Giving the Kremlin a Cybergift

Photo: A poster showing six wanted Russian military intelligence officers is displayed as U.S. Attorney for the Western District of Pennsylvania Scott Brady, accompanied by Assistant Attorney General for the National Security Division John Demers, speaks at a news conference at the Department of Justice, in Washington, U.S., October 19, 2020. Credit: Andrew Harnik/Pool via REUTERS
Photo: A poster showing six wanted Russian military intelligence officers is displayed as U.S. Attorney for the Western District of Pennsylvania Scott Brady, accompanied by Assistant Attorney General for the National Security Division John Demers, speaks at a news conference at the Department of Justice, in Washington, U.S., October 19, 2020. Credit: Andrew Harnik/Pool via REUTERS

Hopes of a real breakthrough are a dangerous illusion and the US should stop sharing intelligence with its hackers.

The new buzzword in cyber circles in Moscow and Washington is cooperation.  Unfortunately, this detente represents an American gift to Russia and its dangerous hackers.

The Russians reported first about the talks with the Americans. The administration then acknowledged “slow progress in some parts of the security agenda” following the June meeting in Geneva between Presidents Joseph Biden and Vladimir Putin.

Some concrete results are visible.

First, there is cooperation in the United Nations: the two countries have submitted a joint cybersecurity initiative to the UN General Assembly. This initiative is essentially Russian and counts as a Russian success. Russia can discard the label of an international cyberbully, replacing it with US acceptance as a respectable partner in developing international cyber rules.

In return, the US claims that Russia agreed to squash a Chinese initiative to create a separate UN data security group. The Russians are not giving up much. It’s been long known that the Kremlin didn’t want the Chinese to get a data security group.

Second, Washington has recognized the Russian National Coordination Center on Computer Incidents as an official contact point to share sensitive intelligence on Russian hackers. The Russian cyber center was created in July 2018, not by the government or Russian law enforcement, but by the director of the FSB secret service. Given the long and well-documented history of cooperation between the FSB and Russian hackers, it came as no surprise that for two years nobody in the West trusted the new FSB entity. This past spring, Russia’s Foreign Ministry reprimanded Germany for failing to recognize the FSB center.

And finally, Washington not only approved of the FSB’s center as a contact point, but the US has begun sharing some intelligence on Russian hackers, according to the New York Times. The goal is to test whether the Russians are ready to act against the hackers. The most interesting part in this approach of “testing the Russians” appears to be a desire of the American administration to ignore all evidence that might undermine the idea of cooperation.

There is plenty of evidence:

In May, Dmitry Dokuchaev, an FSB officer once known by the hacker alias Forb, was released from Russian prison. Dokuchaev was the only confirmed connection between criminal hackers and the FSB who was engaged in offensive operations against the United States.

Back in 2014, Dokuchaev targeted Yahoo, according to the FBI.  When the FSB wanted to prevent leaks about Russia’s interference in the 2016 US election, they launched a counterintelligence operation and arrested Dokuchaev and three others.  The FSB also moved against an FSB officer named Mikhailov,   who was in contact with US law enforcement, and against Ruslan Stoyanov of  Kaspersky Lab, one of the only two private Russian companies that conducted investigations into criminal hackers. All four were accused of sharing secrets with the Americans, but only Dokuchaev, the real hacker, was released in May.

In September, the FSB arrested Ilya Sachkov, CEO and founder of Group-IB, the second Russian private company that investigated criminal hacker activities. He was thrown into the FSB prison Lefortovo and has been kept incommunicado ever since, officially accused of the same crime – sharing secret information. With Kaspersky Lab and Group-IB taken out of the picture (nobody in those companies will now talk to the Westerners), the Americans lost the only option to verify an FSB crackdown on hackers.

If this did not make it clear that Russia was not serious about reigning in hackers, the latest arrest should be definite proof. On November 2, the Russian police detained a Belarussian hacker Sergey Pavlovich in Saint-Petersburg. The US wanted Pavlovich for hacking credit card numbers. He was detained, only to be released.

The police explained that no extradition treaty exists between the US and Russia – a clear signal to Washington that the Americans cannot expect Russian hackers to be sent to the US for trial. The best option for the Americans is a trial in Russia, which is tricky, as Dokuchaev’s release demonstrates.

The US and Europe may be talking about cooperation on cybercrime. But hopes of a real breakthrough are a dangerous illusion and the US should stop sharing intelligence with its hackers.

Andrei Soldatov is a nonresident senior fellow with the Center for European Policy Analysis. Andrei is a Russian investigative journalist, co-founder, and editor of Agentura.ru, a watchdog of the Russian secret services’ activities.  He has been covering security services and terrorism issues since 1999. 

 


Photo: A poster showing six wanted Russian military intelligence officers is displayed as U.S. Attorney for the Western District of Pennsylvania Scott Brady, accompanied by Assistant Attorney General for the National Security Division John Demers, speaks at a news conference at the Department of Justice, in Washington, U.S., October 19, 2020. Credit: Andrew Harnik/Pool via REUTERS

November 8, 2021