US Concerns Over Kremlin Links to Cyber Gangs

Uploaded on 2015-10-21 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The relationship between Moscow and Russian cyber gangs may be tightening, spurred by international sanctions and disputes with the United States over military action in Ukraine and Syria, experts and federal lawmakers warn.

Moscow has long been known to source its technology, world-class hacking talent and even some intelligence information from local cyber crime rings, or "the Silicon Valley of Eastern Europe," said Tom Kellermann, chief cybersecurity officer at security research firm Trend Micro. In exchange, officials turn a blind eye to the rampant underground economy these cyber crime syndicates have constructed, fueled largely by mammoth data breaches at major US retailers and banks. “That symbiotic relationship has been going on for at least 10 years, if not longer,” said Jonathan Wrolstad, a cyber threat analyst with FireEye, a security firm that follows two of Russia’s more prominent intelligence hacking groups. Lawmakers tracking hacking threats agreed.

In Russia, “there are private actors, there are government actors, and there are some that have almost a contractual relationship with the government,” said Rep. Adam Schiff (D-Calif.), the top Democrat on the House Intelligence Committee. The quid pro quo has been mutually beneficial.
Often times, “when someone is identified as being technically proficient in the Russian underground,” a pending criminal case against them “suddenly disappears and those people are never heard from again,” said Dmitri Alperovitch, co-founder security firm CrowdStrike, which monitors critical infrastructure attacks. That hacker is now working for Russian intelligence services, he argues. “We know that’s going on,” Alperovitch added.

Moscow is also cherry picking software tools from these cyber gangs, such as Internet hosting services and cleverly designed malware, said Wrolstad. The result is some of the most sophisticated hacking teams in the world. Of the roughly two dozen hacking teams FireEye tracks, only two are Russian. The rest are Chinese. Yet those two groups surpass all the Chinese groups in terms of talent, Wrolstad said.
These teams write the “best pieces of malware,” he explained, some of which are “almost impossible for an organization to detect.”

A recent FireEye report explained how one hacking group covers up and coordinates its digital assaults through a complex method involving fake Twitter accounts and encrypted data buried in seemingly innocuous photos. The tactic, researchers said, displayed an unmatched “discipline and consistency."
Intelligence community briefings back up this sentiment, lawmakers told The Hill this week.
“The Russians are … more effective and more dangerous when it come to hacking,” said Rep. Jim Langevin D-R.I.), who co-chairs the Congressional Cybersecurity Caucus, comparing them to Chinese hackers. “They’re very good and they’re quiet about it.”

Russian spies even source their information from the robust underground digital market, Kellermann said.
When Eastern European cyber crime syndicates plunder sensitive data from companies, they put that information up for sale. If they crack into a device, they will sell that access. For instance, Russia-linked hackers attempted to infiltrate then-Secretary of State Hillary Clinton’s private email account in 2011. The fake email messages posed as speeding ticket notifications and asked Clinton to click on an attachment that would have given the digital intruders access to her account, a so-called “phishing” attack.

While there’s no evidence the fraudulent emails were any more than the basic spam all Americans receive, the access to Clinton’s email would have fetched considerable money on the black market had the tactic had been successful.  
What’s harder to work out is how much the Kremlin directs these outside groups, “without formally putting them on pay,” Alperovitch said.
“There’s a very grey, fuzzy line,” Kellermann agreed.
But according to Kellermann, the fuzzy line has grown more distinct as Russia clashes with the US and international community over its actions in Ukraine and Syria. He argued that Russian cyber criminals have tightened cooperation with Moscow, fueled by patriotic fervor.
Criminal hackers “that used to hunt banks eight hours a day are now operating two hours a day turning their guns on NATO and government targets,” Kellermann said.
These groups, he added, are “willingly operating as cyber militias.” Other cyber experts cautioned that they have not noticed a demonstrable change in links between the Kremlin and cyber underworld. “It’s very opaque, it’s very hard to tell,” Alperovitch said. “It’s always been pretty close.”  Wrolstad added, “In crisis situations the cyber criminals may feel pressure to help the government.”
But what the cyber community agrees on is that rising tensions between the Kremlin and the White House have coincided with a demonstrable rise in Russian cyberattacks against the US and its allies.
A slate of international sanctions slapped on the Russian economy over its military actions in Ukraine are closely linked with this increase, they concurred.
“The volume of attacks from Russia has escalated dramatically in the last year,” said Alperovitch. The hacks have peppered a variety of national security targets, including government agencies, think tanks and companies in the security community, as well as some financial and energy firms, he added.
Kellermann said he has seen cyber criminals rushing to join these efforts over the last two months, as Russia prepared to launch controversial airstrikes in civil war-torn Syria.

Russian President Vladimir Putin claims the strikes are meant to take out Islamic State in Iraq and Syria (ISIS) forces. But US officials believe Russia is simply going after the moderate rebels trying to oust Syrian President Bashar Al-Assad, who President Obama has called on to step aside.

Other cyber specialists said they hadn’t noticed a perceptible rise. “It’s kind of hard for us to distinguish, given we’re already at a high level,” said Nick Rossmann, a senior program manager of threat intelligence at FireEye.
National security-focused lawmakers agreed, telling The Hill this week they hadn’t received briefings on the matter. But the volume of cyberattacks is already so high, it could be hard to discern, they cautioned.
“It’s a constant threat so I’m not sure I would necessarily refer to it as an uptick,” said Senate Intelligence Committee Chairman Richard Burr. “But [Russia] continues to attack US systems literally daily.”
Given the strife in Syria, it would make sense for Moscow to want more intelligence on US military plans overseas, said Schiff, the California Democrat.
“It wouldn’t surprise me if there were a greater focus on Russian intelligence gathering in the United States of our intentions, our response,” Schiff said.
“They’re choosing a collision course with the United States in a number of arenas,” he added. “As they do so, I’m sure they prioritize the United States as a target of their intelligence gathering.
The Hill: http://bit.ly/1NAdTjt

 

« Robots Replace White Collar Jobs as Well
What’s The Value Of Your Data? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Onward Security

Onward Security

Onward Security provides security solutions including network & application assessment, product security testing and security consulting services.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.