How Russian Hackers Work with Russian Intelligence

This piece was originally published in The Integrity Initiative

New York criminal lawyer Arkady Bukh is known far beyond the United States. In the last decade, he has defended many Russian hackers who had been extradited to the United States. Among his clients were: Vladislav Khorokhorin, whom the US authorities called one of the most dangerous cybercriminals on the planet and who served a jail term for embezzling nine million dollars; Mikhail Rytikov and his accomplices, who stole 160 million credit and debit card numbers; and Alexander Panin, the creator of the SpyEye malware. Bukh is currently defending Evgeny Nikulin, who was detained in Prague in the autumn of 2016 and extradited to the United States in March of last year.

In my exclusive interview with him, Bukh talked about how hackers have changed over the past decade, how cybercriminals cooperate with Russian and American intelligence services and how the hacking of unsuspecting citizens is carried out.

Hacker evolution

According to Bukh, almost none of the Russian hackers can be described as romantics or high-spirited computer geniuses who hack other people’s websites for sport.

“They are primarily businessmen for whom this is a way of making money. About 10–12 years ago, banks were inexperienced in cybersecurity and became the targets of constant attacks, in which hackers stole hundreds of millions of credit card numbers. Now such hacks occur less and less often, giving way to commercial attacks. There is a growing number of cases of extortion, theft of traffic and databases, fake news releases in the commercial sphere, designed, for example, to ensure a rise in the value of shares of a company in order to then bring them down sharply. Now you can influence the fate of companies in the United States without leaving your office in Moscow — it’s enough to secure a large network of computers (a ‘botnet’) capable of sending spam with fake news”, says Arkady Bukh.

The most unexpected people are becoming hackers nowadays.

“Ten years ago, most of the hackers were educated young men from the post-Soviet space. Now, the cast of characters has changed dramatically. Not so long ago, let’s say, members of the Bloods gang came to me: they were real gangsters, one of them had a gun at the ready. They said that they are hackers. In fact, this is a clear indicator of a new trend. Gangs of drug dealers, like the Bloods, Crips and others, realized that selling drugs is dangerous because of the risk of life imprisonment or being killed in gang turf battles. It is much easier to, say, buy a batch of credit card numbers from Russian hackers on a forum and use them to buy 20,000–30,000 dollars’ worth of goods”, Bukh said.

According to Bukh, romantics and ‘Robin Hoods’ are more common among Europeans, while hackers from the post-Soviet space have no noble intentions.

“They can, for example, send a message to a hospital demanding it send 50,000 dollars in bitcoin, or they will shut off the electricity, and then two hours later, the emergency generator. They are well aware that people would die in the hospital, but this does not stop them,” says Bukh.

Hackers in the service of the FSB

Bukh said it’s not uncommon for Russian hackers to work with the FSB, but fans of exciting spy stories may be disappointed: the bulk of orders from the Russian intelligence services are purely ‘commercial’ in nature.

“The FSB simply incites hackers to act against competitors of firms that are under their protection. It works very simply. There is such a thing as ‘black forums’. They are divided into different levels, for which references from the participants are required, and for some, references and serious money. They sell viruses and botnets for attacks. Suppose a botnet of a million computers can disable the entire infrastructure of a country like the country Georgia. To do this, simply rent this botnet and organize an attack. For example, someone buys a virus, rents a botnet and, through spammers, sends these viruses from all computers on the network. The FSB operates on these forums through intermediaries, who buy the necessary viruses and rent botnets. That is why it is difficult to understand how often Russian intelligence services buy such information — they never do it themselves”, Bukh explains.

Infrastructure facilities in almost all countries are quite vulnerable, and it is not that expensive to disable them, Bukh said.

“Opening a river dam so that water floods a village downriver or disrupting the electrical grid in a city is not technically difficult. These objects have weak protection, and it can cost 2,000–3,000 dollars to organize such an attack. We are saved only by the fact that disrupting the infrastructure does not bring any material benefits. Such things may be of interest only to terrorists or experimenters, but not to professional hackers” Bukh said.

At the same time, he notes that Russian hackers are extremely reluctant to discuss specific orders from the FSB, and especially do not like to reveal whether they received orders on international matters related to intelligence or interference in elections.

“Usually, after serving their time, they are deported to Russia, so they fear punishment from the FSB. If hackers give information to the American authorities, the Americans immediately eliminate vulnerabilities, so Russian intelligence agencies know if the arrested hackers have given information to the FBI. However, people sometimes share with me information about more private orders, such as when FSB officers asked for credit card numbers and PIN codes to get cash from ATMs”, Bukh said.

Nevertheless, the lawyer admits that at least some of the information obtained by hackers, such as personal data of social network users, credit cards and other personal information, was used to interfere in the American elections, for example, to create false accounts on social networks using the real data of American citizens.

Hacker files

According to Bukh, ordinary people often become an easy target for hackers. Hackers hunt not only for credit card numbers, but also for any other information.

“I cannot comment on the involvement or non-involvement of my client, Evgeny Nikulin, in attacking the LinkedIn network, but one thing is certain: LinkedIn was really hacked, and hundreds of millions of passwords and email addresses were stolen. The same happened to Yahoo’s e-mail network and several others. That is how our elections were broken into. Then these passwords and addresses are gathered on the black forums into the so-called ‘black cloud’. This is a search engine which can be used to find information about all the hacker attacks directed against an individual’s different accounts using a name or email address. Suppose I need to access a certain congressman’s email. I order his name on the black forum, and the forum prepares a dossier for me: all his email addresses and accounts hacked during various attacks, including online stores, and passwords for these accounts. Even if this congressman now uses a different email address on another site, people very often use the same passwords as before, or passwords with minor changes. By the way, the FSB often asks its hackers to purchase a file on a specific person”, reveals Bukh.

According to Bukh, hackers cooperating with Russian intelligence do not come to the United States. They end up in America only if they are extradited from another country. The controllers of botnets, viruses and large platforms that allow them to launch powerful spam attacks usually try not to go abroad. Moreover, they often do not know who their customers are.

For America’s good

If a Russian hacker still ends up in an American prison, lawyers often offer him three options. Firstly, he can try his luck in court, which would cost hundreds of thousands of dollars and consume an enormous amount of time and effort — and the number of acquittals is usually less than one percent. The second option is a confession of guilt and remorse, which can reduce the term, say, from 50 to 15 years in prison. The third option is to create projects that benefit the federal government.

“It could be the creation of a payment system with which you can snare crooks and terrorists, or some other idea that serves the interests of American national security. Once I have the idea, I start to run around different government agencies offering them the project. This may be not only the FBI, but also other agencies, which then negotiate with the prosecutor. After the hacker starts working for the government, the appropriate agency writes him a letter of recommendation. The prosecutor communicates it to the judge, and a letter like this can help reduce the prison term by 30%-40%. I sometimes manage to achieve almost 80% reduction. People agree to these deals very often”, noted Bukh.

According to him, the FBI often cooperates with former criminals, but, unlike in Russia, does not use such cooperation for personal enrichment.

Arkady Buch has founded his own cyber security company, CyberSec, which employs his former clients — hackers and fraudsters.

“My clients often tell me that they can no longer work with yesterday’s college graduates, who have no practical experience and have never hacked anything in their lives. My clients spent thousands of hours breaking websites for years and stealing huge amounts of money. They become excellent experts in cyber security”, Bukh said.

2 thoughts on “How Russian Hackers Work with Russian Intelligence

  1. Very informative! Keep up the good work! Russian intelligence are certainly recovering from their cold war drawbacks and restoring their reputation.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.