On the day the Soviet Union fell, the whole world watched, looking to see what would rise from the ashes of the fallen empire. By 1998, Russia’s military spending hit an all time low, and it was expected that the new federation could not compare to it’s glorious military past. Yet over the next decade, Russia began to focus on a new strategy, cyberoperations. As one of the first nations to focus on cyberoperations, Russia has begun to utilize it in a diverse range of applications. The recent cyberattacks against Ukraine in 2014 and the hacking of the DNC in 2016 pay testament to the military and espionage applications that were made possible by this new program.
Russia’s cyberoperations program is unique because it receives unorthodox support from the Russian cybercrime network. This network supports the Russian government, by improving their cybersecurity capabilities and by making it harder for Russia’s adversaries to trace cyberattacks back to their source. The network is hindered by the use of cyber deterrence theory, continued partnership between government agencies and the private sector, and by the lack of trust between the Russian government and the cybercriminals who they work with. If left unopposed, Russia’s cybercrime and cyberoperations capabilities will continue to expand, threatening foreign corporations and governments alike.
The rise of cybercrime in Russia began shortly after the fall of the Soviet Union. From 1990 to 2000, the number of people employed in science and technology jobs shrunk to half its size. As highly educated Russians streaming from universities struggled to find jobs matching their skill, hacking became a more enticing profession. As the number of hackers began to grow, the structure for cybercrime changed. The environment of individual hackers transformed into a structure of large organized groups. These groups range from hierarchical ransomware networks to groups of professional hackers.
Kaspersky labs, the largest cybersecurity company in Russia estimates that currently there are about 12 major cybercrime syndicates who dominate the market in Russia. Overall, Russia currently makes up 35% of global cybercrime revenue and in 2011, was worth an estimated $2.3 billion.
While cybercrime in Russia began to grow, cyberoperations between countries became an issue. The first cases of worldwide cyberoperations between countries occurred during the mid 2000’s. Since then incidences of cyberoperations have only continued and countries across the world have shown interest in developing cyberdefense units. The Obama administration began the development of a cyberdefense program within the defense department. Russia, China, Israel and the United Kingdom also have created notable programs of their own. Cyberoperations are seen as the new model for espionage and defense throughout the world.
The Russian government has used the advances made within the Russian cybercrime network to enhance its own cyberoperations capabilities. Since the same skills needed for cybercrime and cyberoperations overlap, Russia has been suspected of using cybercrime actors, to carry out attacks. One suspected case of cybercriminals supporting the Russian government,was the cyberattack on Estonia in 2007. It is believed that Russia initiated the attack in response to a disagreement over the relocation of a soviet era grave marker. The president of Estonia, Toomas Hendrik Ilves called the attack, “a public-private partnership,” and that “It was a state actor that paid mafiosos.” A theory by cybersecurity expert Mark Galeotti illustrates what the relationship between Russia and cybercriminals may look like. “Given Russian intelligence’s evident interest in cyberoperations, the claim is that the Kremlin either controls the hackers or, more plausibly, turns a blind eye so long as they step in to help when the government calls.”
The Russian government has a record of taking advantage of criminal hacking talent. For instance the Russian General Oleg Ostapenko discussed the usage of hackers with criminal histories for military “cyber squadrons”. Other cases of using this cybercrime network include statements from hackers alleging that they were offered reduced sentences, in exchange for work for the Federal Security Service of the Russian Federation (FSB). Russia has also had a past of using malware related to cybercriminals. Interviews with former Russian hackers, include testimonies from hackers who allege that they sold malware to the FSB.
Cybercrime networks support Russia’s cyberoperations program by making it harder for its adversaries to trace the hacks back to their source. In the declassified National Intelligence Council report, the NIA confirmed that Russia had used third party agents in the hacking of the DNC. As a whole the NIA, claimed that “Russian influence campaigns are multifaceted and designed to be deniable because they use a mix of agents of influence, cutouts, front organizations, and false-flag operations.” By remaining mostly anonymous, Russia has made it much harder for adversaries to trace cyberattacks back to Russia. For instance, despite all of the evidence that US officials found linking the Russian government to the Democratic National Committee (DNC) hack, they couldn’t confirm with total confidence that Russia was behind the attack. It is the use of cybercrime networks which gives Russia this layer of plausible deniability against allegations of cyberattacks.
Despite Russia’s strengths in utilizing its cybercriminal network, the country faces a number of threats to its current cyberoperations program. Currently cyber deterrence theory is the main strategy which the United States follows to combat cyberattacks, Russian or otherwise. Cyber deterrence theory has three goals: defense, attribution, and retaliation. The first mission of defense, will impede the ability of Russian agents to break into networks. Next by attributing the attack, investigators can decide if action needs to be carried out against the Russian government or Russian cybercriminals. Finally, retaliation serves as a punishment to Russia and a disincentive against future attacks. The author of the Department of Defense Cyber Strategy, Jonathan Reiber argued, “ that the use of indictments and sanctions are a part of the United States overall cyberdeterrence strategy.”. By following cyber deterrence theory, victims of Russian attacks can administer an appropriate counterattack.
Another vulnerability in Russia’s policy is cooperation between government and the private sector. The private cybersecurity sector alone grew by 4.7% from 2014 to 2015 and is predicted to be worth $170 billion by 2020. Under the Obama administration, the United States government took many steps in creating relationships with the private sector. Mr. Reiber explained that “[The United States and the private sector] have made great progress in the building of frameworks, the laws, and the organizational structures for cooperation”. These steps will hinder cybercriminals’ ability to steal from corporations and the attempts of the Russian to attack adversary governments.
Finally, there is the issue of trusting cybercriminals to carry out hacks. Russia puts at risk state secrets every time that it directly works with cybercriminals. This is because the loyalty of cybercriminals is often time questionable. For example, ex-Russian hackers have disclosed information about the relationship between the Russian government and Russian cybercrime. By relying on third parties, Russia will be unable to maintain the level of control, that it would otherwise have on a traditional military structure.
Russia’s current relationship with cybercriminals has enabled Russia to reassert itself. Yet the kind of network Russia has developed has many limitations. This will leave Russia’s current network to be tested, as the nature of cyberoperations, and the adversaries that it will face continue to change.
Image Source: https://pixabay.com/en/moscow-the-kremlin-river-navigation-1687591/