Today
Sun 20 September 2020
Subscribe

Kseniya Kirillova speaks to a cybersecurity specialist about how Russia obtains sensitive information from Western companies

On 3 September, a Nevada federal grand jury indicted a 27-year-old Russian citizen Yegor Kryuchkov on charges of trying to organise a cyber attack on an American company. According to the US Department of Justice, Kryuchkov tried to recruit an employee of the company (Tesla, as it later turned out) to plant malware inside the firm’s computer network in order to gain access to data. As his next step, the Russian was going to extort ransom under the threat of data release.

The FSB has access to the content of all communication on the internet if at least one of the parties is physically located in Russia

Michael Talanov

According to the FBI, Kryuchkov told an American that his group was headed by a “high-ranking employee of the state bank in Russia”. Russian journalists also discovered that Kryuchkov was an employee of Sberbank, which led them to suggest he is connected to the Russian security service, the FSB. In particular, some sites claim that the former colonel of the FSB Information Security Centre, Sergei Mikhailov, chose Sberbank as one of the main platforms for “implementing his ideas” and boasted an extensive network of hackers.

The connection of Russian hackers with the special services has been confirmed numerous times. Arkady Bukh, a New York lawyer who specialises in defending Russian-speaking cybercriminals, admits that cases of cooperation between his clients and the FSB are quite common, and Russia often entrusts hackers with openly fraudulent operations.

“People sometimes shared with me information about ‘private’ orders when FSB officers asked, for example, for credit card numbers and PIN codes to withdraw cash from ATMs,” said Bukh.

In addition to recruiting its own hackers, the Kremlin actively interacts with foreign ones. In 2017, then-CIA director Michael Pompeo described Wikileaks as “a non-state hostile intelligence service often abetted by state actors like Russia”.

Special Prosecutor Robert Mueller accused Russian intelligence of coordinating the release of stolen documents with Wikileaks. Against this background, it’s not surprising that Russian TV channels describe the process of extradition to the United States of Wikileaks founder Julian Assange, which was resumed on 7 September in London, as a “political directive from Washington”.


The Guise of Fighting Terrorism

However, according to experts, cooperating with hackers is not the main threat that Russia presents to the cybersecurity of Western countries and companies. Michael Talanov, an IT specialist from San Francisco and a member of the Free Russia Forum – an independent platform for Russia’s opposition – notes that all internet traffic within Russian borders has been compromised by the FSB.

This means Russian special services are capable of intercepting any communications on their territory, including through encrypted messenger apps.

It works as follows. The security of internet connections is ensured with the help of an SSL certificate issued by special companies that have passed the most rigorous audit and unquestioningly follow the rules adopted on the internet. They form the Root Certificate Authority. However, each state has the right to apply to this Authority on the basis of an international treaty in relation to mutual assistance in the fight against terrorism. Countries are then able to request a fake SSL certificate for persons or companies allegedly suspected of terrorist activities.

“Russia, for its part, unceremoniously abuses this right,” says Talanov.

“Roskomnadzor [the Russian communications and censorship agency] has compiled a list of the main domains from which internet traffic flows in Russia, and requests that substitute SSL certificates are sent to… the entire list. As a next step, the Russian authorities order all internet providers to install special equipment they developed, ostensibly to ‘fight terrorism’.

“As a result, the FSB has access to the content of all communication on the internet if at least one of the parties is physically located in Russia,” he says.

That is why, Talanov claims, leading Western companies avoid interacting with their Russian counterparts.

“The exchange of sensitive and classified information, as well as giving access to the infrastructure of a Western company from Russia via the internet, is a cybercrime against this company,” he says.

“There is no doubt that all logins and passwords, as well as all traffic in unencrypted form, will be transferred to the FSB,” Talanov warns.

Recall that the Russia report by the UK House of Commons Intelligence and Security Committee, published at the end of July, pays great attention to the business ties between Britons and Russian oligarchs. It’s important to understand that, in addition to lobbying for the Kremlin’s interests, these connections carry the risk of important information about British companies being intercepted by Russian intelligence services.


Surveillance and Substitution

Another danger posed by this situation is the ability of Russian special services not only to intercept, but also to substitute internet traffic.

“For example, you click on the addresses of Facebook or Gmail pages, but you get traffic that is not generated by Facebook or Google,” Talanov says.

“Distortion of the source code occurs: for example, an email sent to you may be deleted by Roskomnadzor, and you will not even know about it. If we add to this a system of total surveillance, we can see that Russia, without exaggeration, can be called a digital prison,” he says with certainty.

Total surveillance is carried out through street cameras with facial recognition, which is automatically synched with the photo databases of social networks. As Talanov explains, in all civilised countries this method is used at essential facilities, for example at airports, while in Russia the entire capital and some other regions, primarily the occupied Crimea, act as an ‘essential facility’.

 “For Western firms, this kind of behaviour by the Russian authorities means a serious risk to the security of companies doing business with Moscow.”


Become a Patron of Byline TV

More stories filed under Reportage