The Legendary Russian Hackers: Myth or Reality?
A recent BBC report claims that most hackers on the FBI’s most-wanted list are Russian. Some are said to be working for the government and earning a salary, others profiting from ransomware attacks. BBC tried to figure out how to trace the untraceable Russian hackers. Meanwhile, RT Documentary discovers whether the legendary Russian hackers are a myth or reality. Tune in to the premiere of the fifth episode of I Am Hacked on Monday to learn more!
When something bad or unexpected happens, someone needs to be blamed. This simple fact is one of the key traits of human psychology.
Since the 2016 US elections, Russian hackers seem to have become one of the favourite scapegoats for all kinds of unpleasant events, at least distantly related to the cybersphere. Along with hackers from China, North Korea and Iran, they’ve become a meme or a brand that seems to have a quasi-monopoly over the cybercrime world.
“It has, in fact, been around for a very long time. About five years ago, I once corresponded with a friend from India, and when he found out that I was engaged in information security, he was like, oh, Russian hackers! And I was actually surprised because then it was the first time I ever encountered this meme.
Let’s not hide the fact that Russia has the coolest technical specialists. A lot of countries take guys from Russia who know how to programme, know how to do something. And it is, perhaps, because of the popularity of this meme, other countries are also trying to disguise themselves as Russians. If anything, then Russian hackers are to blame for everything.”
There’s no point in denying the fact that Russian IT specialists are among the best in the world. But the thing is that even though the so-called Russian hackers may, in theory, be capable of genius criminal schemes, when it comes to cybercrime, it may be practically impossible to identify the perpetrator. Thus, most allegations against Russian hackers so extensively covered in mainstream media in the past years may be lacking ground: no one knows who hacks whom in cyberspace.
“Stuff Korean hieroglyphs into the code, and you look like a Korean. And sometimes we read those proofs that get into the network, yes, and they look very funny. What, there, the attack took place during working hours in Moscow. Well, yes, hackers - they seem to work only during working hours.”
Other experts seem to echo Rustem’s words.
“So, you can enter anything, of course. There are no particular problems here. To fake traces of interference, there, the CIA, the NSA - they know how, they will fake anything. They take some original virus, yes, they write some Cyrillic letters into it, there, I don’t know, they put it on the build date, there, at 9 am Moscow time,” says Dmitry Artimovich, ex-hacker.
“Something like that. Let’s say that APT 128 did it (or OPT 128 is unclear), GRU - something like that. After that, they begin to develop the topic. The next virus they find there, some kind of attack, they say: ‘Yeah, according to the signs, the same group did it. And we already said there, six months ago, that it was the Russians.’ Why did you initially attribute this to the Russians? Based on the fact that someone wrote the word ‘Kremlin’ there? Well, that’s nonsense.
Their attribution, if you take the code, change it, I don’t know, by 30-40 percent, – their attribution will show that the new virus was written by the same team and, for example, their attribution will not work. There is a Mirai virus, it was advertised as such a threat, and the source code was posted online. Just hinting like that: you take it, make derivatives from there, as it were, and we will look for a threat. Well, probably the same American intelligence agencies posted it.”
“Attribution is generally a very difficult thing because it is really not always so easy to determine which attack which particular group committed,” says Svetlana Ostrovskaya, computer forensics coach at GROUP-IB. “Especially recently - because everyone is trying to use so-called dual-purpose tools, that is, those tools that system administrators initially use in their work. And because of this, it can be very difficult to attribute."
However, the myth about the Russian hackers continues to live and prosper.
“It’s a guard. I even counted, conducted comparative studies, how much is stolen from cards in America, online, there, I don’t know, they pull it out from ATMs, it’s hundreds of times more than the so-called damage from Russian hackers, by the way. Moreover, Russian hackers - they are in Russia. They can’t come here and put everyone away. It doesn’t matter that they steal a hundred times more there. They don’t talk about it.”
“We ran away to the internet, we already have a wallet there, we already have our digital identity there, we already have some rudiments of social ratings there,” says Ruslan Yusufov. “But we could not solve the basic problems that arose. The crisis that can arise due to cybercrimes is comparable to the proliferation of biological weapons, nuclear weapons, and so on. Countries still cannot agree on a common approach to cybersecurity. Because there are historical, geopolitical interactions.”
To learn more about hackers from all over the world, tune in to the premiere of the fifth episode of I Am Hacked on Monday!