BERLIN, GERMANY - OCTOBER 19:  Russian President Vladimir Putin attends a meeting to discuss the Ukrainian peace process at the German federal Chancellery on October 19, 2016 in Berlin, Germany. The leaders of Russia, Ukraine, France and Germany, known as the Normandy Four, met in Berlin to discuss implementation of the peace plan known as the Minsk Protocol, a roadmap for resolving the conflict in Ukraine after Russian forces invaded in 2014 and annexed the peninsula of Crimea. The United States has threatened renewed sanctions on Russia if the country did not either implement the plan in the coming months or arrive at a plan on how to do so.  (Photo by Adam Berry/Getty Images)
Adam Berry/Getty Images Europe/Getty Images
BERLIN, GERMANY - OCTOBER 19: Russian President Vladimir Putin attends a meeting to discuss the Ukrainian peace process at the German federal Chancellery on October 19, 2016 in Berlin, Germany. The leaders of Russia, Ukraine, France and Germany, known as the Normandy Four, met in Berlin to discuss implementation of the peace plan known as the Minsk Protocol, a roadmap for resolving the conflict in Ukraine after Russian forces invaded in 2014 and annexed the peninsula of Crimea. The United States has threatened renewed sanctions on Russia if the country did not either implement the plan in the coming months or arrive at a plan on how to do so. (Photo by Adam Berry/Getty Images)
Now playing
02:23
Putin: 'Patriots' may be behind election hack
Now playing
03:44
Do the 1990s hold the key to sustainable websites?
Now playing
01:10
Watch SpaceX land its Mars rocket prototype for the first time
Now playing
05:52
The climate crisis is taking these farmers' most valuable resource
U.S. President Donald Trump works on his phone during a roundtable at the State Dining Room of the White House June 18, 2020 in Washington, DC. President Trump held a roundtable discussion with Governors and small business owners on the reopening of American's small business. (Photo by Alex Wong/Getty Images)
Alex Wong/Getty Images
U.S. President Donald Trump works on his phone during a roundtable at the State Dining Room of the White House June 18, 2020 in Washington, DC. President Trump held a roundtable discussion with Governors and small business owners on the reopening of American's small business. (Photo by Alex Wong/Getty Images)
Now playing
02:37
Facebook Oversight Board: Indefinite suspension of Trump's account is 'not appropriate'
Now playing
03:41
How technology at NASA helps guide Biden on climate
Now playing
01:42
A vaccine without needles? It's on the way
SAN FRANCISCO, CA - FEBRUARY 06:  Host Conan O'Brien speaks onstage during the 5th Annual NFL Honors at Bill Graham Civic Auditorium on February 6, 2016 in San Francisco, California.  (Photo by Tim Mosenfelder/Getty Images)
Tim Mosenfelder/Getty Images
SAN FRANCISCO, CA - FEBRUARY 06: Host Conan O'Brien speaks onstage during the 5th Annual NFL Honors at Bill Graham Civic Auditorium on February 6, 2016 in San Francisco, California. (Photo by Tim Mosenfelder/Getty Images)
Now playing
01:48
Conan announces his last show after 30 years in late night
Drew Angerer/Getty Images
Now playing
03:14
Will Trump be allowed back on Facebook? This board will decide
CNN
Now playing
05:16
WTF is a SPAC?
Now playing
01:51
A shortage of tanker truck drivers could cause stations to run out of gas
CEO at Verizon Media K. Guru Gowrappan appears at the 2019 Verizon Media NewFront on April 30, 2019 in New York City.
Noam Galai/Getty Images for Verizon Media
CEO at Verizon Media K. Guru Gowrappan appears at the 2019 Verizon Media NewFront on April 30, 2019 in New York City.
Now playing
02:47
Verizon sells off Yahoo and AOL
Warren Buffett, CEO of Berkshire Hathaway, attends the 2019 annual shareholders meeting in Omaha, Nebraska, May 3, 2019. (Photo by Johannes EISELE / AFP)        (Photo credit should read JOHANNES EISELE/AFP via Getty Images)
Johannes Eisele/AFP/Getty Images
Warren Buffett, CEO of Berkshire Hathaway, attends the 2019 annual shareholders meeting in Omaha, Nebraska, May 3, 2019. (Photo by Johannes EISELE / AFP) (Photo credit should read JOHANNES EISELE/AFP via Getty Images)
Now playing
02:40
Warren Buffett warns on US inflation
Now playing
01:00
Astronauts splash down after record-setting mission
ATLANTA - APRIL 30:  A Boeing 757 with a new Delta Airlines logo sits on the tarmac following the company's emergence from bankruptcy at Hartsfield Jackson International Airport April 30,2007 in Atlanta, Georgia. The 757 sports new branding that will appear on more than 900 planes, at airports and on advertising.  (Photo by Barry Williams/Getty Images) 757
Barry Williams/Getty Images North America/Getty Images
ATLANTA - APRIL 30: A Boeing 757 with a new Delta Airlines logo sits on the tarmac following the company's emergence from bankruptcy at Hartsfield Jackson International Airport April 30,2007 in Atlanta, Georgia. The 757 sports new branding that will appear on more than 900 planes, at airports and on advertising. (Photo by Barry Williams/Getty Images) 757
Now playing
02:28
Why Delta airlines is resuming selling middle seats
Now playing
02:50
Grocery chain says 'hero pay' forcing them to close stores

Story highlights

Patriotic hackers are not unknown in Russia

Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money

(CNN) —  

Russian President Vladimir Putin’s remarks about “patriotic hackers” have led to more than a few raised eyebrows.

After condemning this week what he described as rampant “Russophobia,” Putin painted a lyrical portrait of hackers waging war in defense of the fatherland.

“Hackers are free people, like artists,” Putin told a panel in St. Petersburg. “They wake up in a good mood and paint things. Same with hackers … They read something about the state-to-state relations. If they are patriotic, they make their own contribution to fight those who say bad things about Russia. “

He returned to the theme Friday when challenged about evidence of Russian “fingerprints” in the recent hacking of US organizations, particularly the Democratic Party.

“Whose fingerprints?” he asked. “All these IP addresses can be faked. Do you know how many specialists there are like that?”

“It’s not evidence. It’s an attempt to put this on us,” Putin added.

02:36 - Source: CNN
Private sector helps Russia fight hackers

To some observers, this smells like a first attempt at “plausible deniability” by the Kremlin as investigations in the US continue. Even if those probes ultimately point the finger at Russian hacking, the Kremlin can shrug and plead ignorance or fabrication.

Proving otherwise would be very difficult. In the world of Russian hacking, the lines dividing criminal enterprise, freelance patriotism and service to the state are often blurred beyond recognition.

Patriotic hackers are not unknown in Russia. Vladislav Horohorin, an experienced hacker, recalls that when Russia and Georgia briefly went to war in 2008, Russians without any government connection hacked into the Georgian telecom infrastructure.

“I can attest that action developed spontaneously and out of sheer patriotism,” Horohorin said in an email exchange with CNN several months ago.

But Dmitry Volkov, head of threat intelligence for Russian cyber-security company IB, told CNN recently that he encountered little evidence of “hacker patriots.”

“We see newspapers that are writing about such type of threat actors, sometimes we track “hacktivists,” but usually they are very low-skilled guys,” he said.

Money, money, money

Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money. Take the example of Peter Levashov, indicted by the US for computer fraud and theft. He was arrested in Spain in April and is awaiting extradition.

Levashov is accused of being the mastermind of the Kelihos Botnet, which allegedly sent hundreds of millions of spam emails, intercepting users’ online and financial credentials. The Spamhaus Project has described Levashov as “one of the longest operating criminal spam lords on the Internet.”

On a much smaller scale, hackers can trade their expertise for favors, according to Horohorin, who recently served a jail sentence in the US for online credit card fraud.

“I know there are certain individuals who for their hacking services obtained ‘predpisanie,’” Horohorin told CNN. That essentially means they had some sort of protection from arrest.

Affiliations

Sometimes, profit and patriotism may overlap – as in the multiple attacks on Ukrainian infrastructure allegedly carried out by Russian groups. There have been at least two attacks on the Ukrainian power grid. Suspected Russian hackers associated with the group “Fancy Bear” last year managed to install malware in a Ukrainian military application that helped reveal communications and location data from Ukrainian forces.

Crowdstrike, which analyzes hacking, said the attack supported its assessment that Fancy Bear was “likely affiliated with Russian military intelligence,” the GRU.

The US Director of National Intelligence came to similar conclusions over the hacking of the Democratic Party last year.

“We assess with high confidence that Russian military intelligence used the Guccifer 2.0 persona and DCLeaks.com to release US victim data,” the DNI reported in January.

Most of the time, the evidence to support such assessments remains classified, and the ultimate identity of hackers unknown. Guccifer 2.0 was supposed to be a Romanian hacker.

But Thomas Rid, an authority on cyberespionage, told a US Senate hearing in March that the GRU had become more “careless, risk-taking, and error-prone” in its hacking, leaving digital fingerprints on various operations.

He cited data obtained by cyber-security firm SecureWorks that traced 19,300 malicious links targeting around 6,730 individuals back to the GRU.

Poor tradecraft can make deniability less plausible.

A new generation?

There are also Russian hackers who try to subvert rather than support the state and may not be motivated by profit. Some have hacked into the personal records of senior officials and business figures, either to embarrass them or in a self-declared war on corruption.

Horohorin said that “some may use hacked resources for cyber-warfare, in pursuit of information, or to declare themselves or proclaim their own beliefs.”

His peers had little interest “in anything that could not be exploited for profit and stayed away from politics.” But “the younger generation became more politicized.”

Among them are groups like Humpty Dumpty, or in Russian, “Shaltai Boltai.”

The puzzling cross-currents and shifting loyalties among Russian hackers came to rare light in December when two officers of the FSB (Russian security service) were among four men arrested and accused of “treason on behalf of the United States,” according to a lawyer defending one of them.

One of them was Dmitry Dokuchaev. Three months later, the US Justice Department revealed its interest in Dokuchaev: he was indicted in connection with a massive conspiracy to hack into Yahoo’s network.

But years before he had joined the FSB, Dokuchaev had himself been a hacker. He was a contributor to Hacker magazine, in which he once wrote: “There is a way to wealth – to start your own business in the web. One-two years and maybe you will be able to save enough to buy a villa by the Mediterranean Sea.”

Beyond doubt is the Russian authorities’ embrace of hacking and disinformation as part of a broader campaign of ‘active measures’ designed to weaken and confuse adversaries. Back in 2013, Russian Defense Minister Sergei Shoigu spoke of the need for a “head hunt” for experts in coding.

Recruitment efforts at technical institutes and on social media sites followed, with slick videos inviting applications to the “Research Squadron of the Russian Federation.”

From the military’s determined recruitment of IT specialists to the patriotic fervor of hackers in their bedrooms, the age of what Shoigu likes to call ‘information warfare forces’ is here to stay.