Experts say Russia gives hackers a 'tacit blessing' to attack foreign nations - as long as they don't target Russia or its allies
- The hackers who attacked SolarWinds, Colonial Pipeline, JBS, and more are believed to be Russia-based.
- Experts say the Kremlin allows them to carry out cybercrime as long as they don't target Russia.
- President Biden is expected to question the Russian president on Wednesday over the recent cyberattacks.
The number of cyberattacks carried out against the US has increased recently, and the online perpetrators have one thing in common: they are believed to be linked to Russia.
Hackers have found a safe haven in Russia to carry out their attacks, as the Washington Post reported. That's because they work without any repercussions from Moscow, which seemingly grants them leniency as long as they don't target Russia or its allies.
Cybercriminal networks "in Russia seem to exist with the tacit blessing of the Russian state," V.S. Subrahmanian, director of Dartmouth's Institute of Security, Technology, and Society, told Insider. "As long as they do not carry out nefarious activities in Russia itself, they seem to be protected from severe prosecution."
Why Russia takes a 'hands-off' approach
An underground network of hackers has sprouted up in Russia in recent decades, the Post reported, driven by animosity for western countries after Russia fell on hard times following the Soviet Union's collapse.
One former hacker-turned-analyst told the paper he turned to hacking to find money after studying information security in college, and more educated youth in Russia are turning to cybercrime since "there is so much money to be made."
Experts told the Post that cybercriminals might not only be working out of Russia because the Kremlin is allowing them to - they may even be working for the government in some cases. However, Subrahmanian said there isn't currently any evidence that the cybercriminals do Moscow's bidding.
"There's just too much of this going on right now for this not to have at least implicit hands-off policy by the Russian state," he said. "And at the very worst, it could be an explicit go-ahead. We just don't know which of the two."
DarkSide, which is believed to be linked to Russia, successfully targeted America's largest fuel pipeline in May, leading to gas shortages and price surges across the eastern seaboard for a week. The largest meat supplier in the world, JBS, was hit with a ransomware attack that same month and eventually paid $11 million in bitcoin to the cyberhackers.
The FBI has accused a hacking unit called REvil, which is connected to Russia, of conducting the JBS attack.
And months before, foreign hackers were able to spy on private companies, including the Department of Homeland Security, through an attack on the IT firm SolarWinds.
Subrahmanian said there are even less-publicized hacks that tied to Russia, like a May ransomware attack on the insurance company CNA, which shelled out $40 million to regain control of its systems.
But regardless of how - if at all - involved Russia is in cybercriminals' activity, the state profits from it, he said.
"Russia benefits greatly from different kinds of chaos in the Western world," and that is a key aspect in the nation's influence operations, said Subrahmanian."Cyberattacks and weakening us economically is yet another instrument in what's known today as gray zone warfare."
The US needs to send a strong message, experts say
President Joe Biden will meet with Vladimir Putin on Wednesday. He's expected to ask what - if anything - Russia intends to do to fight cyberhackers based in the country, something it historically hasn't done.
Putin has denied that the attackers behind the recent US attacks are based in Russia.
"We have been accused of all kinds of things," Putin told NBC News in an interview this week. "Election interference, cyberattacks and so on and so forth. And not once, not once, not one time, did they bother to produce any kind of evidence or proof. Just unfounded accusations."
US-Russia ties are strained at the moment, given the latest series of cyberattacks linked to Moscow as well as Russia's interference in both the 2016 and 2020 US presidential elections. Biden will likely not follow his predecessor, former President Donald Trump's, warm approach to Putin upon his visit.
Subrahmanian said he'd like to see President Biden deliver a stern message to the Russians that the US will not stand for this and that it will take action unilaterally against facilitators of these attacks "in much the same way we carry out actions against terrorists."
However, he said he doubts that "we're gonna see much action from Russia unless it's backed up with some explicit threats, and we don't have that many threats," given Russia's nuclear power and its large-standing military.
A senior White House official told Time that Biden could remind Putin that the US could target the Russian president's personal fortunes overseas with its own cyber capabilities.
"The whole goal is to have [Putin] come away saying, 'The Americans are onto us and have us encircled,'" the unnamed said.
Subrahmanian said another option for the US is to take covert action and infiltrate both dark web networks and state websites to deny them the money they hope to make through these attacks. By doing so, federal officials could also have a better idea of how connected Russia is to these cyberhackers, he said.
"It's a slippery slope, and that's why I'm being a little cautious, but certainly covert action against the specific places known to harbor large numbers of cybercriminals is a possibility," as is capturing them and bringing them to the US, he said, though no option would be easy.
"I'm not calling for airstrikes - I'm calling for cyber strikes," Subrahmanian said.