Hacktivists and cybercriminal syndicates have been a central feature of all offensive cyber operations worldwide. Cyber hacking groups, also known as advanced persistent threat (APT) groups, have been an integral part of nations’ cyberwarfare toolkits for more than two decades, particularly in Russia.
Why? Because of the anonymity they provide and the speed, they can be mobilized efficiently. In the case of Russia, although there are several groups whose activities closely align with Kremlin and Russian military objectives, proving the direct links to the Russian government is often difficult, and the Russian government can easily deny that it sponsors any hacker groups.
In this regard, Russia is not alone. China, Iran, North Korea, and other U.S. cyber adversaries are known to have outsourced cyber operations to non-state actors. Russia’s success in this area distinguishes it from its other adversaries. Why? Russia has benefited from its ability to tap into a large, highly-skilled, but underemployed technical expert community.
Hackers from Russia and other East European countries are widely regarded as the best globally, to the point where other countries occasionally hire them to conduct cyberattacks on their behalf. Russian hackers, for example, were suspected of being behind the Sony Pictures hack in North Korea. Corruption is rampant, and the rule of law is weak, creating opportunities for collaboration with the cyber underworld. As a result of the arbitrary enforcement of laws, cyber syndicates thrive. Syndicates are often tolerated because they provide state services and income to government cronies, such as the now infamous Russian Business Network (RBN).
Cyberattacks by hacktivists
Hackers are utilized for spear phishing, malware, DDoS attacks, telephone denial of service (TDoS) attacks, and other cyber disruption and espionage forms to conduct a steady drumbeat of cyberattacks targeting government, military, and telecommunications, and private-sector information technology infrastructure. They can use advanced malware to map and open backdoors and vulnerabilities into other government systems. These attacks are used to interrupt communications, obtain and leak government documents and plans, and deface or takedown public/private websites and computer systems. These nuisance cyberattacks often coincide with key events of the conflict.
The services provided by these Hacktivists and cybercriminal syndicates include:
- DDoS (distributed denial of service) attack planning
- Antivirus detection testing
- Malware “packaging” (changing malicious software with the help of special software (packers) so that it is not detected by antivirus software)
- Exploit packs for rent
- Dedicated servers for rent
- VPN (i.e., providing anonymous access to web resources, protection of the data exchange)
- Providing abuse-resistant hosting for rent (hosting that does not respond to complaints about malicious content and, therefore, does not disable the server)
- Validation of stolen credit card data and evaluation of stolen credit card data
- Renting out botnets
Why hacktivists in cyberwarfare?
The reasons why countries rely on cyber proxies for cyber warfare are twofold. First, it’s cost-effective. Proxies don’t necessitate much in the way of technical assistance. In many cases, the hackers were only given a target list and attack vectors before being let loose. Hacktivists and political/nationalist hackers—of which Russia has a large number—will frequently work for free if the issue aligns with their worldview.
Second, hackers can also be mobilized relatively quickly and disbanded when they are no longer needed. Third, hackers are ideal for operating in the grey zone of information warfare because they provide an additional level of anonymity, which exacerbates the attribution issues that exist in cyberspace. Even the most thorough forensic investigations rarely yield a “smoking gun” that can be linked to government computers or IP addresses.
The outcome is ideal for nations in terms of deterrence or competition because adversaries expect the rival government to be involved. Still, they usually lack definitive proof to hold the enemy accountable for its actions. All in all, this game is similar to classic gangster protection racket schemes, where the villain can disavow the actions of its hired guns with a wink while darkly implying that more things will “break” unless its opponents pay up and behave! Right?