Patriotic hackers are not unknown in Russia
Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money
Russian President Vladimir Putin’s remarks about “patriotic hackers” have led to more than a few raised eyebrows.
After condemning this week what he described as rampant “Russophobia,” Putin painted a lyrical portrait of hackers waging war in defense of the fatherland.
“Hackers are free people, like artists,” Putin told a panel in St. Petersburg. “They wake up in a good mood and paint things. Same with hackers … They read something about the state-to-state relations. If they are patriotic, they make their own contribution to fight those who say bad things about Russia. “
He returned to the theme Friday when challenged about evidence of Russian “fingerprints” in the recent hacking of US organizations, particularly the Democratic Party.
“Whose fingerprints?” he asked. “All these IP addresses can be faked. Do you know how many specialists there are like that?”
“It’s not evidence. It’s an attempt to put this on us,” Putin added.
To some observers, this smells like a first attempt at “plausible deniability” by the Kremlin as investigations in the US continue. Even if those probes ultimately point the finger at Russian hacking, the Kremlin can shrug and plead ignorance or fabrication.
Proving otherwise would be very difficult. In the world of Russian hacking, the lines dividing criminal enterprise, freelance patriotism and service to the state are often blurred beyond recognition.
Patriotic hackers are not unknown in Russia. Vladislav Horohorin, an experienced hacker, recalls that when Russia and Georgia briefly went to war in 2008, Russians without any government connection hacked into the Georgian telecom infrastructure.
“I can attest that action developed spontaneously and out of sheer patriotism,” Horohorin said in an email exchange with CNN several months ago.
But Dmitry Volkov, head of threat intelligence for Russian cyber-security company IB, told CNN recently that he encountered little evidence of “hacker patriots.”
“We see newspapers that are writing about such type of threat actors, sometimes we track “hacktivists,” but usually they are very low-skilled guys,” he said.
Money, money, money
Statistics (and prosecutions) suggest the vast majority of Russian hackers are in it for the money. Take the example of Peter Levashov, indicted by the US for computer fraud and theft. He was arrested in Spain in April and is awaiting extradition.
Levashov is accused of being the mastermind of the Kelihos Botnet, which allegedly sent hundreds of millions of spam emails, intercepting users’ online and financial credentials. The Spamhaus Project has described Levashov as “one of the longest operating criminal spam lords on the Internet.”
On a much smaller scale, hackers can trade their expertise for favors, according to Horohorin, who recently served a jail sentence in the US for online credit card fraud.
“I know there are certain individuals who for their hacking services obtained ‘predpisanie,’” Horohorin told CNN. That essentially means they had some sort of protection from arrest.
Sometimes, profit and patriotism may overlap – as in the multiple attacks on Ukrainian infrastructure allegedly carried out by Russian groups. There have been at least two attacks on the Ukrainian power grid. Suspected Russian hackers associated with the group “Fancy Bear” last year managed to install malware in a Ukrainian military application that helped reveal communications and location data from Ukrainian forces.
Crowdstrike, which analyzes hacking, said the attack supported its assessment that Fancy Bear was “likely affiliated with Russian military intelligence,” the GRU.
The US Director of National Intelligence came to similar conclusions over the hacking of the Democratic Party last year.
“We assess with high confidence that Russian military intelligence used the Guccifer 2.0 persona and DCLeaks.com to release US victim data,” the DNI reported in January.
Most of the time, the evidence to support such assessments remains classified, and the ultimate identity of hackers unknown. Guccifer 2.0 was supposed to be a Romanian hacker.
But Thomas Rid, an authority on cyberespionage, told a US Senate hearing in March that the GRU had become more “careless, risk-taking, and error-prone” in its hacking, leaving digital fingerprints on various operations.
He cited data obtained by cyber-security firm SecureWorks that traced 19,300 malicious links targeting around 6,730 individuals back to the GRU.
Poor tradecraft can make deniability less plausible.
A new generation?
There are also Russian hackers who try to subvert rather than support the state and may not be motivated by profit. Some have hacked into the personal records of senior officials and business figures, either to embarrass them or in a self-declared war on corruption.
Horohorin said that “some may use hacked resources for cyber-warfare, in pursuit of information, or to declare themselves or proclaim their own beliefs.”
His peers had little interest “in anything that could not be exploited for profit and stayed away from politics.” But “the younger generation became more politicized.”
Among them are groups like Humpty Dumpty, or in Russian, “Shaltai Boltai.”
The puzzling cross-currents and shifting loyalties among Russian hackers came to rare light in December when two officers of the FSB (Russian security service) were among four men arrested and accused of “treason on behalf of the United States,” according to a lawyer defending one of them.
One of them was Dmitry Dokuchaev. Three months later, the US Justice Department revealed its interest in Dokuchaev: he was indicted in connection with a massive conspiracy to hack into Yahoo’s network.
But years before he had joined the FSB, Dokuchaev had himself been a hacker. He was a contributor to Hacker magazine, in which he once wrote: “There is a way to wealth – to start your own business in the web. One-two years and maybe you will be able to save enough to buy a villa by the Mediterranean Sea.”
Beyond doubt is the Russian authorities’ embrace of hacking and disinformation as part of a broader campaign of ‘active measures’ designed to weaken and confuse adversaries. Back in 2013, Russian Defense Minister Sergei Shoigu spoke of the need for a “head hunt” for experts in coding.
Recruitment efforts at technical institutes and on social media sites followed, with slick videos inviting applications to the “Research Squadron of the Russian Federation.”
From the military’s determined recruitment of IT specialists to the patriotic fervor of hackers in their bedrooms, the age of what Shoigu likes to call ‘information warfare forces’ is here to stay.