The Legendary Russian Hackers: Myth or Reality?

A recent BBC report claims that most hackers on the FBI’s most-wanted list are Russian. Some are said to be working for the government and earning a salary, others profiting from ransomware attacks. BBC tried to figure out how to trace the untraceable Russian hackers. Meanwhile, RT Documentary discovers whether the legendary Russian hackers are a myth or reality. Tune in to the premiere of the fifth episode of I Am Hacked on Monday to learn more!

Since the 2016 US elections, Russian hackers seem to have become one of the favourite scapegoats when it comes to all kinds of unpleasant events, at least distantly related to the cybersphere

When something bad or unexpected happens, someone needs to be blamed. This simple fact is one of the key traits of human psychology.

Since the 2016 US elections, Russian hackers seem to have become one of the favourite scapegoats for all kinds of unpleasant events, at least distantly related to the cybersphere. Along with hackers from China, North Korea and Iran, they’ve become a meme or a brand that seems to have a quasi-monopoly over the cybercrime world.

“A Russian hacker is a meme that appeared not only during the elections,” says Svetlana Ostrovskaya, computer forensics coach at GROUP-IB.

“It has, in fact, been around for a very long time. About five years ago, I once corresponded with a friend from India, and when he found out that I was engaged in information security, he was like, oh, Russian hackers! And I was actually surprised because then it was the first time I ever encountered this meme.

Let’s not hide the fact that Russia has the coolest technical specialists. A lot of countries take guys from Russia who know how to programme, know how to do something. And it is, perhaps, because of the popularity of this meme, other countries are also trying to disguise themselves as Russians. If anything, then Russian hackers are to blame for everything.”

The meme about Russian hackers has been around for a very long time

There’s no point in denying the fact that Russian IT specialists are among the best in the world. But the thing is that even though the so-called Russian hackers may, in theory, be capable of genius criminal schemes, when it comes to cybercrime, it may be practically impossible to identify the perpetrator. Thus, most allegations against Russian hackers so extensively covered in mainstream media in the past years may be lacking ground: no one knows who hacks whom in cyberspace.

“In cyberspace, it is straightforward to hide behind anyone,” says Rustem Khayretdinov, Company Growth Director at BI.ZONE.

“Stuff Korean hieroglyphs into the code, and you look like a Korean. And sometimes we read those proofs that get into the network, yes, and they look very funny. What, there, the attack took place during working hours in Moscow. Well, yes, hackers - they seem to work only during working hours.”

In cyberspace, it is very easy to hide behind anyone

Other experts seem to echo Rustem’s words.

“So, you can enter anything, of course. There are no particular problems here. To fake traces of interference, there, the CIA, the NSA - they know how, they will fake anything. They take some original virus, yes, they write some Cyrillic letters into it, there, I don’t know, they put it on the build date, there, at 9 am Moscow time,” says Dmitry Artimovich, ex-hacker.

“Something like that. Let’s say that APT 128 did it (or OPT 128 is unclear), GRU - something like that. After that, they begin to develop the topic. The next virus they find there, some kind of attack, they say: ‘Yeah, according to the signs, the same group did it. And we already said there, six months ago, that it was the Russians.’ Why did you initially attribute this to the Russians? Based on the fact that someone wrote the word ‘Kremlin’ there? Well, that’s nonsense.

Their attribution, if you take the code, change it, I don’t know, by 30-40 percent, – their attribution will show that the new virus was written by the same team and, for example, their attribution will not work. There is a Mirai virus, it was advertised as such a threat, and the source code was posted online. Just hinting like that: you take it, make derivatives from there, as it were, and we will look for a threat. Well, probably the same American intelligence agencies posted it.”

The attackers sometimes, specifically try to write something in Cyrillic there to frame Russian hackers

“Attribution is generally a very difficult thing because it is really not always so easy to determine which attack which particular group committed,” says Svetlana Ostrovskaya, computer forensics coach at GROUP-IB. “Especially recently - because everyone is trying to use so-called dual-purpose tools, that is, those tools that system administrators initially use in their work. And because of this, it can be very difficult to attribute."

“Plus, the attackers sometimes specifically try to write something in Cyrillic there to frame Russian hackers. And the like. Plus, again, the political situation plays a role here. For example, we all know about the relations between the United States and Russia.”

However, the myth about the Russian hackers continues to live and prosper.

If there are no Russian hackers, Western cyber security experts will lose funding
“If there are no Russian hackers… They have a huge cybersecurity industry, which includes a bunch of antivirus companies, cybersecurity companies, departments of the CIA, there, the NSA, and so on - they will simply lose funding,” says Dmitry Artimovich, ex-hacker.

“It’s a guard. I even counted, conducted comparative studies, how much is stolen from cards in America, online, there, I don’t know, they pull it out from ATMs, it’s hundreds of times more than the so-called damage from Russian hackers, by the way. Moreover, Russian hackers - they are in Russia. They can’t come here and put everyone away. It doesn’t matter that they steal a hundred times more there. They don’t talk about it.”

Countries still cannot agree on a common approach to cybersecurity

“We ran away to the internet, we already have a wallet there, we already have our digital identity there, we already have some rudiments of social ratings there,” says Ruslan Yusufov. “But we could not solve the basic problems that arose. The crisis that can arise due to cybercrimes is comparable to the proliferation of biological weapons, nuclear weapons, and so on. Countries still cannot agree on a common approach to cybersecurity. Because there are historical, geopolitical interactions.”

Russian hackers: myth or reality?

To learn more about hackers from all over the world, tune in to the premiere of the fifth episode of I Am Hacked on Monday!

Subscribe to get stories the mainstream media ignores: Subscribe RTD's Youtube