Russia Influences Hackers but Stops Short of Directing Them, Report Says


WASHINGTON — Moscow’s intelligence companies have affect over Russian legal ransomware teams and broad perception into their actions, but they don’t management the organizations’ targets, in line with a report launched on Thursday.

Some American officers stated there had been a lull, at the least for now, in main ransomware assaults towards high-profile American vital infrastructure that had been attributed to Russian legal teams — a pause that displays Moscow’s capacity to partially verify the legal networks working within the nation.

But a ransomware group that pale away after assaults over the summer time, REvil, seems to have returned this week to the darkish net and reactivated a portal victims use to make funds.

While assaults have fallen off, “it’s a fair bet” that the legal networks are on the lookout for indicators from the Russian authorities about how they will restart their assaults, stated Chris Inglis, the nationwide cyberdirector.

Justice Department officials have accused the Chinese government of exerting control of some of the criminal hacking gangs operating in its territory by directing them to carry out assignments. In return, China’s intelligence services give the criminal groups leeway to attack American businesses.

China’s control of its hackers is similar to the kind of tight restrictions it places on society, business and its propaganda efforts.

But the Russian government has a different approach. Moscow allows oligarchs and criminal groups to follow their own plans, so long as they do not challenge the Kremlin and are generally working toward President Vladimir V. Putin’s goals, according to American government officials.

As a result, Russian control of hackers is often looser, giving Mr. Putin and other Russian officials a degree of deniability. But the risk is that the criminal groups can go too far, provoking a strong response from the United States, American officials said. Mr. Putin’s preferred strategy is to allow hackings that cause trouble for the United States, but stop short of setting off an international crisis.

“The government guys do not instruct who to hack, but over a long period of time there is really interesting connective tissue between the government and the criminal networks,” said Christopher Ahlberg, the chief executive of Recorded Future.

Russia’s Federal Security Service, the intelligence agency known as the F.S.B., has cultivated hackers specializing in ransomware, Richard W. Downing, a deputy assistant attorney general, said at a Senate hearing in July.

“As we know, Russia has a long history of ignoring cybercrime within its borders so long as the criminals victimize non-Russians,” Mr. Downing said.

The Russian government gives the hackers a measure of protection, and in return, it occasionally taps their expertise — and a cut of the money the ransomware groups earn flows to officials, Mr. Ahlberg said.

Experts at Recorded Future and American government officials have argued that pressure the Biden administration applied on Russia to control the criminal groups that in May attacked a major American energy provider, Colonial Pipeline, and other companies has at least put Mr. Putin on the defensive.

But Mr. Ahlberg said the lure of the big returns from ransomware attacks may be too hard to ignore over the long term.

DarkSide, the Russian hacking group whose breach of Colonial Pipeline led to gasoline shortages on the East Coast, dissolved shortly afterward, under pressure from American and Russian officials. Recorded Future experts believe members of the group are becoming active again.

“Once you have made 500 million and it’s fairly easy to make it, you’re going to keep doing it,” Mr. Ahlberg said.

The report concludes that the longstanding relationship between criminal hackers and Russian intelligence services is unlikely to weaken.

“The current Russian government is not likely to crack down on cybercrime in the near future beyond taking some limited steps to appease international demands,” the report found.

Russian intelligence began recruiting skilled computer programmers beginning nearly 30 years ago. After being arrested on suspicion of hacking-related crimes, some claimed that they had been approached by people with links to intelligence services, a practice that has continued in more recent years, according to the report.

But in addition to such coercive recruitment, some hackers voluntarily seek to support Russian strategic goals.

Among the most prominent is Dmitry Dokuchaev, according to the report. He is a former major in the F.S.B., a successor to the K.G.B. and the main security and intelligence agency in Russia.

A criminal hacker specializing in stolen credit cards, he was hired by the F.S.B. by at least 2010 and worked with them through 2016, according to American law enforcement.

In 2017, American prosecutors accused Mr. Dokuchaev of directing and paying criminal hackers. He and other were accused of gaining access to some 500 million Yahoo accounts both for espionage and personal gain.

Mr. Dokuchaev came under suspicion in Moscow as well, and he was eventually arrested, accused of being a double agent of the United States. Mr. Dokuchaev was released from prison in May after serving just over four years of a six-year sentence.

With the exception of a few prosecutions of people who have targeted Russian entities, Moscow has done little to disrupt criminal hackers, the Recorded Future report argued.

“The Kremlin’s muted response to cybercriminal activities originating from within Russia has nurtured an environment where cybercriminal organizations are well-organized enterprises,” the report found.

Andrew E. Kramer contributed reporting from Moscow.



Source link Nytimes.com

Leave a Reply

Your email address will not be published. Required fields are marked *