How powerful are Russian hackers? One new law could transform global crime operations
Moscow's 'sovereign internet' effort means new rules for the bad guys too
Black Hat The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.
This is according to security house IntSights, which says that the law, set to become official in a few months, will force many hacking groups to change the way they operate both in Russia and in other countries.
The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function.
"It creates this infrastructure that kind of isolates Russia a little bit," Charity Wright, a threat intelligence analyst with IntSights, told The Register ahead of this week's Black Hat conference in Las Vegas.
"A lot of outsiders feel threatened because they feel they may not have access to the Russian internet, but really Russia's intention is to become sovereign over their own infrastructure so if there is an attack to cut them off, they can go on with business as usual."
While the Russian government is notorious for turning a blind eye to criminal hackers (and in some cases even enlisting them for official activities), the new law will still have a major impact on how cybercrime is conducted both within and outside the country.
In particular, hackers operating within Russia will have to make sure that the services they use to conduct attacks, such as VPNs, are either Russian or operate in compliance with the strict sovereign internet requirements that have lead many VPN providers to already pull out of the country.
"Although Russia is not known for cracking down on crime, this is really going to create a new culture for darkweb usage," Wright said.
"They will really have to consider the VPNs they are using and make sure they comply or stop using them."
Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat marginREAD MORE
Those sentiments were echoed by fellow IntSights security pro Andrey Yakovlev, who said that while Russia is tightening its grip on the internet and becoming more insular, it also gives its domestic hackers more motivation to launch attacks outside their borders.
"The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities," Yakovlev explained in the IntSights Dark Side of Russia report.
"But the government will still likely turn a blind eye to threat actors that target foreign entities – particularly those operating in enemy states, like the United States."
In other words, as hacking within Russia becomes more difficult and dangerous, expect to see Russian hacking groups focus even more of their attention on western countries, where the attacks will not draw a police response.
This is particularly bad news given the technological advantage many Russian hacking crews enjoy. The IntSights team noted that many of the major attacks and exploits to arise in recent months, such as the Windows RDP BlueKeep flaw, were weaponised in Russia long before hackers in other countries were able to get working attack code launched in the wild.
"The Russian underground covers virtually any known type or method of malicious activity," noted Yakovlev.
"If news outlets are talking about it, it is likely Russian cybercriminals have already had it for some time."
Combine that with the stronger motivation to hack outside of Russian borders, and it is shaping up to be a long year for foreign companies in the crosshairs of Russian hacking crews. ®