The Russian ICC (XIV): The intelligence ecosystem. Cybercrime

The relations of the Kremlin (by extension, of its intelligence services) with “classic” organized crime, with Russian mafias, is a fact more or less proven. Without going any further, in documents leaked by WikiLeaks the Spanish prosecutor Jose Grinda directly links the Russian mafia with the intelligence services of the country.

But beyond these leaks of WikiLeaks and their degree of reliability, in public reports – in this case, of the very prosecutor – this relationship has been officially and openly revealed [1], saying, verbatim: “[…]part of the FSB, which has implemented an organized crime regime in certain spheres of Russian power through the increased control of organized crime, a thesis that was already supported by the late Litvinenko“. In other words, Alexander Litvinenko’s theses are assumed that Russian services completely control the country’s mafia groups, gaining a mutual benefit from this relationship.

Let us remember that Litvinenko, a former agent of the KGB and the FSB, was murdered with Polonio 210 after his harsh criticism of the FSB and its activities outside of any legislation, a murder by which the UK attempted to extradite former FSO officer Andrey Lugovoy, who happens to enjoy immunity in Russia for being a member of the Duma. Of the history of Litvinenko, and of his special collaboration with the Spanish Justice and services, you can obtain an excellent vision in [2].

It is to be expected that the relations of the Russian services with organized crime, of which we already gave traces of its origin in the post of this series on the ecosystem of intelligence, extend into the field of technology, to what we call cybercrime – or organized cybercrime; always in a hypothetical way, of course … In fact, it is officially the opposite: the FSB, within its police powers has mandated activities against cybercrime, according to some analysts even replacing with its 16th Directorate, which we have already spoken about in previous posts, to the famous Directorate K of the Russian Ministry of the Interior ([6]), which officially investigates cybercrime and illegal technology-related activities in Russia. Let us also remember that this FSB Directorate has CNA capabilities, which may be activated against cybercriminals whenever it is interesting for Mother Russia … in any case, at least on paper, the two Directorates of both agencies complement each other perfectly in their activities against technological delinquency ([3]).

It is a fact that the Russian government, through both the FSB and the Directorate K of its Ministry of the Interior, has taken steps to combat criminal activity on the Internet, although it is also true that such efforts have focused more on combating such activities when they have impacted against Russian interests that, when originating in Russia, have impacted against foreign interests.

As an example, in [10] we analyze some of the press releases published in 2016 by the FSB in this sense: in total, three notes to report:

  • The arrest of an organized Russian group that had stolen several million euros from Russian banks (June).
  • The discovery of a harmful code (unspecified source) that had compromised different governmental, military, research … Russian organizations (July).
  • The warning to the Russian government and citizenship regarding massive cyberattacks against their infrastructures from foreign services, an attack that ultimately did not occur or was completely mitigated by Russian capabilities (December).

As we see, the main actions were aimed at protecting Russia and its interests (obviously, by the way) rather than collaborating with third parties to mitigate problems originating in Russia, but also – without an official press release – it is public knowledge that in November of last year the FSB detained the group behind the bank malware Dyre, of Russian origin but with victims from almost all over the world … except from Russia.

The last of the most notorious activities of the Service during the past year, also without an associated press release, was the arrest of Sergey Mikhaylov and Ruslan Stoyanov in December, both related in one way or another, past or present, with government units specialized in the fight against cybercrime, although such detention does not seem to be related to such a struggle: the official accusation speaks, quite simply, of “betrayal”, which can be interpreted in many ways (it even points to its collaboration with the CIA or FBI), not all positive in order to demonstrate the interest of the Russian authorities to combat crime in the RuNET.

Historically, Russia has been the cradle of very high technical capabilities, capabilities that can be used for good or for bad. We spoke in an earlier post of the establishment of relations of Russian services with their ecosystem of intelligence and the situation lived at the end of last century. Extrapolating this situation to the cyber sphere, it is easy to understand how Russian technical skills can be easily oriented towards non-legal businesses, to what we call cybercrime: from spam or phishing to child pornography, through falsification and sale of official documents. A general review of Russian cybercrime may be reflected in [11].

And as for the relationship between intelligence and organized crime in this cyber domain, at the end of the last century, in the Moonlight Maze operation, there was talk of possible relations between the FSB and cybercriminals to cover certain activities in which services should not be involved directly.

If we want to talk about Russian cybercrime, it is obligatory to refer to the RBN (Russian Business Network), perfectly analyzed in [4], perhaps the most complete study on it, where the RBN is defined as “a complete infrastructure for the provision of harmful services, further indicating that “there is not a single legitimate client in the RBN”; no comment. In short, a provider of solutions for crime, adjusted to the needs of its customers … and disappeared (or not) in November 2007. Chapter 8 of [3] summarizes the curious story of this “disappearance”, in the opinion of many a simple restructuring of the RBN to make their activities less visible. Some of the main operators of the RBN have had close relations with the Russian services: it is public knowledge that at least one of them, Alexandr Boykov, was Lieutenant Colonel of the service ([5]).

In addition, some analysts defend the symbiotic relationship between RBN, patriotic hackers and the Russian government or services ([8], [9], works already referenced in previous posts in this series). This relationship is based on the permissiveness of the former in relation to criminal activities provided they are executed outside of Russia in exchange for the support of the latter when a situation requires: Georgia, Estonia … In other words: we will let you work but do not bother our compatriots; and if we need you, you have to lend us a hand. Remember: nobody says no to the FSB. In fact, some analysts defend the hypothesis that the FSB can commute prison sentences in exchange for active collaboration; honestly speaking, it offers those imputed for cybercrime freedom in exchange for “special” jobs (although it is also true that this has been popularly said of many other services).

The last example that has come to light and reveals the close relationship – potential, potential… – between cybercrime and Russian intelligence is perhaps the Yahoo hacking in 2014, which according to the US Department of Justice is attributed to the Direct collaboration of the FSB with individual actors associated with cybercrime (DoJ press release, [7], published in March 2017). It was an official accusation of relations between Russian services and organized crime groups, coming from nothing more and nothing less than the US government (with two alleged FSB agents cited with photo, first and last names, Dmitry Aleksandrovich Dokuchaev and Igor Anatolyevich Sushchin, among the most wanted in the cyber field by the FBI), and as always with the corresponding official denial of the Russian government.

The FBI also accuses Evgeniy Bogachev, the most wanted cyber-criminal and for whom offers a reward of three million dollars, not only for activities associated with economic crime (he is the creator of Gameover Zeus and Cryptolocker), but also for the possible interference – operated by the FSB – in the US electoral process. Another proof of this potential relationship? Negative information provided by the US government? Who knows … In short, we sense, although we cannot be sure, that there is a direct relationship between cybercrime and intelligence services in Russia, as there seems to be a relationship between these services and classic organized crime. Possibly yes, or possibly not, as almost always in this war…

[1] José Grinda González. Regulación nacional e internacional del crimen organizado. Experiencia de la Fiscalía Anticorrupción. Fiscalía General del Estado. España. Septiembre, 2015.
[2] Cruz Morcillo, Pablo Muñoz. Palabra de Vor. Espasa, 2010.
[3] Jeffrey Carr. Inside Cyber Warfare: Mapping the Cyber Underworld. O’Reilly, 2011.
[4] David Bizeul. Russian Business Network Study. November, 2007.
[5] Casimir C. Carey III. NATO’s Options for Defensive Cyber Against Non-State Actors. United States Army War College. April, 2013.
[6] Timothy Thomas. Russia’s Information Warfare Strategy: Can the Nation Cope in Future Conflicts?. The Journal of Slavic Military Studies. Volume 27, Issue 1. 2014.
[7] US DoJ. U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts. March, 2017.
[8] Viktor Nagy. The geostrategic struggle in cyberspace between the United States, China, and Russia. AARMS. Vol. 11, No. 1 (2012) 13–26.
[9] Jeffrey Carr. Project Grey Goose Phase II Report: The evolving state of cyber warfare. Greylogic, 2009.
[10] Filip Kovacevic. Security Threats to Russia: The Analysis of the 2016 FSB Press Releases (Part 3 – Hacking & Other Challenges). Enero, 2017.
[11] Brian Krebbs. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. Sourcebooks, 2014.

See also in: