So Russia are only now learning that once you release the genie, shoving back in the bottle is very difficult.
Russia's control of cybercrime groups that have come to play a part in its espionage activity is crumbling, according to Cybereason. The security intelligence outfit reached this conclusion after reviewing the latest tactics and procedures associated with high-profile cyber-espionage pops blamed on the Kremlin. Russia has made …
Tuesday 6th June 2017 09:47 GMT Anonymous Coward
shoving back in the bottle is very difficult
For people like the CIA and other western intelligence agencies yes, And they've got plenty of experience of that, from their own hoarded exploits going AWOL, or their support for Al Qaeda and the Taliban in the 1980s. For the FSB I'm far less convinced that they can't rein in their proxy warriors. Certainly there's a problem of "leakage" of tools and exploits. On the other hand, the FSB are part of a government entirely happy with brutality and lethal force, full knowledge of who these "players" are, and a willingness to exact revenge outside of their borders.
If Putin and his chums decide that some cybercrim contractors are getting out of hand, I'd imagine that some very horrible examples will be made, and these examples will be exhibited to the other players, with a clear message "Stop making our lives difficult, stick to our rules, or this happens to you, your friends, your family - and even fleeing the country won't save you".
Tuesday 6th June 2017 10:54 GMT Anonymous Coward
"or their support for Al Qaeda and the Taliban in the 1980s"
Organisations that grew out of the mujahedin that the CIA itself created. We in the UK are now collateral damage in the dirty tricks wars of the CIA. But, as we gave the US the idea for the CIA in WW2, you could argue that you sow what you reap.
At the end of WW2, British politicians wanted our own dirty tricks department closed, because they were far-thinking. But the US jumped happily into the toybox. And now the US public is surrounded by security theatre while the Russians exploit it.
Tuesday 6th June 2017 10:17 GMT Destroy All Monsters
It's a William Gibson world
They set a Slamhound on Turner's trail in New Delhi, slotted it to his pheromones and the color of his hair. It caught up with him on a street called Chandni Chauk and came scrambling for his rented BMW through a forest of bare brown legs and pedicab tires. Its core was a kilogram of recrystallized hexogene and flaked TNT.
He didn't see it coming. The last he saw of India was the pink stucco façade of a place called the Khush-Oil Hotel.
Tuesday 6th June 2017 10:35 GMT Voland's right hand
The genie is LOCAL and DOMESTIC. It CAN be shoveled back into the bottle by brute force if need be. In this case the "I know where you live" tactic can and does work.
That is a considerable difference to the horde of genies FSB western counterparts have unleashed in Afghanistan, Syria, Lybia, Iraq, etc. There is no amount of brute force short of a turning these into a glass lake which can bottle THAT horde of genies quickly back into the bottle.
Tuesday 6th June 2017 11:25 GMT Rob D.
Comparable in intent but not execution
Cyber-attack capabilities represent the first opportunity in history for one nation state to materially damage the integrity of another nation state without ever setting foot on foreign territory. With armed conflict requiring physical presence of people or resources on the ground or in reasonable proximity (air and sea power) there is no comparable remote execution capacity - people, equipment and (for now at least) money all have to move. The activities of Russian, American and varying degrees other nations like Saudi Arabian or Iranian influences on armed groups in proxy war situations are not comparable in execution although they are comparable in intent.
One important difference here is that if it had been possible to cultivate the extended cyber-attack capability within its own jurisdiction, then Russia probably would have done so - America, China and some less significant players do seek to retain direct control of the executors of their capabilities. Russia has been arguably braver (choose your own adjective here) to push the envelope of developing an aggressive capability (in this case, not defensive; separate question) which has greater rewards and some risks.
Tuesday 6th June 2017 15:11 GMT I ain't Spartacus
Re: Comparable in intent but not execution
Russia has been arguably braver (choose your own adjective here) to push the envelope of developing an aggressive capability (in this case, not defensive; separate question) which has greater rewards and some risks.
Russia is much poorer. They ranked 12th in the world on nominal GDP last year - smaller than Italy, Canada or South Korea. Although obviously labour costs are lower - so for something manpower intensive they're at much less disadvantage.
There's an ex diplomat that I read sometimes, Charles Crawford. And one of his sayings when talking about Putin's policies is, "chaos is fair". Hadn't realised it was a quote from The Joker until I looked it up.
The idea being the the Soviets lost the Cold War on the economy but if the ex-KGB people running the place can be cleverer, then unleashing chaos knackers everyone equally. But they're willing to take more pain (well inflict on their own citizens who have no choice in the matter), than the West is - and maybe they also bet that they can dance better...
There's a bit of a 1930s feel to the Russian leadership, we didn't lose the Cold War, we were betrayed. The German 1918 "stab in the back" thing again. Because I guess the alternative is admitting that the system they served was both evil, and useless. Even though I doubt many were believing communists, as the KGB even then was plugged into organised crime.
They also profitted from the chaos of the Yeltsin years, so why not again? The same playbook two, making money via criminal gangs, or via exploiting the privatisation of state enterprises - or later stealing those off the people who originally stole them, to entrench their powerbase.
The question is, do they have an objective? Or is more a case of fuck the lot of you, if we can't have everything we want we'll screw it all up for you as well? I suspect they're quite a nihilistic lot. They joined the Communist party in the 70s, when it was already clear to many how badly it was going - but that was the only way to get ahead. And the way to get luxuries (or even neccessities) was corruption and the black market.
So I guess this is just their normal playbook now. And damn the consequences.
Tuesday 6th June 2017 12:41 GMT Chris G
Tuesday 6th June 2017 12:56 GMT Joe Harrison
"The capabilities that were once indicative of a nation-state actor are now an affordable commodity for the private sector," reports Cybereason.<p?
This tries to say that the state and the private sector are competing equally for talent. Which can never be true because the state can pay in a coin unavailable to the private sector - the state has the power to make any awkward criminal charges just go away.
Tuesday 6th June 2017 14:26 GMT kventin
why THE state? is there only one?
if recent (70 years') history taught us anything, if you have awkward criminal charges in, say, Germany, certain south american countries wouldn't give a damn (forgive my klatchian).
another option is joining the other team -- it worked for legion etranger, why shouldn't it work for hackers?
Wednesday 7th June 2017 08:28 GMT Anonymous Coward
Kremlin losing control of hackers says CIA front organization
"the Russian government had a problem of recruiting technology talent to accomplish their goals. Through necessity they turned to outsourcing and contractors"
I would have thought it's the NSA who has the problem with outsourcing :)
"Cybereason' .. Founded by elite Israeli-Intel cybersecurity experts" link ..