PUTIN’S CYBERWAR technically proficient in the Russian underground,” a criminal case is brought against them and then they suddenly disappear “and those people are never heard from again”. Alperovitch adds that the hacker in question is then working for the Russian security services.47 Such a strategy – of offering a hacker convicted of cybercrimes the opportunity to work for the FSB instead of receiving a prison sentence – is not new. Oleg Gordievsky, the KGB colonel who defected 48 to MI6 in 1985, described this as early as 1998. It is unclear, however, precisely how much direction cybercriminals are given by the Kremlin. As with its more conventional warfare, Russia has intentionally blurred the dividing line between state and non-state, war and peace. Hackers are often suspected of having close ties to the Kremlin and acting with its approval, but the exact nature of the link remains murky. Nevertheless, it is possible to identify links. Beyond the digital signatures they create, the language in which they write, and the times of day when they are active, a key indicator of hackers’ allegiances are the individuals or entities they target. Take APT28, for example. The language much of the code the group write in is Russian, and it is written at times of the day that correspond to business hours in the UTC + 4 time zone, which includes Moscow and St. Petersburg. According to FireEye, the US cyber security firm that has tracked the group over a number of years: many of APT28’s targets align generally with interests that are typical of any government. However, three themes in APT28’s targeting clearly reflects areas of specific interest to an Eastern European government, most likely the Russian government. These include the Caucasus (especially the Georgian government), Eastern European governments and 49 militaries, and specific security organizations. Or consider “The Dukes”. The group, says F-Secure Labs, has engaged in “biannual large-scale spear-phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations”, and it notes that “the targets and timing of these campaigns appear to align with the known foreign and security policy interests of the Russian 50 Federation at those times”. Cyberwarfare is one of a number of areas in which the Kremlin demonstrates behaviour that is more common among criminal syndicates than permanent members of the United Nations Security Council. The distinction between honest government and criminal graft, however, may be an unhelpful one. Jose Grinda, a Spanish prosecutor, spent more than a decade investigating the spread of Russian organised crime during the Putin era and came to the conclusion, published in 47 Bennett, C., ‘Kremlin’s ties to Russian cyber gangs sow US concerns’, The Hill, 11 October 2015, available at: http://thehill.com/policy/cybersecurity/256573-kremlins-ties-russian-cyber-gangs-sow-us-concerns, last visited: 6 May 2016. 48 Flook, K. ‘Russia and the Cyber Threat’, Critical Threats, 13 May 2009, available at: http://www.criticalthreats.org/russia/russia-and-cyber-threat, last visited: 11 May 2016. 49 ‘APT28: A Window Into Russia’s Cyber Espionage Operations?’, FireEye, 5 February 2010, available at: https://www2.fireeye.com/rs/fireye/images/rpt- apt28.pdf, last visited: 6 May 2016, p. 6 50 Ibid., p. 3. 11

Kremlin's ties to Russian cyber gangs sow US concerns

Russia and the Cyber Threat | Critical Threats