Page 57 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 57
MARK GRZEGORZEWSKI: RUSSIAN CYBER OPERATIONS: THE RELATIONSHIP BETWEEN THE STATE AND CYBERCRIMINALS
because it knows the criminals’ self-interested actions are helping the state. Therefore, in this
relationship, the Russian cybercriminal is acting within the scope set out by the Russian state.
This is a scope more clearly articulated by Russian sovereign internet law, since it essentially
means the state can choose to know about a cybercriminal action, should it want to. Put an-
other way, it is a perfect case of plausible deniability.
In what follows, I first detail three updated cases that align with Maurer’s thesis. I then pro-
vide three additional cases where the state did not overlap with the cyber criminals’ actions
but did nothing while they committed cybercrimes within Russia’s borders against external
targets. I conclude with a negative case study where the Russian cybercriminal did not abide
by the negative norms set out by the state, and suffered the consequences. I place the latter
cases, excluding the negative case study, under the typology of commensalism, since there is
an implicit understanding between the Russian state and the cybercriminal, thereby making
them a cyber mercenary by any other name.
4.1 Delegation: Evil Corp
In a case of life imitating art, there is now a Russian cybercriminal group named after the
fictional antagonist from the TV show “Mr Robot.” The FBI accused Evil Corp founder
Maksim Yakubets of working both to enrich himself and to steal documents for the Russian
government. Yakubets is believed to have worked for the FSB since at least 2017, to acquire
confidential documents and conduct cyber-enabled operations in the service of the state (Al
Jazeera, 2019). In addition, Yakubets father-in-law is a former officer within the FSB, while
his wife sits on a charitable foundation that supports FSB veterans (Dobrynin and Krutov,
2019). The US Treasury Department also accused Yakubets of recruiting cybercriminals to
work for the Russian state. When Yakubets was not working for the state, he used his cyber
network to steal more than $100 million from companies across the world, but not in Russia.
Despite the $5 million reward for the capture of Yakubets, the FBI notes that it is doubtful that
he will ever see the inside of a US courtroom, due to the reluctance of the Russians to extradite
him, or any other cybercriminal (Al Jazeera, 2019).
This dual-hatted sanctioning relationship is common in Russia cybercrime. The state has
many individuals on their payroll who also serve as criminal entrepreneurs. Since Yakubets
never criminally acted within Russia, he is not a threat to the state. Thus, he is not a criminal in
Russia’s eyes and will not be extradited to the US. Moreover, it is likely that Yakubets will be
able to use his connections within the FSB to further his criminal activities, and all the while
the FSB rides his coattails as he enters restricted cyberspace networks.
4.2 Orchestration: Carderplanet
Roman Seleznev, also known by his hacker name “Track2”, is the son of Valery Seleznev, a
member of the Russia Duma who holds the equivalent rank of minority whip (Wilber, 2014).
Along with Roman Vega, Seleznev established “CarderPlanet”, which sold illegal goods on-
line, including stolen credit cards, as well as hacking tools and expertise (Glenny, 2012).
CarderPlanet operated between 2009-2011 and cost Western financial institutions over $1.2
million. Vega also established the “Boa Factory” which served as a clearing house for various
goods which were acquired through cyber theft, including stolen credit cards and passports
(Alperovitch, 2009).
57
