Appendix A: About Russian Cyber Crime
Russian state-sponsored offensive cyber operations are partitioned into four categories (in order of priority):
- Targeting foreign, especially western governments
- Penetrating leading foreign business corporations, especially banks
- Domestic monitoring of the elite
- Attacking political opponents both at home and abroad.
The former intelligence officer reported that the Federal Security Service (FSB) was the lead organization within the Russian state apparatus for cyber operations.
In terms of the success of Russian offensive cyber operations to date, a senior government figure reported that there had been only limited success in penetrating the ‘first tier’ foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs. To compensate for this shortfall, massive effort had been invested, with much greater success, in attacking the “secondary targets”, particularly western private banks and the governments of smaller states allied to the West. S/he mentioned Latvia in this regard. Hundreds of agents, either consciously cooperating with the FSB or whose personal and professional IT systems had been unwittingly compromised, were recruited. Many were people who had ethnic and family ties to Russia and/or had been incentivized financially to cooperate. Such people often would receive monetary inducements or contractual favours from the Russian state or its agents in return. This had created difficulties for parts of the Russian state apparatus in obliging/indulging them e.g. the Central Bank of Russia knowingly having to cover up for such agents’ money laundering operations through the Russian financial system.
In terms of the FSB’s recruitment of capable cyber operatives to carry out its, ideally deniable, offensive cyber operations, a Russian IT specialist with direct knowledge reported in June 2016 that this was often done using coercion and blackmail. In terms of ‘foreign’ agents, the FSB was approaching US citizens of Russian (Jewish) origin on business trips to Russia. In one case a US citizen of Russian ethnicity had been visiting Moscow to attract investors in his new information technology program. The FSB clearly knew this and had offered to provide seed capital to this person in return for them being able to access and modify his IP, with a view to targeting priority foreign targets by planting a Trojan virus in the software. The US visitor was told this was common practice. The FSB also had implied significant operational success as a result of installing cheap Russian IT games containing their own malware unwittingly by targets on their PCs and other platforms.
In a more advanced and successful FSB operation, an IT operator inside a leading Russian SOE, who previously had been employed on conventional (defensive) IT work there, had been under instruction for the last year to conduct an offensive cyber operation against a foreign director of the company. Although the latter was apparently an infrequent visitor to Russia, the FSB now successfully had penetrated his personal IT and through this had managed to access various important institutions in the West through the back door.
In terms of other technical IT platforms, an FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.
The senior Russian government figure cited above also reported that non-state sponsored cyber crime was becoming an increasing problem inside Russia for the government and authorities there. The Central Bank of Russia claimed that in 2015 alone there had been more than 20 attempts at serious cyber embezzlement of money from corresponding accounts held there, comprising several billions Roubles. More generally, s/he understood there were circa 15 major organised crime groups in the country involved in cyber crime, all of which continued to operate largely outside state and FSB control. These included the so-called ‘Anunak’, ‘Buktrap’ and ‘Metel’ organisations.