Hunting for Russian hackers

About 8 a.m. on March 14, the police quietly went to the door of a luxury home in the Baratov Karim Ancaster, Ontario. The officers passed the garage, where stood a black Mercedes Benz and Aston Martin DBS Baratova is a clear evidence that 22-the summer young man has money. A few minutes later they arrested the native of Kazakhstan. It was somewhat crumpled by the end of the international “cyberdrama”, which involved the highest echelons of the American government, Russian spies, global cybercriminal syndicate and hundreds of millions of unsuspecting Americans.

Currently, Baratov awaiting trial in the US charged with aiding and abetting the hacking of half a billion accounts, Yahoo is the largest hacking attack in history. His accomplices became 29-summer Alexey Belan, a well known Russian hacker, who is still at large, and two officers of the Russian investigation: 33-year-old Dmitry Dokuchaev, 43-year-old Igor Suschyn. Their case is the most striking example of how the Russian government is cooperating with the criminals to achieve their goals in the international arena through operations in cyberspace, and why do governments so hard to find organizers and executors of these attacks, not to mention the fact to punish them.

According to the us law enforcement agencies, Baratov was a hired hacker. Apparently, he agreed to do the work, without really thinking about possible consequences.

“Hacker attack on Yahoo was a clear indication that the U.S. government can intervene and say: we know what you’re doing, and we can prove it, — said Milan Patel (Milan Patel), a former technical Director of FBI cyber division and now CEO of K2 Intelligence, specializing in cybersecurity. In the past, the US and Russia are constantly conducted covert operations against each other. But as for Russia, much now floats to the surface, and information about their operations in cyberspace is becoming well known.”

It was not always so. In the middle of 2000-x years the FBI tried to cooperate with their colleagues from the FSB investigations of hackers: then regular meetings were held by American and Russian agents in the hope that the two countries will be able to stop the rising wave of cybercrime. At least, so the situation saw the Americans.

“We informed them about a particular person we were looking for, and then the man mysteriously disappeared. But after a while he reappeared and we learned that he works for the Russian government, told Patel. — In fact, we helped the FSB to find talented people and recruit them, telling the agents this service of those we were looking for.”

Arrest Baratov and his associates signaled the beginning of large-scale offensive by the us authorities on the Russian cyber criminals. Experts in the field of cybersecurity and the U.S. government for many years studied the connection between the cybercriminals and the Russian government, including how malware is developed first for the criminal gangs, and then has been part sponsored by the Russian government in cyber attacks against Russia’s neighbors and as the army of bots created by hackers, at some point, started to attack Russia. Now they are obviously ready to strike. Earlier in April, Spanish authorities, acting on a U.S. request, have arrested Peter Levashov, which has long been considered one of the world’s kings of spam. Five months ago, the US said that several well-known Russian hackers were responsible for cyber attacks on the national Committee of the Democratic party, which, in their opinion, was to influence the outcome of the presidential elections in 2016. Those who follow the interactions of the world’s leading hackers, these names are familiar. But the main news was the willingness of the us authorities to publish the names of hackers and begin open persecution of Russian cyber criminals that help the government to implement its aggressive attacks in cyberspace.

Last month, three Russian hackers told BuzzFeed News that around how far we can go arrest and how long the U.S. government would pursue the hackers who got up the panic. Officials of the American security services, told BuzzFeed News that hackers have good reasons for fear.

“As for Russia, we have already reached the boiling point. Russians are the main rivals the US when it comes to cyber espionage and cyber attacks, said Patel. But Russia is playing by different rules — or no rules”.

If you ask Americans to describe a typical Russian hacker who commits attacks on the United States, most likely they will describe some ruffled Russian teenager sitting in a poorly lit basement, or angular military in space resembling a warehouse, where hundreds of military, clicking on the keys in an attempt to weaken the United States. But the truth is that the Russian cyber operations is much more complicated and confusing these two scenarios: the Russian government operates through a network of hackers, which it has within the military and intelligence, as well as through a cyber criminal networks and hackers-for-hire, which it can, if necessary, to recruit.

“This is a multi-level and very flexible system. That is why it is so difficult to trace and unravel, said one FBI agent who works in kiberprestupniki this Agency and who asked to keep his name secret. For example, Russian intelligence decides that it is necessary to hack eBay, to find information about a particular person. They can do this through their own teams of hackers, or to find a hacker who has already hacked into they need a computer and force it to provide them access or they can pay someone who has already hacked into eBay to do it again.”

According to this agent, such flexibility seriously complicates the work of the FBI and other agencies that try to track what systems are breaking and why.

“They will use any means to penetrate a system and they don’t see boundaries between criminals who hack systems for a living, and those who hacks into the system on behalf of the government, he said. — They can hack into eBay to steal credit card numbers or to conduct covert cyber operations against, say, members of Congress. They can do both. Therefore, it is difficult to determine when hacking threatens national security, and when — no.”

Hacker attack on Yahoo, which was stolen the data of 500 million people, is a reflection of the complex relationship between hackers and their victims. The Yahoo accounts were hacked in 2014, but the company only found out about it in September 2016. A few months later, Yahoo announced that it had discovered traces of an earlier attack, which occurred in 2013, which killed 500 million people. These two attacks cost the company about $ 350 million, because many users left the platform because of security reasons. According to experts in the field of cybersecurity, this is a powerful blow to Yahoo.

The Yahoo representative did not respond to a request to give an interview to BuzzFeed News. In his public statement issued shortly after the indictment, the leadership of Yahoo, said: “This prosecution clearly shows that the attack on Yahoo was commissioned by the government. We are very grateful to the FBI for investigating these crimes, and the Ministry of justice that it is filing charges against those responsible for them”.

Within a few weeks experts on cyber security involved in the investigation believed that they were dealing with a case of corporate espionage. However, as the dimensions of the attacks, experts began to fear that some enemy of the United States collects a huge database about all the US citizens, which includes personal information and email accounts that can be hacked for information. In the indictments, the charges in March against Baratov, belana and officers of the FSB, said that this group of hackers broke into Yahoo first and foremost for the sake of these representatives of the political and financial spheres. Hundreds of millions of compromised accounts of people who were also victims of those attacks is just collateral damage.

“The people who hacked into Yahoo, are the criminals. They could send out a call and to sell the entire database to those who offer more, said the above mentioned FBI agent. — We were lucky that they did not.

About these four hackers know enough to draw a picture about how they met and conducted the attack. Some time ago, according to Russian newspaper RBC in hacker circles Dokuchaev was known as Forb, and he openly offered his services, but he later began to work for the government. The FSB Dokuchaev met by Sudonym, and together they went to Belan, a native of Latvia, whom the FBI had sought since 2012.

“That’s how it goes: they catch one hacker, then make him set traps for his friends” — said one Russian hacker, who agreed to give an interview to BuzzFeed News on condition of anonymity. This hacker, who was recently released from prison and immediately after his release, he left Russia, said that to force hackers to work for Russian intelligence, they are also under strong pressure. “They put pressure on you. This is not a polite suggestion. They can knock on your door or squeal on the head. And if they can’t threaten you, they threaten your family.”

It is unclear how these people got in touch with Mr Baratov, who immigrated to Canada together with his family from Kazakhstan in 2007. According to investigators, Baratov was a hired hacker. In his post on Facebook, published on 14 July 2016, Baratov wrote that the first time he found out how lucrative it can be hacking, when he was expelled from school for comic threats to kill his former friend. Since he no longer had to go to school, Baratov has devoted all his time working on online projects and “managed to move your business to the next level.” In this post, where he posted photos of BMW, Audi, and Lamborghini, said he was able to make three or even four times more than usual.

As soon as this group of hackers managed to access Yahoo, they broke into the account of the Minister of economic development of the country next door to Russia, the journalist conducting the investigation to the Russian newspaper “Kommersant”, and CEO of a private investment company, as described in the case materials. FBI experts think that the addition of hacking systems of the political class, which insisted that the FSB, Belan also used the database Yahoo to earn through theft of credit card numbers and different schemes targeting the users of Yahoo. In November 2014, he has made such changes in the database Yahoo that any person interested in methods of treatment of erectile dysfunction, were redirected to his own online pharmacy, with the result that he received a Commission.

“If you look at this case, you will see that it contains an element of threat to national security and the criminal element. This case cannot be clearly assigned to any one category,” said the FBI agent.

According to Patel, the FBI often difficult to separate the cases of hacker attacks that are criminal in nature, politically motivated attacks or attacks in some way associated with the Russian government. “The government is trying to establish possible links between the investigations of attacks related to national security, and attacks that are criminal in nature, because now the two worlds are linked,” he said, adding that the departments are trying to combine their efforts and share confidential information where possible.

It is unclear who within the FSB were responsible for the work of this group of hackers and if they did not get orders from any other government Agency. In December 2016 Dokuchaev was arrested in Russia and charged with treason. His arrest, apparently, was part of the kind of purges in the ranks of the Russian army, and experts on cyber security, although about this now little known.

Andrei Soldatov, a Russian journalist working on an investigative journalist, and author of the book “the Red network”, devoted to the Kremlin’s actions in cyberspace, said that while the tactics of the Russian government to attract third-party groups to perform his job helps him to distance himself (and deny it), she is also making the Kremlin vulnerable to hackers who can rebel.

“Hackers do not belong to the category of people easy to control — said the soldier. — Sometimes they can break the orders.”

To the question about why they decided to become hackers, many Russian hackers are responsible, the answer to this question is the same as to answer the question of what came first, the chicken or the egg.

“I hacked because I wanted to be online, and I went online because I was hacked,” said one Russian hacker, who considers himself a veteran in his field, because he participated in schemes, hacking credit cards in the 1990-ies. He agreed to give an interview to BuzzFeed News on condition of anonymity because he feared for his safety and that of his family. “In the 1990-ies the Internet could afford only the rich and the hackers.”

The Internet came to Russia after the collapse of the Soviet Union. Destroyed the economy and political uncertainty meant that only the elect could afford access to the Internet, where for a few hours you can spend a few hundred dollars. This Russian hacker said he and his friends cranked the first scheme with the credit cards to pay for Internet, which they then used in order to learn more about the thriving world of online crime.

“Hacking case we were babies. No one knew that was possible, he said. — But when in Russia came the Internet, with it came the hackers.”
The police first ignored cybercriminals, and over time formed an unwritten rule: if hackers don’t mess with people and institutions inside Russia, the government will not pursue them.

By the beginning of 2000-x years the drops that leaked through various online schemes, has turned into a torrent. Patel, who helped the FBI investigate cybercrime at the time, said that Russian criminal groups have an interest in this new source of income.

“Traditional organized crime in Russia has moved to cyberspace, when he realized the profit potential. When they settled there, the whole structure has changed, ‘ said Patel. — As soon as the case involved organized crime, there was a certain structure, which allowed the government gradually introduced to it and start using it to their advantage”.

USA still continued to work with Russia when the Kremlin initiated what many now call the first attack by a state against another sovereign state. With the help of the army of bots created by Russian cybercriminal network, Russian hackers conducted a massive network attack on the Internet resources of Estonia.

“A network attack on Estonia in 2007 was the result of a public-private partnership, — said the former President of Estonia Toomas Hendrik Ilves (Toomas Hendrik Ilves). — The Russian government has conspired with the already existing cybercrime network to achieve your goal. The Russian government paid for this service as it pays for everything else.”

Ruslan Stoyanov, former head of the Department of investigation of cybercrime in “Kaspersky Lab”, recently said that the Russian government systematically recruit hackers from the criminal underground, offering them immunity in exchange for their services. His letter was published on the website of the independent TV channel “Rain”. Stoyanov wrote this letter while in prison, where he was sent in December on charges of treason. He was arrested within the same cleaning that Dokuchaev.

“The deal the government gets access to technology and information “cyberware” in exchange for permission to steal with impunity abroad,” wrote Stoyanov. According to him, he was sent to jail because he threatened the business interests of high-ranking representatives of the Russian army and intelligence, which earned the cybercriminals.

According to the hackers, the Kremlin is not the only government that tries to recruit them to perform various tasks. 27-year-old citizen of Ukraine Mikhail rytikov, is now being sought by U.S. authorities who accuse him of services of a certain cybercriminal group that stole 160 million credit card numbers. Rytikov, who is now in Ukraine, told BuzzFeed News that it wants to indict the agents of the American government that they put pressure on him, trying to get it to work for the government in exchange for immunity. Other hackers, were arrested in the United States, tell very similar stories about the FBI that offered them freedom in exchange for the aid agencies of the United States.

“Russia is not the only one who does it, — said Arkady Bukh, a new York lawyer who defended many Russian hackers. — But Russia has managed to benefit more and this system.”

Arkady Bukh for about 10 years protects hackers, mostly from Russia and Eastern Europe in American vessels. But last year something changed.

“I have become much more likely to contact hackers with the question of what punishment they could face, before committing the crime. They increasingly want to know from the beginning about the possible consequences, said Buch, who spends a lot of time on Russian forums, providing hackers legal advice. — They want to know how far they can go. Where the line that cannot be crossed”.

A Russian hacker, who agreed to speak with BuzzFeed News by a messenger, being one of the countries of South-East Asia in the “long term leave”, said that Russian hackers are now experiencing the tipping point is with regard to their relations with the US and their future role in the cybercriminal world.

“Until now, everything quietly engaged in this business. It was easy money, and if you were, you could live very well,” said the hacker.

But, he said, that could all change if the pressure from the United States will not weaken. As soon as the hacker starts to look like only the US or the EU to charge him, he was forced to seek safe haven in Russia, where authorities have become much tougher to force hackers to carry out their orders.

“Those who are hiding in Russia from US authorities — as they will be able to live quietly in Russia? They’re trapped. It’s not the best life,” he said.

However, all these driven into a trap the hackers are part of that industry, which annually brings hundreds of millions of dollars. According to experts in the field of cyber security, Russia is one of the leaders in the field of malware. Ransomware installed on your device and hold it hostage until its owner pays the ransom, mostly developed in Russia. According to estimates, “Kaspersky Lab”, about 75% of these programs were developed in Russia. No one knows exactly how much money it brings in, but according to experts, part of the money is spent on the development of more dangerous, complex, and lucrative schemes.

Most people are not immune from becoming victims of such schemes.

“The more computers they hacked, the wider access will have the Russian government when he’ll need it,’ said the hacker. Hackers increasingly are forced to break all new and new computers.”