Hackers Thrive in Putin’s Russia as U.S. Seeks New Strategy

Early in his rise to the pinnacle of Russian cybercrime, Maksim Yakubets, leader of one of the most successful hacking syndicates in the world, was asked if he was worried about being arrested. “I don’t give a shit about K and FSB,” replied Yakubets, referring to Department K, Russia’s cyberpolice, and the FSB, the main successor to the Soviet KGB, according to a transcript of a 2014 web chat obtained by Scylla Intel, a threat intelligence firm. “My neighbor is the second man in the whole FSB.”

In just the past three months, criminal hackers tied to Russia have used ransomware attacks to paralyze a key oil pipeline company and cripple one of the world’s largest meat producers. The neighborly relationships some of these hackers have with Vladimir Putin’s government make it extremely difficult for the U.S. to pursue them, an arrangement with clear appeal to the Russian president. “For Putin, it’s a proxy force,” says James Lewis, senior vice president at the Center for Strategic and International Studies in Washington. “The Kremlin has criminal ties that would just be shocking to any Western capital.”

Hackers Thrive in Putin’s Russia as U.S. Seeks New Strategy

The Russian government has denied knowing about or being involved in ransomware attacks.

President Joe Biden plans to push Putin on the issue when he meets with him on June 16, although he likely won’t be saying anything Putin hasn’t heard before. Russia’s top hackers occasionally assist intelligence agencies in spy operations in exchange for their protected status, according to national security experts and forensic evidence. The benefits of the arrangement outweigh any pressure from the U.S., according to Christopher Painter, former coordinator for cyber issues at the State Department under President Barack Obama. When it comes to hacking, Painter says, “we have not been good at shaping Russia’s behavior.”

There isn’t an obvious fix. Some advocate joining with Europe to apply more political pressure by punishing key Russian industries. Former Secretary of Defense Leon Panetta said in a June 3 interview on Bloomberg Television that Biden should set clear red lines and consequences. He didn’t articulate specific actions that should be taken but mentioned the U.S.’s ability to carry out its own offensive cyber operations.

Yakubets’s operation is a prime example of how the Russian government interacts with criminal hackers. Around the same time he was boasting about his relationship with the FSB, researchers discovered that GameOver Zeus, a type of malware he and his gang had created, had been altered to conduct espionage. It was used to target classified documents in Turkey and Georgia, according to Mark Arena, founder of Intel 471, a cybersecurity firm that tracks Russia’s hackers.

By 2018, Yakubets was in the process of obtaining an FSB license to work with Russian classified information, according to the U.S. Treasury Department, which has sanctioned him and his gang, Evil Corp. A $5 million reward by the U.S. for information leading to Yakubets’s arrest so far has had no effect.

Hackers Thrive in Putin’s Russia as U.S. Seeks New Strategy

U.S. law enforcement officials say there’ve been times when Russia cooperated in campaigns to crack down on hacking. During the Obama administration, the Russian government helped identify the leader of a group that had breached Citibank networks to loot the accounts of its customers, according to Austin Berglas, who was assistant special agent for the FBI in charge of cyber investigations in the New York field office at the time. Russian agents even agreed to set up a wiretap on the hacker, Nikolay Nasenkov, before suddenly cutting off cooperation. Nasenkov was indicted in 2013, but, as far as Berglas knows, remains at large in Russia.

The relationship went completely cold after Russian hackers interfered in the 2016 U.S. presidential election, forcing the FBI to shift gears. Agents focused more on sting operations aimed at arresting the hackers as they traveled or vacationed abroad. Russia’s foreign ministry criticized those arrests and extraditions to the U.S. as “abductions” and advised hackers to stay within the country’s borders.

In a 2017 interview with the international press following the uproar over U.S. election meddling, Putin said: “Hackers are free people like artists. If artists get up in the morning feeling good, all they do all day is paint. The same goes for hackers. They got up today and read that something is going on internationally. If they are feeling patriotic they will start contributing, as they believe, to the justified fight against those speaking ill of Russia.”

Meanwhile, top hackers such as Yakubets appear unconcerned that their criminal activities will land them in a jail cell. In 2017 he held a lavish wedding, costing more than $350,000, according to the U.K.’s National Crime Agency. His bride was the daughter of Eduard Bendersky, who owns several companies affiliated with the FSB. —With Henry Meyer and Jake Rudnitsky

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.