Inside Cybersecurity

May 19, 2024

Daily News
Black Hat News

New report describes acute threat from criminal cyber actors in Russia

By Charlie Mitchell / August 9, 2019

LAS VEGAS. A new report by cyber firm IntSights on the dark web in Russia describes an advanced criminal hacking community in Russia and the Commonwealth of Independent States that operates with impunity -- as long as it's attacking abroad and steering clear of Russian government and industry targets.

“The first rule of Russian dark web communities is to never target victims in CIS countries, especially Russia,” according to “The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime,” released Thursday at the Black Hat USA 2019 conference here.

The report examines Russia's new internet security law as well as the cyber warfare activities of its military and intelligence services.

“This [2019] law allows the Russian government to secure the world wide web within its borders, disconnecting from global internet infrastructure and facilitating mass surveillance and domestic internet control. The Russian Sovereign Internet Law is similar in nature to the Chinese Great Firewall, which similarly uses government authority to control its cyber space. The official Russia position is that the law is designed to protect its network from foreign intervention that might intend to disconnect Russia from the world wide web,” the report says.

“Hackers that engage in malicious activity in post-Soviet countries are arrested on a regular basis,” the report says. “The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities, but the government will still likely turn a blind eye to threat actors that target foreign entities -- particularly those operating in enemy states, like the United States."

IntSights’ Ariel Ainhoren in an interview here said hackers are increasingly vulnerable to discovery and arrest under the new law -- and thus likely more motivated to provide services aligned with the Russian government’s interests, such as attacks on Western targets.

Retired Adm. David Simpson, the former cybersecurity chief at the Federal Communications Commission, in an interview last fall said the Trump administration “has not called [the Russian government] to task for continued support and safe-harbor provided to cybercriminals, who know that as long as they don’t undermine Russia’s goals, they’ll continue to be given wide latitude to hone their skills in western economies and governments.”

Simpson told Inside Cybersecurity, “It is encouraging that there have been a few public attributions and indictments, but these are not enough to counter the continued malicious role Russia plays in the digital ecosystem."

According to the IntSights report, “The cybercriminal community in Russia is both vast and incredibly advanced. Russian hackers have developed cutting edge malware and have been the first to discover new vulnerabilities since the community’s development in the early 2000s.”

“The Dark Side of Asia: An Inside Look into Asia’s Growing Underground World” was released by IntSights at Black Hat USA 2018. That report found cut-rate prices for powerful cyber attack tools, hacktivist sites with stolen bounty such as FBI and DHS personnel files and Chinese sites offering a full gamut of illicit services and products. -- Charlie Mitchell (