MOSCOW — Whether an organized crime expert or a solitary con man, an intelligence services agent or the Kremlin's cyber soldier, Russian hackers are often at the heart of Internet fantasies. An ambiguous and protean figure, the hacker has as many faces as Russia itself. The country, from which many of these nefarious crimes originate and where Edward Snowden remains in asylum, is both a nation of cyber censors and IT experts. Welcome to Russia's Internet underworld.
The 28-year-old hacker I'm interviewing establishes the rules of the game. He won't give his name — only his pseudonym, "X311" — and won't answer all of my questions. "If I reveal too much, it could go badly for me," he says. A strong code of silence prevails in the Russian hacking world. It took me recommendations from about 10 mutual acquaintances for "X311" to finally agree to speak to me.
After a long and perilous hunt, his conditions are finally mine. Our interview takes place online, in the middle of the night in Moscow, and on an Internet Relay Chat — one of many online communications protocols. Our exchanges are protected by the cryptography protocol Off-the-Record Messaging (OTR). This is the essential prerequisite to our conversation, and the token of his trust.
"X311" writes in unusual but decent French. The hacker found refuge in France when his "personal situation became way too dangerous" for him to stay one more week in Russia, he says. He agrees to unveil some aspects of his country's cybernetic underworld, only because he's now joined "the white side of the force." In the hacker community, people are clearly divided in five different color groups.
The deep web's golden era
First off, there are the "black hats" — hackers driven by profit and the desire to wrong the market's actors. These are criminals who are either isolated or organized in mafia. On the opposite end are the "white hats," the cyberspace avengers who track down pirates and those threatening their interests — "the grey hats." Then come the "blue hats," who specialize in Windows hacking, and the "red hats," experts in the UNIX operating system.
None of them ever says what color group they identify with. "A real hacker never discloses he's one," X311 says. Our man did, out of choice and necessity.
The Moscovite was a 15-year-old high school student when he first entered the "black hat" Russian underworld. He studied programming in Moscow and developed secured software during his spare time. "Back then, you had to find mentors to learn and practice," he says. X311 found these code masters — with questionable ethics — on IRC chats. These are all solitary and experienced souls, navigating the deep web.
Up to 90% of online content slips through the pages of classic search engines. This is what we call "the deep web," the submerged part of the digital iceberg where the "black hats" hide and thrive. These hackers buy, sell and trade sensitive data — debit cards, confidential information, hacking programs. They do so via the Tor network (an acronym for The Onion Router), which provides them with secured protection of information.
Quickly, X311 built a solid reputation, earning respect among other hackers. "I was young, experienced, I was a good worker," he says via chat. Trading data and sensitive information with another "black hat" just for the love of risk, he quickly became an expert in "cracking" and "phreaking." These practices consist of breaking into security safeguards to hack debit cards, or phones.
"Back then, it was heaven," the hacker says. "There wasn't as much security on debit cards or on logins." He could easily hack into news websites or user accounts of large hosting service providers. Apart from the "American and European banks," things were easy for young hackers like him.
"When I saw a growing interest for the competition of this data, I started selling it," he acknowledges. But he won't say for how much. "A hacker has power through the data he owns, not for the money he earns."
So, how do they work?
The notion of Russian hackers is that they are unattainable — feared, admired and hunted. An immersion into the deep web dispels these clichés. Let's start by talking about how young these hackers are. Hackers younger than 25 gravitate to Saint Petersburg and its universities.
The area is the most dense "black hat" community in the country. "They tend to be pushed toward the city because of a shortage of legal job opportunities," says Sergueyv Vishnyakov, a 24-year-old information security researcher at a Russian bank. He is an expert of the "black hats." He is featured as an "hacktivist" on a website that hosts the largest database of IT flaws and weaknesses to date.
A Kaspersky training course — Photo: Questar
In Moscow, these cowboys of the web are lured by money. The majority of them earn more than 17,000 rubles a month — about $550. "The best hackers earn 10 times more," adds Vishnyakov, "but they only represent about 1% of the Russian "black hats." And the game is definitely worth it: Russian laws aren't deterrent enough to scare these hackers.
To find out how they operate, we head to the Moscow area headquarters of security company Kaspersky. The firm competes with U.S. companies such as Symantec and McAfee fighting cyber crime. Inside the headquarters, elite teams relentlessly battle new IT attacks. More than 315,000 are registered every day, coming from and targeting Russia.
Russia has the dubious distinction of ranking No. 3 globally in generating cyber attacks, after China and Brazil. Aleks Goltsev, a 37-year-old Ukrainian, heads the company's security unit, and with the help of international police forces, he investigates the Russian "black hat" underworld and tracks down its members.
Each country, he says, has its own specialty. "The Chinese hack online gaming platforms," he says. Brazilians take care of online banking websites," Goltsev explains. The Russians, on the other hand, are the pioneers. They develop most of the hacking technologies then sell to other countries," he adds.
Cybercrime in Russia is built around small groups, themselves made up of about 10 hackers whose tasks are clearly defined. Two developers design the spy software, and then try to sell it on IRC forums. The market runs on two economic models. "They either sell the entire program for $10,000, or rent it weekly," Goltsev says. Some clients are Russian, but most of them are foreign — Chinese and Thai.
Russia's ambivalent stance
With the conflict in eastern Ukraine, Goltsev has become even busier. Russia and Ukraine are engaged in an intense data cyber war. The security expert is convinced that denial-of-service (DOS) attacks, which aim at taking down Internet servers, come from "Russian and Ukrainian patriots."
They could also originate from the Russian government. Back in 2007 and 2008, Estonia and Georgia, then in conflict with the Kremlin, were given the same treatment from Moscow as Ukraine is today.
This is what makes Moscow so ambiguous about cyber defense and security matters. The country, known for training the best IT experts, granted asylum to Edward Snowden, a former computer engineer who disclosed revelations about the U.S. spying program. At the same time, Russia stands among the most Internet-censoring countries around the world.
The Kremlin recruits its Internet soldiers in the Siberian city of Novosibirsk. Not far from there, authorities established a scientific city named the "Silicon Taiga" in 1957.
Russia has an impressive and feared cyber army. The GRU, the Main Intelligence Directorate, is the largest supplier of cybersoldiers. Highly trained, they develop new protection systems and manage Russia's listening stations across the globe. At the government level are the Russian Federation Federal Security Service (FSB) and its 76,000 contributors. The organization, the main successor of the KGB, has an entire center devoted to fighting cyber crimes. There is also a special unit in charge of protecting the government's Internet.
The NSA has nothing on the FSB. The Russian service created one of the most powerful systems in communications interception, the one used during the Sochi Olympic Games in February. Russia can also count on its Foreign Intelligence Service (SVR), a 15,000-person organization that is particularly active in economic, industrial and technological spying.
Back in the Moscow night, behind the screen of our encrypted chat, X311 declines to elaborate on what led him to flee Russia for France. "At some point, you need to think about settling down," he says. "I was going on a bad path."
He won't say if he was arrested. "Sorry, but I won’t answer any question. What do you think?" The 28-year-old Russian now works for a French IT security company. Maybe a former victim of his hacking? He replies with a smiley emoticom and suddenly leaves the chat.