Nowadays, governments, private entities and hacktivists are becoming more skilled and have gained more tools to expose those behind cyberattacks. When it comes to large-scale attacks, experts often identify Russia.
Russian and foreign programmers who participate in Kremlin-organized cyberattacks can intentionally or unintentionally reveal their employers’ names and air any information publicly. They thus facilitate the attribution of cyberattacks to foreign entities and this, in turn, causes international incidents.
Although these programmers work with special services, they are not professional intelligence officers, but only hired hackers. More often, the Kremlin has simply “found” them because they had previously broken the law, giving the Kremlin leverage to coerce them to collaborate.
In 2013, Russian Deputy Minister of Defence Oleg Ostapenko stated that they were forming special units – scientific squads that could include hackers with criminal backgrounds. In the same year, cyber-criminal Oleksii Belan was arrested in Greece at the request of the United States, but he escaped extradition and fled to Russia. He was trapped there and forced to work with special services to avoid further criminal charges. At the behest of Russian intelligence and with the help of another “hacker-mercenary” from Canada, he carried out cyber attacks on Yahoo.
In some cases, by employing hackers, the Kremlin uses the motivation of patriotism (national pride) and offers the revenge on Western structures that allegedly downplay Russian values and the idea of the “russkiy mir” (“Russian world”). For patriotic or other reasons, even anti-Kremlin activists “justify Moscow”, convincing others that the Kremlin is not always responsible for the cyberattacks attributed to it.
In his speech “Behind the Digital Curtain”, held in Brussels last summer, activist Aleksandr Isavnin, with the Russian opposition public organization “Roskomsvoboda”, asserted that not all the attacks for which Russia is blamed were carried out with the Kremlin’s support, including the “NotPetya” cyberattack, which is associated with Russia by most experts. He believes that, by conducting these attacks, ordinary programmers are testing their capabilities.
To properly identify the perpetrators, one should determine the beneficiaries of cyberattacks, and whether they can be conducted under a foreign name when servers in other countries are being used specifically.
On the other hand, IT companies which accept the offer to work for the Kremlin in the cyber sphere compromise themselves, losing their reputation and profits. For instance, in 2014, the Italian company Hacking Team lost its export license because it sold hacking iPhone software to the Russian company Advanced Monitoring, which works with the Federal Security Service.
In any case, when the attacks are exposed, Moscow denies its involvement. Despite holding public hacking campaigns to employ hackers, Moscow does not recognize that they work for it, and abandons them when they get into trouble. At the same time, hackers themselves, and their families, risk financial or legal consequences and, when trapped in Russia, cannot travel to Europe for study, vacation, or work.
In May 2019, the European Union decided that these hackers would be subject to a similar sanctions regime as applied to those charged with the use of prohibited chemical weapons. The sanctions include asset freezing and entry bans.
In 2014, the first criminal case on a large-scale hacking operation sponsored by Russia was opened in the USA. Russian spies Dmytro Dokuchaiev and Igor Sushchin paid two programmers, a Canadian of Kazakh origin, Karim Baratov, and the above mentioned Latvian citizen Oleksii Belan, to crack 6,000 Yahoo accounts and get the information of another half billion users. British intelligence MI-5 played a key role in the detection of this attack. Baratov was sentenced to five years in prison, while Belan was listed as “the most wanted criminal” in the United States. Dmytro Dokuchaiev was arrested in Moscow on suspicion of sharing information with foreign intelligence.
Programmers should be aware of the fact that, even if the operations are ordered by the government, they still bear criminal responsibility. Hackers may even risk their lives. For example, in June 2019 a new form of war was launched – physical destruction in response to digital aggression. Namely, in response to a (planned) cyber-attack by Hamas activists, Israeli forces bombed a house where “cyber-operations” were taking place.
As cyberattacks are increasingly being revealed, hackers find themselves trapped between criminal charges and blackmail – and even death – while companies risk losing their reputations or licences. Cyber operations therefore expose anyone who works for the Kremlin in this sphere to harm. Further, Russia’s involvement in cyber operations itself undermines international cooperation on issues of global importance.
Marta Barandiy
Article from the 1st edition of the Brussels Ukraїna Review