How Hacking Became a Professional Service in Russia (The New Yorker)
The New Yorker
The outfit behind the Colonial Pipeline attack had a blog, a user-friendly interface, and a sliding fee scale for helping hackers cash in on stolen information.
By Joshua Yaffa
there is also one further, very important reason why cybercriminals may feel relatively free to operate from inside of Russia. Russias security services are tempted to see hackers who target Western corporations, governments, and individuals less as a threat than as a resource. In 2014, the F.B.I. indicted a Russian hacker named Evgeniy Bogachev on charges of allegedly stealing hundreds of millions of dollars from bank accounts across the globe; American prosecutors asked their Russian counterparts for coöperation. Rather than arrest Bogachev, however, Russian authorities used his breaches to hunt for files and e-mails on devices belonging to government employees and contractors in the United States, Georgia, and Turkey. As the Times wrote, the Russian state was, in effect, grafting an intelligence operation onto a far-reaching cybercriminal scheme, sparing themselves the hard work of hacking into the computers themselves.
In a 2012 policy paper titled Beyond Attribution, Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, proposed assessing state responsibility in hacking attacks on a continuum ranging from state-prohibited to state-integrated. It is unclear exactly where the DarkSide attack against Colonial Pipeline falls on that line, or what Biden meant when he said that Russia bears some responsibility to deal with this. So far, the publicly available evidence suggests a categorization, in Healeys taxonomy, of state-ignored, in which a national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action.
The biggest danger of the ransomware market is how well it works, at least for now. In the case of DarkSides hack of Colonial Pipeline, nearly five million dollars is at once a major payday for cybercriminals and peanuts for Colonial, compared to what it would have cost the oil company, which earns more than a billion dollars in annual revenue, to have its operations halted any further. An analysis performed by Elliptic, a cryptocurrency-security firm, found that a Bitcoin wallet opened by DarkSide had received seventeen and a half million dollars since March, including the payout from Colonial Pipeline. The hundred-million-dollar ransom is coming, unless it already has and we just dont know it, Mark Arena told me. He added that this raises a different, and more important, question: How much money do you have to take out of a national economy before ransomware becomes a national-security threat?
Joshua Yaffa is a Moscow correspondent for The New Yorker and the author of Between Two Fires: Truth, Ambition, and Compromise
More here
https://www.newyorker.com/news/news-desk/how-hacking-became-a-professional-service-in-russia