REvil Bust: Is Russian Cybercrime Crackdown Just A Decoy From Ukraine?
This weekend’s unprecedented operation to dismantle the cybercriminal REvil network in Russia was carried out on a request and information from Washington. Occurring just as the two countries face off over the Russian threat to invade Ukraine raises more questions than it answers.
The world’s attention was gripped last week by the rising risk of war at the Russia-Ukraine border, and what some have called the worst breakdown in relations between Moscow and Washington since the end of the Cold War. Yet by the end of the week, another major story was unfolding more quietly across Russia that may shed light on the high-stakes geopolitical maneuvering.
By Friday night, Russian security forces had raided 25 addresses in St. Petersburg, Moscow and several other regions south of the capital in an operation to dismantle the notorious REvil group, accused of some of the worst cyberattacks in recent years to hit targets in the U.S. and elsewhere in the West.
And by Saturday, Russian online media Interfax was reporting that the FSB Russian intelligence services revealed that it had in fact been the U.S. authorities who had informed Russia "about the leaders of the criminal community and their involvement in attacks on the information resources of foreign high-tech companies.”
The Russian authorities’ seizing of more than $5 million in U.S. currency, euros, bitcoin and roubles, as well as computer equipment and 20 luxury cars, was initiated from a request and information coming directly from Washington.
What does it mean that this development came just on the heels of the breakdown in talks between Presidents Joe Biden and Vladimir Putin? Is the timing mere coincidence or was Moscow sending a veiled message with this unlikely cooperation? What should we know about the importance of cybersecurity as both an international priority and a potential bargaining chip?
REvil is not new to the international scene, though it dropped off the radar after Habr reported in July of last year that the group had carried out a cyber-attack on U.S. tech firm Kaseya, the consequences of which ricocheted around the world, impacting some 1,500 businesses in at least 17 countries.
The FBI also blamed REvil for the attack on JBS USA, a major global meat supplier, with JBS ultimately paying the hackers a hefty $11 million ransom. The ransom demand, according to the US authorities at the time, "came from a criminal organization, probably based in Russia." Ransomware made by REvil was also likely to have been used in the hacking of the U.S. Colonial Pipeline system, the company added, which led to widespread gas shortages on the East Coast of the United States.
Talks in prior months between Biden and Putin have previously touched on the topic of cyber security, with the former accusing his Russian counterpart of doing little to address the problem within his own borders. He called on Putin to take all necessary measures to stem these issues following the attack last July, otherwise, the U.S. would be prepared to shoulder the responsibility itself.
#Хакеры #АрестХакеров #ЗадержаниеХакеров #Вирусы"Федеральной службой безопасности во взаимодействии со Следственным департаментом МВД России в Москве, Санкт-...
Combatting hackers and cybercrime
So what should we make of the operations this past weekend? Was it a sign that Moscow is ready to crack down on cybercriminals inside Russia? Or is its acting now linked to the showdown over NATO and the Ukraine border? The BBC Russian Service also reports Washington’s concern that REvil may in fact be linked to the Russian government itself, asking whether these actions represent nothing more than a move on the part of the Kremlin to cover its own back.
One anonymous U.S. official quoted by the AFP news agency, nonetheless, praised the arrests, saying: “I don’t speak for the Kremlin’s motives, but we’re pleased with these initial actions.”
The hope among Western law enforcement officials is that the move is ultimately not linked to the current geopolitical standoff, and that Russia has simply taken a decisive first step towards a full-scale crackdown on the other ransomware groups operating within its borders.
The dismantling of REvil was carrot and stick all at once.
The arrests constitute an unprecedented public acknowledgment of the existence of cyber-attackers within Russia, also sending a strong message to other Russian hackers that the party is well and truly over.
Yet there is the risk that the operation is ultimately a decoy in the larger battle brewing with the West. The timing, following the failed Biden-Putin negotiations, seems aimed at reminding Washington that such potential cooperation would cease if the United States and its allies impose new harsher sanctions in the event of a Russian invasion of Ukraine.
Combating hackers and cybercrime is crucial for both international security and commerce, and Moscow stands in the middle of it. Indeed, on Sunday, Kyiv blamed Russia for another cyber-attack that knocked out key Ukrainian government websites last week.
In strategic terms, the dismantling of REvil was carrot and stick all at once.
