Page 60 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 60
SECTION I: EXTREMISM, RADICALIZATION AND CYBER THREATS AS AN IMPORTANT
SECURITY FACTORS FOR COUNTERING TERRORISM PROCESSES
5.3 Commensalism: GozNym
A final case of Russia allowing cybercrime to operate freely within its territory is GozNym.
The malware developed by GozNym (which itself is a Trojan hybrid spawned from Nymaim
and Gozi ISFB malware) attacked and stole around $4 million dollars (Stupp, 2019) from
more than 24 US and Canadian banks (Kessem and Keshet, 2016). This malware infected
41,000 computers and captured their login credentials to fraudulently access banking ac-
counts. GozNym was installed through a phishing campaign in which thousands of legitimate
looking emails with malicious attachments were sent to banks, and once the user clicked on
the attachment the malware was able to access the account (SentinelOne, 2019). The Russian
malware developer, Vladimir Gorin, and four other Russians charged in the case remain at
large due to Russia being unwilling to extradite them to the United States. However, authori-
ties in Georgia, Ukraine and Moldova are working with the United States to bring charges
against their nationals involved in the GozNym cybercrime group (Krebs on Security, 2019).
5.4 Failure to Comply with Negative Norms: Maza-In
What happens when a Russian cybercriminal targets financial institutions around the world,
including Russia, and when apprehended refuses to work for the Russian state? These indi-
viduals flout the negative norm propagated by the state and end up in a Russian prison. In
one case, the Russian hacker known as “Maza-In” was apprehended in March 2019 (Insights,
2019) and is serving a 5-year prison sentence for targeting Russians (Shvornev, 2019); one
assumes by his heavy sentence that he was also penalized for refusing to work for the state.
This assumption is based upon the fact that the crime he was charged with, the 273rd article
of the Criminal Code of the Russian Federation, the creation, use and distribution of computer
malware, typically carries with it a 3-year sentence (Weekly Geekly, 2019). Moreover, Rus-
sian cybercriminals are rarely charged with this crime nor given the recommended sentence
(McDougal, 2015). Maza-In, whose identity online is actively debated (Shvornev, 2019), cre-
ated the Anubis Android banking malware which targeted 188 legitimate banking and finan-
cial mobile applications (Osborne, 2019).
5.5 Commensalism as Part of the Cyber Mercenary Thesis
Maurer does an exceptional job in detailing his cyber mercenary typologies: delegation, or-
chestration, and sanctioning. However, he is missing a typology: commensalism. According to
Maurer, his work is an attempt to detail the relationships between cyberspace actors and states.
As mentioned above, he defines this relationship as “an intermediary that conducts or directly
contributes to an offensive cyber operation that is enabled knowingly, actively or passively, by
a beneficiary who gains advantage from its effect.” In laying out his typologies, he neglects to
mention one relationship: the unstated relationship between states and cybercriminals in which
the latter knows the rules of the road and does not formally interact with the state.
As detailed in the three cases above, a cybercrime is not a cybercrime in Russia if it is com-
mitted outside the Russian state against external enemies. Further enabling these Russian
cybercriminals, the Russians do not have an extradition treaty with the United States and
are less than forthcoming when approached by the FBI or the Secret Service to investigate
cybercrime. These circumstances create conditions where the Russian state does not have ties
to these cybercriminals, but rather allows them to conduct their activities untroubled by the
Russian state. That is to not to say that these groups may not one day move into a different
60
