In the last week, Russian hackers have become the bogeyman on American media after an enormous hack of tens of thousands of emails from the Democratic National Committee's computer systems embarrassed the party and led to the resignation of its chairwoman, Debbie Wasserman Schultz. Internet security firm CrowdStrike traced the hack to Russian sources, and while little is known about these attackers, the consensus is that they are linked to Vladimir Putin's regime.
But the hacking scene in Russia is an entanglement of spy networks, cyber-criminals and freelance black hat hackers — criminal hackers engaging in various illegal activities — peddling their skills in the barely regulated Russian cyberspace. Knowing for sure who did the DNC attack exactly is therefore a question with an answer that may not be so simple as "Russian spies."
Back in June, when Lorenzo Franceschi-Bicchierai at Motherboard spoke with the hacker Guccifer 2.0, who claimed responsibility for a previous data breach at the DNC — hackers leaked the opposition research files on Donald Trump — the mysterious attacker denied any links to Russian intelligence.
"I don't like Russians and their foreign policy. I hate being attributed to Russia," he said then, while also claiming to be a lover of Italian fashion company Gucci and a "hacker, manager, philosopher, women lover."
During their exchanges the hacker said he added Russian metadata to the dumps as his own personal watermark, and also claimed to be from Romania, but as Lorenzo proved by asking native speakers, Guccifer spoke poor Romanian. The consensus now is Guccifer 2.0 is not a single hacker, nor Romanian — but an entity within Russian intelligence networks.
Without weighing into the murky world of attributing cyber attacks, the tradecraft of Guccifer 2.0, the accused hacker, certainly points to a sophisticated operator under the direction of a nation-state. Sometimes in cyber-parlance these are called APTs or "Advanced Persistent Threats"— hackers skillful enough to breach complex systems quietly and stay inside them for a long time, something that is best done with the time and money that only a government's resources can provide. According to CrowdStrike, the same DNC attackers were observed in several other high-profile breaches, always with a Russian government twist.
Yet the Kremlin can't be openly blamed for the attack on the basis of motive and a connection to Russia inside software code. The claim by Democratic Party officials that the attack was the work of Russian intelligence in a grander scheme to destabilize the American election may have merit, but given what we know right now, it's at least premature.
But there's also a possibility the attacks didn't come directly from the state intelligence agency, the FSB, especially if you consider black-hat hackers in Russia and their shady dealings with spooks. It's very possible the DNC hack was the work of non-state hackers acting in concert with the FSB, or on their own volition entirely. According to sources in Russia who know the underground landscape of hackers in that country, the FSB keeps close tabs on hacking circles and even buys services from those groups — but maintains its distance.
The story goes that at the fall of the Soviet Union, state intelligence would often use black-hat hackers with particular skills or information, either by coercing or paying them. But as the economy and technology in Russia evolved, the FSB worked less with freelancers and more with young hackers it recruited from Russian universities, where math and engineering have long been areas of excellence.
The FSB is still known to buy so-called vulnerabilities from shadier hackers or covertly hire specific individuals and organizations for a price, those sources said. One black-hat hacker said she not only once sold a "zero day vulnerability' — unpatched bugs in code that make it easy to compromise software — to the FSB, but briefly worked for the agency and knows other individuals who still deal with it on a similar basis. Another computer specialist said an agent came to his door demanding he work for the FSB. When he rejected the offer, his website mysteriously received a flurry of online attacks.
Past evidence suggests a link between Russian intelligence agencies and known cybercriminals. Take for example Evgeniy Bogachev, a man still on the FBI's most wanted list, alleged to be in Southern Russia. Under the infamous moniker "Slavik", Bogachev developed the Gameover Zeus malware that stole millions from American banks and other financial targets around the world.
Inside some of his code, he inserted tools to gather intelligence on Turkey, Ukraine and Georgia. You have to wonder why a known thief cared about gathering geopolitically sensitive information linked to Russia's own global interests.
Part of the close relationship between hackers and Russian security services, as those sources explained it, is patriotic revenge against America. For a while there was an unspoken agreement among Russian cyber criminals: you can hack anywhere but Russia.
American targets were a top pick, especially at the end of the Cold War as the US prospered and Russia tanked. That rule still exists, but less so: Russian hackers are now known to target domestic banks as well. The extradition of Russian hackers to the US, from Russia, still remains extremely unlikely.
At the same time, high-profile, geopolitically motivated hacks out of Russia are nothing new. In December, a cyber attack on the Ukrainian power grid took out electricity for thousands of citizens — and is widely attributed to Russian hackers. Again, no smoking forensic gun showed the attacks originated from Moscow or an intelligence agency. But a member of the SBU, the Ukrainian intelligence service, who spoke in Kiev on the condition of anonymity, claimed his agency considers the attack to undoubtedly originate from Russia.
If that is the case, Moscow may have hired a private company or hacker to do the job on the Ukrainian power grid, or Putin's spy agencies may have turned to their own in-house hackers. That remains an open question. One thing is for sure: that hack, too, was an example of a coordinated, sophisticated cyber attack against a nation-state's assets.
Guccifer 2.0 has continued to claim that he's not a Russian agent on his Twitter account, while Donald Trump has gone so far as to encourage Russian hackers to find and leak Hillary Clinton's classified State Department emails.
Whoever is responsible, the DNC email heist is one of the most spectacularly effective cyber attacks in history — starting with a data breach of a major political entity in arguably the most powerful country in the world, then dumping that intelligence to set off a political maelstrom resulting in the resignation of a most senior official. It's basically a hacker mic drop.
And if the FSB really is to blame, the uncertainty surrounding the attribution of the attack may be exactly how Putin wants it.
Ben Makuch hosts Cyberwar, a new show on VICELAND. Follow him on Twitter: @BMakuch
With reporting from Lorenzo Franceschi-Bicchierai