G enau Russian hackers need on average 18 minutes and 49 seconds to take control in a network. According to security firm CrowdStrike, which last year conducted more than 30.000 successful digital break-ins studied, Russians are the fastest hackers in the world. The competition from countries like North Korea, China or Saudi Arabia is at least two hours slower.
That’s why Russia’s hackers, acting on behalf of the state, are feared more than any other group by governments and private companies worldwide. Americans accuse them of election manipulation, in Ukraine they are said to have paralyzed power grids of entire regions after months of preparatory work.
The scene that is shaking the world today began with pubescent boys, writes Daniel Turowski in his book "Der Einbruch". A brief history of the Russian "hackers". For this, the Russian investigative journalist, who works for the Latvia-based Russian exile medium "Medusa", interviewed dozens of experts and insiders.
Hacker attacks on Germany
He recounts almost innocuous beginnings. In the early 1990s, personal computers appeared in the former Soviet Union, at universities, companies and computer clubs. In Moscow and big cities like St. Petersburg, a generation of computer geeks grew up, who were mainly interested in experimenting.
The Russian state, overburdened with the hard transformation period, was not interested in computers or their security at that time. The Internet, which is just becoming established in Russia and which the Kremlin now uses as a weapon, was largely left to its own devices by Russian state power. Practically no one used legal software; illegal copies, especially of Western software, were part of everyday life.
The future master hackers obtained them via slow modem lines from abroad, in order to resell them as burnt copies. Others hacked into e-mail accounts or stole access data for ICQ, a kind of WhatsApp of the era, in order to annoy unpopular classmates or fellow students with it. Or even to hold digital ransom, much like encryption Trojans like "WannaCry" did two and a half decades later.
Americans relieved of millions of dollars
"For us, there were simply no limits," Turowski quotes one of the actors from the 1990s. "We were allowed to do anything we wanted, that’s why the Americans and the Europeans envied us."
But the time of experiments was soon over. Back in the late 90s, hackers from Russia and other post-Soviet countries discovered a new, unimaginably lucrative source of income: credit card fraud. They found their victims mainly between New York and San Francisco. This was no accident.
For one thing, credit cards were a rarity in Russia at the time. After the ruble crash of 1998, their own countrymen preferred to hoard their money under the mattress, preferably in dollars, anyway. For another, there were not enough jobs for computer experts, and the job market for IT specialists was still small.
So in Russian forums like "Carderplanet" in the early 2000s, there was a brisk trade in Americans’ credit card data and tools to get them. Hackers like Roman Seleznev, now 35, from Vladivostok, relieved U.S. citizens of tens of millions of dollars.
Seleznew illegally penetrated payment processing systems to obtain the customer data of almost 4000 American companies – preferably small family businesses, because they hardly invest in computer security.
Seleznew used the stolen money to buy two houses in Bali, sports cars and luxury trips. Russian security agencies have not bothered him and many others for years.
Because he adhered to the unofficial motto of Russian hackers, as Turowski writes in his book, "Don’t work in .ru", i.e. not in the Russian Internet segment. In the end, Seleznew was arrested in the Maldives in 2014 and extradited to the U.S., where he is serving a 27-year sentence, calling himself a "political prisoner".
Thrust by the Chechen war
But how did hackers in search of big money get into political hacking on behalf of the state? There is no clear separation of eras in the Russian hacking community. Already in the 90s there are said to have been the first attacks for the Kremlin or at least in the state interest.
Moscow provided a boost 20 years ago with its second Chechen war. After bombings of residential buildings, which Moscow blamed on Chechen terrorists, the Kremlin ordered the Russian army to invade the republic.
That’s when many hackers discovered their patriotic feelings. Computer science students from Tomsk in Siberia, for example, attacked news sites of Chechen separatists living in exile. The "Siberian Net Brigade" blatantly called on other hackers to attack the separatists’ online infrastructure "for a peaceful and safe world".
Investigators shut down world’s second-largest darknet trading platform
Investigators in Germany have crippled the world’s second-largest trading platform on the so-called darknet. Three suspected operators of "Wall Street Market" were arrested.
Source: WORLD/Perdita Heise
It started with "defacing", replacing the content of a web page with your own sayings, and continued in the early 2000s with so-called DDoS attacks. In the process, requests are sent simultaneously from thousands of computers to a single Internet address, which collapses under the load and is then unavailable for hours or even days at a time. The patriotic hackers were not prosecuted by the state.
Later came attacks on Russian opposition figures, whose blogs and email accounts were hacked, also without legal consequences. There were attacks on Estonian authorities and later on Georgian government agencies during the short Russian-Georgian war of 2008.
The latter already bore clear traits of state coordination. Since the early 2000s at the latest, the Russian Ministry of Defense, foreign intelligence and the FSB domestic intelligence service have been interested in the hacker scene.
The Russian military has long had special units recruiting graduates of technical courses, and secret military research institutes have also expanded Russian offensive potential.
Cybersecurity in European elections
Thus, behind the attack on the Democratic National Committee during the 2016 election campaign, in which thousands of emails between Hillary Clinton and the head of her campaign team were stolen and given to Wikileaks, officers of the military intelligence agency GRU are said to be involved.
Still, insiders interviewed by Turowski say the state is especially happy to resort to free-lance hackers. Even President Vladimir Putin once said, when asked about Russian interference in the U.S. election campaign, that hackers were "free people, artists" who just wanted to support their country.
But this does not happen quite voluntarily, as Turowski’s sources show. In some cases, hackers who have committed crimes in Russia are forced to cooperate under threat of prosecution.
This is implicitly expected of others – like Alexander Wjarja from St. Petersburg, who specialized in defending against DDoS attacks at a large IT security company. Turowski describes how an obscure man from the environment of the state arms holding Rostec wanted to recruit the expert for DDoS attacks. But Wjarja fled to neighboring Finland and was granted political asylum there. Probably will not remain Russia’s last cyber fugitive.