How Russia and others use cybercriminals as proxies

US adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity. One such cybercriminal was involved in the 2016 US election interference.

Employees watch electronic boards monitoring possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul.

Yun Dong-jin/Yonhap/AP

June 28, 2017

It had taken American prosecutors a long time to hand down the indictment, but finally they had their man. In 2013, authorities had tracked down Alexsey Belan, a notorious Russia-linked cyber criminal, and were getting ready to extradite him to the United States.

But Mr. Belan, a Latvian-born hacker wanted by the FBI for launching assaults on US networks using thousands of hacked computers, slipped from the clutches of European law-enforcement agents.

According to the US government, Russian intelligence officials had brought Belan into a new scheme: hacking a National Security Agency tool that allowed agents to scour millions of personal Yahoo email accounts. The Justice Department believes the FSB, Russia’s top domestic spy agency, coaxed Belan into stealing information from 500 million accounts.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

US officials’ struggle to catch Belan illustrates a larger challenge as authoritarian countries integrate cyber tools into their military arsenals. To beef up their hacking capabilities, Russia, China, and other digital adversaries are offering cyber criminals a bargain: Use your talents for spy agencies, in exchange for legal immunity.

“You have to appreciate that [Russians] always use proxies to do their dirty work,” says Tom Kellermann, chief executive officer at Strategic Cyber Ventures in Washington. “The US hunts their hackers and they go behind bars; in Russia, [it’s] well known who they are, and they’re called upon to act. They’re considered untouchable as long as they pay homage to the state.”

More formidable adversaries

American network defenders have gotten used to dealing with more sophisticated hackers over the years. But as such hackers team up with nation states and intelligence agencies that have deeper pockets than even the best-resourced cybercriminal gangs, that poses a much greater challenge for US law-enforcement officials.

“We were kind of used to thinking that there were different levels of adversaries,” says Israel Barak, chief information security officer at Cybereason, a Boston-based cybersecurity company that tracks international cybercriminals. “The proliferation and funding of nation states changes that equation.”

According to a Cybereason report earlier this year, Russia and China – seeking an advantage in the cybersecurity industry – outsource large hacking endeavors to groups and companies that are sometimes interconnected with cybercrime.

Why Florida and almost half of US states are enshrining a right to hunt and fish

Not only does using freelancers and private companies allow US adversaries to quickly build up their hacking capabilities, but the difficulty of pinning down the perpetrators of cyberattacks also makes it easier for Moscow and Beijing to avoid accountability. 

“Because the connection is so tricky [to prove], it gives the state the option to deny all activity.” says Andrei Soldatov, a Russian intelligence journalist for Agentura.Ru.

For example, in 2014 Chinese national Su Bin was arrested for participating in a cyberespionage ring to hack into US defense contractors Lockheed and Boeing and steal fighter-jet plans. Even after it was revealed in 2016 that his co-conspirators were Chinese military officers, Beijing denied any involvement in the operation. A California court sentenced him to four years in prison.

Russia’s ramped-up capabilities, thanks to its cooperation with cybercriminals, has frustrated American officials, who are pushing to bolster US digital capabilities after Moscow allegedly directed a campaign of hacks, leaks, and fake news aimed at derailing Hillary Clinton’s candidacy last November.

Joint Chiefs of Staff Chairman Gen. Joseph Dunford said at a June 13 congressional hearing that 70 percent of the Defense Department’s 133 cyber-mission teams were ready for battle, but the US still faces a major hurdle when facing off with authoritarian adversaries around the world: the law. There isn’t an equivalent in Russia and China to the Computer Fraud and Abuse Act, a US law that often lands American hackers behind bars for digital trespassing.

“You don’t have any problems with democracy or accountability,” says Mr. Soldatov, the Russian journalist.

Spreading faster

But using freelance hackers – beyond the grasp of the laws of nation states and potentially immune to domestic prosecutors – could have serious implications when it comes to the spread of international cybercrime. Cybercriminals are not only forgiven past offenses, but also are allowed to continue their illicit activities – perhaps in part because that makes them more valuable assets to the nations who hire them.

Take Evgeniy Mikhailovich Bogachev, a 33-year-old hacker who resides in the Russian resort town of Anapa on the Black Sea coast, who has managed to become one of the world’s most prolific digital scofflaws under the nose of Russian authorities.

In 2009, Mr. Bogachev pioneered “Zeus” a form of malicious software that targeted banks and drained the accounts of unsuspecting victims. Using that same malware, Bogachev also created one of the largest botnets in 2011, known as GameoverZeus. At its peak, it took over as many as 1 million computers around the world – 25 percent of those machines located in the US – and caused $100 million in losses, according to the FBI.

Russian officials may have used Bogachev’s extensive network to gain visibility into sensitive US networks, experts say. US law-enforcement officials, in tandem with authorities from 10 other countries, were eventually able to take down the botnet, and charged Bogachev with computer hacking, bank fraud, wire fraud, and money laundering. Bogachev also was included on the list of individuals sanctioned for alleged Russian digital interference in the 2016 US presidential election.

“They were utilizing some of the most capable cybercriminals in the world as cyber militia members,” says Mr. Kellermann. “They were allowed to operate with impunity as long as they didn’t touch anything Russian, and shared with [Russia’s main foreign intelligence agency]. They were called upon to be patriotic after Crimea, and if they weren’t, they would be targeted.”