Connect with us

Hi, what are you looking for?



Russian Outsourcing Provides Plausible Deniability for State-Sponsored Hacking

Last week, Russian president Vladimir Putin apparently conceded that patriotic Russian hackers may have been involved in the DNC hacks last year. “If they are patriotically minded, they start making their contributions – which are right, from their point of view – to the fight against those who say bad things about Russia.”

Last week, Russian president Vladimir Putin apparently conceded that patriotic Russian hackers may have been involved in the DNC hacks last year. “If they are patriotically minded, they start making their contributions – which are right, from their point of view – to the fight against those who say bad things about Russia.”

Putin served in the KGB, Russia’s primary security agency, for 16 years, leaving with the rank of Lieutenant Colonel in 1991. He understands international intelligence and espionage. When he suggested the DNC hacks could have been done by patriotic Russian hackers, it was almost a taunt: I know the truth; you know the truth; but you cannot prove anything.

The reality is that all nations have their own ‘patriotic hackers’. The US has The Jester (@th3j35t3r), who describes himself as a ‘hacktivist for good’. In 2012, he DDoS’d John Young’s Cryptocomb, calling it a ‘treasonous site’. While the site was down, it responded with the message, “Cryptocomb will be back after the state sponsored attack ends.”

Russian Hacking

This is the dilemma caused by ‘patriotic hackers’. Was Jester sponsored by the US government? Almost certainly not. Is he tolerated by the US government? Almost certainly yes. At what point, if ever, does tolerance become sponsorship? It is this imponderable that Russia uses with great efficacy.

Yesterday, threat detection firm Cybereason posted the latest of its analyses on nation-state hackers — this one on Russia. Putin’s comments are mainstream to the Russian methodology for state hacking: plausible deniability by outsourcing state activities to private hacking groups.

While outsourcing hacking now seems to be common practice for many nations, Cybereason suggests that Russia has been doing it longer, and does it better. “The maturity of the Russian approach allows for considerable advances in oversight for these types of operations in addition to more creative uses of the outsourced labor,” writes the Cybereason Intelligence Group.

This, suggests Cybereason, has been happening for more than a decade; or at least since the Russian Federal Security Service (FSB, formerly the KGB) used its “long standing ties to Russian national criminal and hacktivist communities… with the large scale DDoSing of Estonia.”

Advertisement. Scroll to continue reading.

The effect of this formal/informal relationship between the state and cybercriminals has developed a sophisticated and semi-protected criminal industry. Provided that the hackers do not break the rules, they will be tolerated: patriotic hacking is tolerated and even guided while internal cybercriminal activity is not. This is tantamount to Russian hackers being able to hack the Five Eyes nations and Europe with a degree of impunity provided they do not embarrass the state.

It also means that outsourced Russian hackers are able to mix business and personal profit. In March 2017, the US DoJ believed it had sufficient evidence to charge both the FSB handlers and the outsourced criminals Alexsey Belan and Karim Baratov over the Yahoo hacks. But, writes Cybereason, “Belan was using his official task, gain access to Yahoo accounts for FSB intelligence and counterintelligence purposes, and using it to turn a profit by manipulating search algorithms to drive web traffic and credit card skimming.”

Russia, it continues, “has the most technically advanced and bold cybercriminal community in the world and are more than capable of causing significant damage with whomever they attack from countries to corporations.”

But it is not all plain sailing. Not all the private actors reside in Russia. As they become increasingly emboldened and sophisticated, and can now use crypto currencies to hide their tracks, the FSB’s ability to coerce them diminishes. Nationalism and patriotism may not sufficiently temper profit in the future — or, as Cybereason puts it, ’emboldened actors will occasionally bite the hand that feeds them.’

“Russia’s model,” concludes Cybereason, “while effective in the short run has the significant potential to be a revisiting of the proxy groups used by both the Soviet Union and the United States during the Cold War. Short term goals may be accomplished, but the long-term ramifications are harder to predict and often end up outweighing the short-term gains. Given the global strike capability that hackers in cyber space have, it is far more likely that this proxy war will have a far more reaching and international impact than the last round.”

Meanwhile, this ‘proxy’ cyberwarfare provides all nations with plausible deniability. Attribution in cyberspace is almost impossible. Only the intelligence agencies with physical assets and the ability to directly eavesdrop on suspects will know the truth — and they can never publicly declare those assets for fear of losing them. Putin plays this plausible deniability card with aplomb.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.


Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...