Page 59 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 59
MARK GRZEGORZEWSKI: RUSSIAN CYBER OPERATIONS: THE RELATIONSHIP BETWEEN THE STATE AND CYBERCRIMINALS
My contention is that the Russian state does not even need to monitor all the cybercriminals
within its territory. Rather, the state has created a negative norm through acts such as the
sovereign internet law, having postings on forums not to use capabilities against the state,
and non- prosecution of cybercriminals that operate within Russia. This norm means that the
state does not need to turn a blind eye, which would indicate they are aware of the cyber-
crime. Rather, the state allows cybercrime to continue unabated outside its territory without
any government oversight, as it is relatively certain, due to the strength of the norm, that no
cybercriminal would be foolish enough to operate against the state.
In a parallel, it is similar to the panopticon, in that the state does not need to actually “man
the rotunda” since cybercriminals within Russia are certain that they are being watched at all
times. While many of their activities within Russia are most likely monitored, the state does
not have the resources to watch all criminal actions being undertaken online. For this reason
the state needed to create this powerful negative norm in order to shepherd most of the cy-
bercriminals in the same direction. That said, because of the new sovereign internet law, the
state can still check on activities if it thinks someone has strayed outside the norm; the action
reinforces the existing norm.
5.1 Commensalism: Infraud
Sergey Medvedev, a Russian national, and Svyatoslav Bondarenko, a Ukrainian national,
started “Infraud,” which is short for “In Fraud We Trust”, in 2010 (Department of Justice,
2018). One of the main precepts of Infraud was that it was “against the rules to buy or sell sto-
len access devices and other contraband belonging to victims within Russia” (O’Neill, 2018).
Using their online forum, Infraud members were able to “purchase, sell, and disseminate
stolen identities, compromised debit and credit cards, and financial and banking information”
(Radio Free Europe Radio Liberty, 2018). Infraud’s members totalled nearly 11,000 people
who “targeted more than 4.3 million credit cards, debit cards, and bank accounts around the
world” (Radio Free Europe Radio Liberty, 2018). The Infraud scheme “inflicted approximate-
ly $2.2 billion in intended losses” (Department of Justice, 2018) and “netted approximately
$530 million in illicit profits from financial institutions and individual consumers throughout
the world.” While 13 members of Infraud were arrested in a multinational takedown in coun-
tries such as Australia, France, Italy, Kosovo, Serbia, the United Kingdom and the United
States, the Russian government did not provide any support to the US Justice Department in
pursuing criminal charges against Russian citizens (Krebs on Security, 2018).
5.2 Commensalism: FIN6
In another instance of Russia taking no interest in a cybercrime operating from within its ter-
ritory, FIN6 is a group believed to be operating out of Russia (Cimpanu, 2019). The group
originally started out with simple payment card theft and has now moved on to selling ran-
somware (Fire Eye, 2016). FIN6 is believed to have collected about 20 million payment cards
worth $400 million from point of sale systems in both the United States and Europe (Osborne,
2018; Ferguson, 2019). FIN6 is also believed to have employed ransomware against Chi-
cago’s Tribune Publishing and the Norwegian firm Norsk Hydro, which cost the latter at least
$40,000 (Ferguson, 2019).
59
