Almost all nations engage in some type of cyber espionage, but Russia stands apart in outsourcing the work to criminal hackers from its thriving cyber underground, say U.S. security experts.
While this has long been known in in intelligence circles, the charges against Russian intelligence officers in the Yahoo hacking case bring it out into the open.
“The Russians are pretty much No. 1 in terms of using criminal organizations as partners,” Michael Chertoff, former U.S. Secretary of Homeland Security, told USA TODAY in a phone interview.
The charges against the four Russians in the massive hack attack against Yahoo represent the first official U.S. government recognition of what Chertoff describes as “the unholy alliance between criminal hackers operating in Russia and the Russian intelligence services.”
On Wednesday, the Justice Department charged two hackers and two Russian agents with stealing information from about 500 million Yahoo accounts, using the information to get access to accounts at Google and other webmail providers.
The DOJ alleged that the two Russian intelligence agents paid hackers to break into Yahoo's systems to collect intelligence from account users and pad their pockets.
One of the agents, Dmitry Dokuchaev with Russia's Federal Security Service, spent considerable time on Russian criminal underground sites using an alias. One of the hackers has been indicted twice before in the U.S. and is listed as one of the FBI’s most-wanted cyber criminals for three year
The indictments lay out in stark relief the Russian system of offering protection from prosecution for criminals who work for the government on the side, say experts.
“Having criminals as cutouts has allowed the authorities to obfuscate their role in carrying out these kinds of cyber attacks,” said Chertoff, who is now executive chairman of The Chertoff Group, which advises companies on security and risk management.
Outsourcing hacking only makes sense in Russia because it’s where the nation’s cyber talent is, said Vitali Kremez, research director at Flashpoint, a cyber intelligence company.
Russia’s technical universities are among the world’s best and the country each year produces a bumper crop of highly-skilled graduates. But it lacks a robust tech industry, so many end up working in the criminal underground.
“There’s no Silicon Valley in Russia, it’s not able to provide good conditions for them to thrive,” said Kremez. By working in the underground they’re able to lead lavish lifestyles, enjoying travel, beautiful cars and an income that the army or intelligence services could never provide.
What was remarkable to Kremez is the extent to which the hackers and the agents interacted.
“They’re all in the same underground ecosystem, they all lived there,” Kremez said.
In fact, “he was actually funding one of the more meaty Russian underground forums, which was called Verified. He was very active, he didn’t look like an agent, he looked like a cybercriminal,” Kremez said
The hacking of the 500 million Yahoo accounts was in many ways a by-product of the information on specific individuals the Russian government was looking for.
Out of those millions of accounts, agents would search for links to specific people they were interested in, then use those credentials to delve deeper. The more information hackers have about an individual and their various online accounts, the easier it is to craft phishing emails that are likely to lure them into clicking on dangerous links or otherwise compromise their systems.
In exchange, the criminals get to use the data for their own purposes, so both sides benefited.
“This was the treasure trove both for intelligence and for criminal actors,” said Chertoff.
The case is a wake-up call for companies that might have been under the false impression that state-sponsored hacking was aimed only at other governments.
Customer information is in many ways now simply plunder, much as in ancient times soldiers were rewarded with whatever loot they could find after they'd won a battle.
“In this case, after collecting the data on their political targets, which includes employees of commercial entities in transportation and financial services, the hackers were given free rein with the spoils — the data from 500 million Yahoo users,” said Tim Matthews, vice president of marketing for the computer security company Imperva.
The charges could change that calculation on the part of the hackers, and the intelligence services.
“This marks a line in the sand, with the U.S. government saying ‘We are going to find out who you are and we are going to out you,’” said Robert Cattanach, a partner with law firm Dorsey & Whitney.
“Previously they’ve had very poor success in holding people accountable. If they put some teeth into these indictments by actually getting people, there will be some disincentives where there’s been none so far.”