Page 56 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 56
SECTION I: EXTREMISM, RADICALIZATION AND CYBER THREATS AS AN IMPORTANT
SECURITY FACTORS FOR COUNTERING TERRORISM PROCESSES
the state. However, if the act is only incidentally or peripherally associated with the state,
the aggrieved party cannot prove guilt by the state (McDougal, 2015). That is to say, Rus-
sian cybercriminals know that any cybercrime committed against an external target will not
be punished, but that an act targeted within Russia will bring down the wrath of the state.
Through this practice, the Russian state has defined the cyberspace “rules of the road” within
the country.
In terms of cybercrime it is not an international problem, it is a Russian problem. Russia looks
the other way while cybercriminals financially weaken its external enemies. This employment
of Russian cybercriminals is a low-cost alternative to employing state-grown cyber capabili-
ties (Insights, 2019). Moreover, by employing cyber criminals, the state retains an aura of
plausible deniability (Greenberg, 2019). The Russian state can claim it has no idea that Rus-
sian cyber criminals were attacking a target, since they are not nominally connected to the
state but are rather merely non-state criminal actors.
While there are some cases in which the state and criminals do work hand-in-hand to ac-
complish an objective, there are many more where the state has no direct interaction with the
cybercriminal but instead allows them to continue to function. In some cases where Russian
criminals have acted within Russian territory against Russian state interests, these individuals
have found themselves jailed, or newly employed by the state to carry out cyber operations
(Plesser, 2014; Galeotti, 2017). In fact, there appears to be an negative norm between Russian
cybercriminals and the Russian state: (1) do not touch anything in Russia; (2) share anything
that you find of interest with the state; and (3) participate whenever Russia needs you for
patriotic activities (McDougal, 2015). This norm between the state and the cybercriminal
enterprise deflects the latter’s operations outside the state without ever formally encountering
the Russian state. Furthermore, as long as Russians engaging online do not cross the state, the
state allows these sites to remain open and to perpetuate cybercrime (Insights, 2019). Further
implicating the Russian state, some of the sites that sell malicious cyber capabilities have a
disclaimer that the tool should not target the Russian state (TrendMicro, 2018).
4 A Different Type of Symbiosis: Commensalism
My contention with Maurer is not over type, but of degree, when analyzing the relationship
between the Russian state and Russian cyber criminals. As I will argue, the current relation-
ship is not of mutual benefit, but is rather a commensalistic relationship, meaning that one
side, the Russian state, gains greatly from the relationship, while the other side, the Russian
cybercriminal, is not harmed. Accordingly, my aim is to add to the analysis on the relationship
between the Russian state and Russia cyber criminals.
As such, I argue that there is a fourth typology to Maurer’s thesis, which I label commensal-
ism. In this relationship, the Russian state may not actually be formally directing the Russian
cybercriminal to act, yet the cybercriminal is still implicitly advancing the state’s goals. This
relationship is a type of symbiotic relationship, and means that one side benefits while the
other is not affected. In this case, the commensalistic relationship allows the Russian state to
use cybercriminals to drain the resources of other international actors, while no harm comes
to the cybercriminals themselves. It is an unequal relationship, where the Russian state simply
tolerates the cybercriminals and allows them to use their cyberspace infrastructure cost-free,
56
