Stratfor untangles the web of Russia’s cyber operations

Summary: 2016 was the breakout year for cybercrime, a revolution largely ignored by journalists. Here Stratfor looks at one aspect that has gotten attention lately — hackers operating from Russia. It is a natural match – a nation with a first class educational system and high rates of poverty. The West can’t suppress Russian hackers without Russia’s help. That becomes less likely with every volley between Trump and Putin. Watch this story for further news.


“Untangling the Web of Russia’s Cyber Operations”

Stratfor, 28 April 2017.


  • If the Russian state falls into another period of crisis, the cyber operatives working for the Kremlin could turn against it, much as Moscow’s criminal contacts have in the past.
  • Still, the benefits of hiring criminal hackers to conduct cyber operations abroad will continue to outweigh the risks for the Russian government.
  • As investigators around the world keep working to dismantle Moscow’s hacking networks, digital meddling in foreign elections will remain a mainstay of Russian intelligence operations.

Russian Hackers


Russia’s interest in foreign elections didn’t end with the U.S. presidential race. Two days after the first round of the French presidential election on April 23, a cybersecurity firm based in Japan reported that Russian hackers had targeted Emmanuel Macron’s campaign in the runup to the vote. Macron, one of two candidates who advanced to the runoff slated for May 7, had accused the Kremlin of discrediting his campaign, and his staff complained of constant, sophisticated phishing attempts throughout the race. Phishing, though not the most advanced technique, has proved highly effective for conducting criminal activity and espionage; the Kremlin allegedly used the same tactic to interfere in the U.S. vote. Recent developments have shed light on the apparent ties between Russia’s state security apparatus and the world’s most sophisticated cybercriminals.

Laying Out the System.

On April 12, Russian media published a letter from Ruslan Stoyanov, a former security expert at Kaspersky Lab who is currently in prison in Russia on charges of treason. Stoyanov alleged in his letter that the Kremlin had recruited hackers to help with its various cyber campaigns in exchange for immunity from prosecution for their criminal exploits abroad. Allegations like Stoyanov’s are difficult to confirm, but the pattern of activity outlined in his letter conforms to previous suspicions over Moscow’s cyber strategy.

About a month before Stoyanov’s letter surfaced, the U.S. Department of Justice indicted four individuals for their alleged involvement in stealing credentials from 500 million Yahoo accounts. Two of the four defendants are agents with Russia’s Federal Security Services (FSB) who, according to the indictment, used their offices to protect two “hackers for hire” — Alexsey Belan and Karim Baratov. The hackers profited off the breach, incorporating it into their existing spamming campaign. Cooperating with the Kremlin, moreover, afforded the cybercriminals protection, just as Stoyanov later described; the circumstances surrounding Belan’s escape from arrest in Europe in 2013 suggest he had official help.

For the FSB, meanwhile, the intrusion offered access to information on figures of interest, including Russian journalists, government officials and high-profile businesspeople. One can imagine that this kind of intelligence collection may have also proved useful in Russia’s efforts to influence the U.S. election, although no evidence has linked the two incidents.

A Symbiotic Relationship.

Moscow’s ties to the world of cybercrime are just the latest manifestation of a well-established trend. The Russian state has been entwined in crime since long before the dawn of the internet, often in a kind of symbiosis with criminal organizations. Under Soviet rule, for example, Russian officials generally turned a blind eye to smugglers, who then sold them contraband luxury goods. The black market was the closest thing to a free market for most of the Soviet era, and it offered the Kremlin a way to relieve pressure on the Soviet people and economy.

But even after the liberal reforms of the late 1980s and the Soviet Union’s collapse in 1991, Russian capitalism struggled to break free of its corrupt roots. The early post-Soviet years were a period of plunder. Criminals took advantage of the state’s weakness to line their pockets. Then, as Russia regained its footing, the country’s gangsters and bandits began to cooperate with the government — a pattern that has played out in several countries over the years.

Many of the most successful criminals to emerge during the 1990s were themselves a part of the crumbling Soviet system. Military personnel and KGB agents stationed around the world capitalized on their access to valuable arms and intelligence to keep themselves afloat as their government imploded. Soldiers and intelligence officers made the most of their precarious position by selling off state property — including, in at least one instance, a submarine — for their own profit. Viktor Bout, a former army linguist and officer in Russia’s Military Intelligence Directorate (GRU), offers perhaps the most infamous example. Before his arrest in 2008, Bout had become one of the world’s most prolific arms dealer, alternately preying on and working with the Kremlin to suit his business.

Today, Russia is enjoying a period of strength relative to the chaos of the 1990s. If history is any guide, however, its fortunes could easily change, and with them, the criminal class’s allegiances. Stoyanov’s letter warned of the danger that the hackers currently in the Kremlin’s employ could turn against it one day.

No Risk, No Reward.

Notwithstanding the risks of hiring criminals, the ends of such an arrangement often justify the means. Relying on agents for hire to carry out certain operations may be an economic necessity for cash-strapped governments. As states vie for primacy — or at least strategic advantages — in the cyber realm, they have to compete to recruit the best people in the field. And they don’t come cheap. The U.S. Department of Homeland Security suffers from high turnover in its cybersecurity leadership roles, in part because it can’t keep up with the private sector’s salary offerings.

Peter Levashov, another Russian spammer arrested earlier this month, purportedly charged $500 dollars for every 1 million messages he sent, a rate that could have earned him up to $750,000 a day. The Russian government can never hope to match that pay. It can, however, offer other incentives to draw in experts like Levashov, including legal immunity.

Keeping cyber operatives off the books also affords governments a degree of plausible deniability. After all, listing one of the world’s most notorious spammers on its payroll would reflect poorly on Russia’s image, and on its tradecraft. Most countries with advanced intelligence capabilities maintain operatives under non-official cover. These agents don’t receive the same protections that registered foreign officials enjoy, but by the same token, they don’t attract the same scrutiny. Consequently, they have much more latitude to conduct sensitive operations. Creating and maintaining non-official cover is a daunting task, though, especially in the age of social media. An even safer bet for governments is to avoid establishing an official relationship with cyber mercenaries in the first place.

Common Practice.

Russia isn’t the only country reaping the economic and practical benefits of working with unofficial agents. China’s intelligence services routinely recruit Chinese nationals living abroad and working in strategic sectors to conduct operations on their behalf. In January 2016, for example, U.S. authorities uncovered an industrial espionage scheme in which Chinese operatives apparently tried to poach Chinese-American scientists from GlaxoSmithKline PLC to start a rival company. The intelligence officials set up their recruits with their own firm in China, and in exchange, they received exfiltrated proprietary information — all without adding anyone to their payroll.

The Kremlin has every incentive to exploit its access to some of the world’s most sophisticated hackers. And despite the damning allegations in Stoyanov’s letter, the Russian government has so far maintained its plausible deniability, offering its word against that of a man in prison for treason. Though investigators in the United States and France will keep working to dismantle Moscow’s hacker networks and arrest the architects behind them, digital interference in foreign elections will be a hallmark of Russian intelligence operations for years to come.

Untangling the Web of Russia’s Cyber Operations
is republished with permission of Stratfor.


Stratfor logo

About Stratfor

Founded in 1996, Stratfor provides strategic analysis and forecasting to individuals and organizations around the world. By placing global events in a geopolitical framework, we help customers anticipate opportunities and better understand international developments. They believe that transformative world events are not random and are, indeed, predictable. See their About Page for more information.

For More Information

If you liked this post, like us on Facebook and follow us on Twitter. See all posts about Russia, about cybercrime, and especially these…

To better understand the hidden world of hacking.

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
Available at Amazon.

See Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. From the publisher…

“Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies — and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats — it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

“Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.”

4 thoughts on “Stratfor untangles the web of Russia’s cyber operations”

  1. Dud of a Post. As in who doesn’t know the US of A is the world’s leading cyber criminal…..and we don’t even bother to hire non-State actors. LOL. And our Corps get whacked? Really?

    Stratfor? Gosh their stuff reads like a Harlequin Novel these days.
    Absolutely the only interesting tid bit was FM’s note that the Russian Educational system is top shelf and the poverty is there also. Goodness we certainly wouldn’t seriously make that claim about our Ed System now with a straight face, would we? Ask Ms. DeVos. Poverty, sure but our dropouts are in a category of crystallized IQ that leads to cyber crime….doubtful. A feature not a bug here.

    Oh well.

  2. actually, breton is quite correct. unfortunately, the “standard’ definition of “criminal” is one in which the actions of the u.s. are, by definition, never criminal. thus, u.s. hacking is protecting national security, u.s. bombing of civilians is a regrettable accident (the fog of war y’know), whistle blowers are terrorists and the torture of prisoners is the work of a few low level cowboys.. when you refer to a “non-standard” definition of criminal that automatically normalizes everything that the u.s. does all you prove is your own cultural blindness.

    1. Jay,

      This is why the Left’s political influence is at a multi-generational low. Instead of explaining something, you folks invent your own meanings for common words. This means your speech becomes gibberish.

      “unfortunately, the “standard’ definition of “criminal” is one in which the actions of the u.s. are, by definition, never criminal.”

      Yes, that’s what I mean when I said that Breton “had a non-standard definition of ‘criminal.’”

      “’When I use a word,’ Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.” “The question is,” said Alice, ‘whether you can make words mean so many different things.’ ‘The question is,’ said Humpty Dumpty, ‘which is to be master — that’s all.’”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top