TSG IntelBrief: The Convergence of Russian Cyber Crime and Espionage
March 16, 2017

The Convergence of Russian Cyber Crime and Espionage


Bottom Line Up Front:

• On March 15, the U.S. Department of Justice filed charges against four people in connection with the massive 2014 Yahoo compromise of 500 million accounts.

• Significantly, two of the individuals charged are officers of Russia’s Federal Security Service (FSB), marking the first time the U.S. has brought cyber-related charges against Russian officials.

• Russia has effectively merged state-tolerated criminal hacking with state-directed cyber-espionage—an unprecedented convergence with enormous reach and few constraints.

• Traditional efforts to deter espionage have proven ineffective against the present cyber threat posed by Russia; the indictment is best viewed as a high-profile warning to back off.


The March 15 indictment of two Russian intelligence officers by the U.S. Department of Justice represents the most explicit evidence to date that Moscow has effectively combined state-tolerated cyber crime with state-directed cyber-espionage efforts. Despite certain depictions in pop-culture, the ways intelligence agencies and criminal networks operate are extremely different. Intelligence agencies work to obtain targeted information about foreign governments, groups, or individuals with the overarching goal of gaining insight into the motivations and intentions of adversaries (and sometimes even allies). By contrast, most criminal enterprises try to obtain information for financial gain, while some do so with the intention of causing disruption and chaos. The targets of intelligence agencies and cyber criminal networks are usually very different. Russian efforts, however, have increasingly blurred the lines between cyber-espionage and cyber crime in an unprecedented manner. Examples of the convergence of malicious cyber activity by Russia include the hacking of Western political parties and groups, the curiously selective and well-timed releases by Wikileaks—which is widely believed to be a Russian proxy—and theft from purely commercial entities such as Yahoo.

The indictment of two Russian Federal Security Service (FSB) officers along with two other Russian nationals in the 2014 Yahoo breach represents the first time the U.S. has charged any Russian officials with cyber crime offenses. The indictment alleges that the two Russian intelligence officers directed and supported the other two individuals indicted in breaching and exploiting Yahoo’s defenses. The intelligence officers were looking for information on reporters, officials from numerous governments, and other individuals that were targeted. The two other defendants—both known cyber criminals—were free to use whatever other personal account information they could obtain for illegal profit through spear phishing and identify theft.

At the time, the 2014 Yahoo breach was the largest cyber crime in history, only to be surpassed by reports in 2016 of a hack that occurred in 2013 which exposed more than a billion accounts (Russia has not been publicly implicated in the 2013 breach). The sheer scale of high-value targets that use email services such as Yahoo and Gmail are of interest to both intelligence and criminal gangs; Russia appears to have merged the two with devastating results.

The indictments are one of the few avenues for the U.S. to react to the Russian activity in a meaningful way, yet without dramatically escalating a cyber free-for-all that could easily get out of control. The U.S. is hoping that the high-profile move will serve as notice to the Russian government that it has overstepped the long-accepted boundaries of espionage by purposefully veering into criminality. In addition to the indictment, there are several congressional investigations just getting underway regarding the alleged Russian interference and active measures surrounding the 2016 U.S. presidential election. While that disinformation campaign was unrelated to the 2014 Yahoo breach, it represents another example of the dramatic evolution and convergence of Russian cyber-theft, election interference, and traditional espionage.


For tailored research and analysis, please contact: info@soufangroup.com


Subscribe to IB