October 13, 2015
US Concerned About the Kremlin’s Ties to Russian Cyber Gangs
By Cory Bennett, The Hill
The quid pro quo has been mutually beneficial.
Often times, "when someone is identified as being technically proficient in the Russian underground," a pending criminal case against them "suddenly disappears and those people are never heard from again," said Dmitri Alperovitch, co-founder security firm CrowdStrike, which monitors critical infrastructure attacksThat hacker is now working for Russian intelligence services, he argues. "We know that's going on," Alperovitch added.
Moscow is also cherry picking software tools from these cyber gangs, such as Internet hosting services and cleverly designed malware, said [FireEye cyber threat analyst Jonathan] Wrolstad.
The result is some of the most sophisticated hacking teams in the world. Of the roughly two dozen hacking teams FireEye tracks, only two are Russian. The rest are Chinese. Yet those two groups surpass all the Chinese groups in terms of talent, Wrolstad said.
These teams write the "best pieces of malware," he explained, some of which are "almost impossible for an organization to detect."
A recent FireEye report explained how one hacking group covers up and coordinates its digital assaults through a complex method involving fake Twitter accounts and encrypted data buried in seemingly innocuous photos. The tactic, researchers said, displayed an unmatched "discipline and consistency...."
"The Russians are ... more effective and more dangerous when it come to hacking," said Rep. Jim Langevin D-R.I.), who co-chairs the Congressional Cybersecurity Caucus, comparing them to Chinese hackers. "They're very good and they're quiet about it....
"What's harder to suss out is how much the Kremlin directs these outside groups, "without formally putting them on pay," Alperovitch said. "There's a very grey, fuzzy line," [Trend Micro's chief cybersecurity officer Tom] Kellermann agreed.
But according to Kellermann, the fuzzy line has grown more distinct as Russia clashes with the U.S. and international community over its actions in Ukraine and Syria. He argued that Russian cyber criminals have tightened cooperation with Moscow, fueled by patriotic fervor.
Criminal hackers "that used to hunt banks eight hours a day are now operating two hours a day turning their guns on NATO and government targets," Kellermann said. These groups, he added, are "willingly operating as cyber militias."