CEO has message for Mitch McConnell
Now playing
01:54
'You think I'm racist': Former Fox News host storms off camera
Korie Robertson and Willie Robertson of the reality series "Duck Dynasty" attend the Capitol File 58th Presidential Inauguration Reception at Fiola Mare on January 19, 2017 in Washington, DC.
Paul Morigi/Getty Images
Korie Robertson and Willie Robertson of the reality series "Duck Dynasty" attend the Capitol File 58th Presidential Inauguration Reception at Fiola Mare on January 19, 2017 in Washington, DC.
Now playing
01:46
'Duck Dynasty' stars discuss raising biracial son on new show
FOX/"The Masked Singer"
Now playing
01:24
Nick Cannon makes big splash in 'Masked Singer' return
The Drew Barrymore Show/YouTube
Now playing
01:26
'Mom' star speaks out about not having kids in real life
Heinz ketchup packets are shown in New York on Monday, August 22, 2005. H.J. Heinz Co., the world's biggest ketchup maker, said first-quarter profit fell 19 percent on expenses to cut jobs and sell businesses.  (Photo by Andrew Harrer/Bloomberg via Getty Images)
Andrew Harrer/Bloomberg/Getty Images
Heinz ketchup packets are shown in New York on Monday, August 22, 2005. H.J. Heinz Co., the world's biggest ketchup maker, said first-quarter profit fell 19 percent on expenses to cut jobs and sell businesses. (Photo by Andrew Harrer/Bloomberg via Getty Images)
Now playing
01:53
Restaurants face a nationwide ketchup packet shortage
Camerota Berman both
CNN
Camerota Berman both
Now playing
02:33
CNN anchor Alisyn Camerota gets surprise tribute from co-anchor
Citigroup Chairman Richard Parsons delivers remarks on the US economy at the New York State Bar Association meetings in New York, January 28, 2009. Troubled US banking giant Citigroup last week named Parsons as its new chairman, the longtime top executive at media giant Time Warner, to steer it through its most challenging period.  AFP PHOTO / Emmanuel Dunand (Photo credit should read EMMANUEL DUNAND/AFP via Getty Images)
EMMANUEL DUNAND/AFP/AFP via Getty Images
Citigroup Chairman Richard Parsons delivers remarks on the US economy at the New York State Bar Association meetings in New York, January 28, 2009. Troubled US banking giant Citigroup last week named Parsons as its new chairman, the longtime top executive at media giant Time Warner, to steer it through its most challenging period. AFP PHOTO / Emmanuel Dunand (Photo credit should read EMMANUEL DUNAND/AFP via Getty Images)
Now playing
02:47
Dick Parsons: Georgia law is a bald-faced attempt to suppress Black vote
Courtesy of Warner Bros. Picture
Now playing
02:54
'Godzilla vs. Kong' is a pandemic box office hit
Now playing
01:30
5 ways to cut your plastic waste
CNN/Getty Images
Now playing
04:40
Stelter: After elevating Gaetz, Fox News barely covering scandal
NASA/Goddard/University of Arizona
Now playing
01:08
See NASA spacecraft successfully land on an asteroid
Now playing
06:51
Alisyn Camerota's kids wish her good luck in new role on CNN

Story highlights

Patriotic hackers are not unknown in Russia

Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money

(CNN) —  

Russian President Vladimir Putin’s remarks about “patriotic hackers” have led to more than a few raised eyebrows.

After condemning this week what he described as rampant “Russophobia,” Putin painted a lyrical portrait of hackers waging war in defense of the fatherland.

“Hackers are free people, like artists,” Putin told a panel in St. Petersburg. “They wake up in a good mood and paint things. Same with hackers … They read something about the state-to-state relations. If they are patriotic, they make their own contribution to fight those who say bad things about Russia. “

He returned to the theme Friday when challenged about evidence of Russian “fingerprints” in the recent hacking of US organizations, particularly the Democratic Party.

“Whose fingerprints?” he asked. “All these IP addresses can be faked. Do you know how many specialists there are like that?”

“It’s not evidence. It’s an attempt to put this on us,” Putin added.

02:36 - Source: CNN
Private sector helps Russia fight hackers

To some observers, this smells like a first attempt at “plausible deniability” by the Kremlin as investigations in the US continue. Even if those probes ultimately point the finger at Russian hacking, the Kremlin can shrug and plead ignorance or fabrication.

Proving otherwise would be very difficult. In the world of Russian hacking, the lines dividing criminal enterprise, freelance patriotism and service to the state are often blurred beyond recognition.

Patriotic hackers are not unknown in Russia. Vladislav Horohorin, an experienced hacker, recalls that when Russia and Georgia briefly went to war in 2008, Russians without any government connection hacked into the Georgian telecom infrastructure.

“I can attest that action developed spontaneously and out of sheer patriotism,” Horohorin said in an email exchange with CNN several months ago.

But Dmitry Volkov, head of threat intelligence for Russian cyber-security company IB, told CNN recently that he encountered little evidence of “hacker patriots.”

“We see newspapers that are writing about such type of threat actors, sometimes we track “hacktivists,” but usually they are very low-skilled guys,” he said.

Money, money, money

Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money. Take the example of Peter Levashov, indicted by the US for computer fraud and theft. He was arrested in Spain in April and is awaiting extradition.

Levashov is accused of being the mastermind of the Kelihos Botnet, which allegedly sent hundreds of millions of spam emails, intercepting users’ online and financial credentials. The Spamhaus Project has described Levashov as “one of the longest operating criminal spam lords on the Internet.”

On a much smaller scale, hackers can trade their expertise for favors, according to Horohorin, who recently served a jail sentence in the US for online credit card fraud.

“I know there are certain individuals who for their hacking services obtained ‘predpisanie,’” Horohorin told CNN. That essentially means they had some sort of protection from arrest.

Affiliations

Sometimes, profit and patriotism may overlap – as in the multiple attacks on Ukrainian infrastructure allegedly carried out by Russian groups. There have been at least two attacks on the Ukrainian power grid. Suspected Russian hackers associated with the group “Fancy Bear” last year managed to install malware in a Ukrainian military application that helped reveal communications and location data from Ukrainian forces.

Crowdstrike, which analyzes hacking, said the attack supported its assessment that Fancy Bear was “likely affiliated with Russian military intelligence,” the GRU.

The US Director of National Intelligence came to similar conclusions over the hacking of the Democratic Party last year.

“We assess with high confidence that Russian military intelligence used the Guccifer 2.0 persona and DCLeaks.com to release US victim data,” the DNI reported in January.

Most of the time, the evidence to support such assessments remains classified, and the ultimate identity of hackers unknown. Guccifer 2.0 was supposed to be a Romanian hacker.

But Thomas Rid, an authority on cyberespionage, told a US Senate hearing in March that the GRU had become more “careless, risk-taking, and error-prone” in its hacking, leaving digital fingerprints on various operations.

He cited data obtained by cyber-security firm SecureWorks that traced 19,300 malicious links targeting around 6,730 individuals back to the GRU.

Poor tradecraft can make deniability less plausible.

A new generation?

There are also Russian hackers who try to subvert rather than support the state and may not be motivated by profit. Some have hacked into the personal records of senior officials and business figures, either to embarrass them or in a self-declared war on corruption.

Horohorin said that “some may use hacked resources for cyber-warfare, in pursuit of information, or to declare themselves or proclaim their own beliefs.”

His peers had little interest “in anything that could not be exploited for profit and stayed away from politics.” But “the younger generation became more politicized.”

Among them are groups like Humpty Dumpty, or in Russian, “Shaltai Boltai.”

The puzzling cross-currents and shifting loyalties among Russian hackers came to rare light in December when two officers of the FSB (Russian security service) were among four men arrested and accused of “treason on behalf of the United States,” according to a lawyer defending one of them.

One of them was Dmitry Dokuchaev. Three months later, the US Justice Department revealed its interest in Dokuchaev: he was indicted in connection with a massive conspiracy to hack into Yahoo’s network.

But years before he had joined the FSB, Dokuchaev had himself been a hacker. He was a contributor to Hacker magazine, in which he once wrote: “There is a way to wealth – to start your own business in the web. One-two years and maybe you will be able to save enough to buy a villa by the Mediterranean Sea.”

Beyond doubt is the Russian authorities’ embrace of hacking and disinformation as part of a broader campaign of ‘active measures’ designed to weaken and confuse adversaries. Back in 2013, Russian Defense Minister Sergei Shoigu spoke of the need for a “head hunt” for experts in coding.

Recruitment efforts at technical institutes and on social media sites followed, with slick videos inviting applications to the “Research Squadron of the Russian Federation.”

From the military’s determined recruitment of IT specialists to the patriotic fervor of hackers in their bedrooms, the age of what Shoigu likes to call ‘information warfare forces’ is here to stay.