Headlines exploded last week after US authorities published a report examining Russia’s alleged attempt to undermine last year’s US Presidential elections. While the report’s value in terms of “exposing” Russian hacking is debatable (there was very little information that had not previously been reported in publications such as this report on The Dukes), the list of Russian individuals facing sanctions over their involvement in cyber attacks against the US highlighted the possibility that Russia might be employing “cyber privateers” to conduct cyber attacks on their behalf.
— Artturi Lehtiö (@lehtior2) December 29, 2016
For those of you who don’t know, Evgeniy Mikhailovich Bogachev is the man behind the infamous GameOver Zeus botnet. GameOver Zeus was a massive criminal enterprise that was taken down in a joint effort in 2014. Bogachev, however, remains at large, with the FBI offering up to 3 million dollars for information leading to his capture.
The inclusion of a career cyber criminal on a list of sanctions created as a response to Russia’s cyber espionage activities highlights the role of private hackers working on behalf of Russian intelligence services (RIS).
“It’s possible that Bogachev, at some point, became involved in state-sponsored hacking as a sort of cyber privateer,” says F-Secure Security Advisor Sean Sullivan. “Using private contractors is pretty common when it comes to cyber attacks, and Bogachev’s capabilities as a career cyber criminal certainly make him an attractive recruit to anyone in need of black hat hacking services. RIS can easily benefit from what he does, as long as he doesn’t target anyone working with Russia.”
Privateer was a term coined in the 17th century to describe privately owned ships that were armed and conducted military operations on behalf of a country’s official navy. They weren’t paid directly by that nation, but they were allowed to benefit from their service by robbing or capturing their targets. Back then, robbing ships was considered piracy. But privateers got away with it because they were doing it on behalf of their government.
The term privateer fell out of fashion when the age of sail ended. But it’s a concept that seems to fit nicely with Russia’s hybrid warfare doctrine. It allows them to plausibly deny their official involvement if they can attribute hacking to online criminals, even while benefiting from what the criminals actually do.
And there is precedent for Russia employing cyber criminals to bolster their offensive cyber capabilities.
A recent article in The New York Times tells the story of several hackers that Russian authorities have attempted to recruit, including one who claimed he was offered a position with the government as an alternative to serving a prison sentence.
So recruiting someone like Bogachev would be consistent with previous accounts from hackers approached to work on behalf of the Russian government. Not only that, but the fact that he’s seen as a hero in Russia makes it plausible that they would try to benefit from his profile, or at least turn a blind eye and protect him from prosecution.
“Bogachev wouldn’t need a lot of ‘handling’ from the state – he can create his own initiatives that simply reinforce espionage conducted by other state-sponsored groups like The Dukes and other APTs,” adds Sullivan. “Co-opting known criminals and disguising what they do as hacktivism creates confusion that can undermine evidence of state involvement. And these disinformation strategies are integral to not just Russia’s cyber espionage activity, but their entire approach to geopolitics over the last few years.”
[ Image by Mobilus In Mobili | Flickr ]