The cyber-attack on the Colonial Pipeline once again raised the “cursed question” many law enforcement agencies around the world are asking these days: How they are supposed to cooperate with their counterparts in countries where there isn’t a clear line between the criminal police and political police?
Russia has been the largest supplier of a highly skilled workforce of hackers for several generations, starting in the mid-1990s when thousands of engineers within the gigantic Soviet military-industrial complex, confused by the sudden loss of their social status, found themselves completely incapable of providing their smart kids with any moral guidance.
The kids, who hold a grudge against the West, put their brains and math skills to good use. They expanded the ranks of hackers and brought a new brazenness to their operations. Many were targeting the West, a target that was always considered safer to attack than something closer to home. The need for the Western law enforcement to cooperate with their Russian counterparts was immediately obvious.
Russian policemen, in turn, needed Western expertise. So interagency conferences were held, speeches delivered, diplomatic visits exchanged, and the official representatives of secret services attached to the embassies got involved. The ties between Russia’s secret services, Russian private security firms and the West were established and strengthened. The poisoning of Litvinenko in 2006 did harm that cooperation, but the harm was largely contained to the British-Russian relationship.
At some point, it looked like it might be possible to have well-functioning cooperation between law enforcement agencies outside of politics. The Americans were especially keen to keep the cooperation alive when thousands of Americans came to the Olympic games in Sochi.
The most important moment of cooperation was reached in the summer of 2016, when in early June the Russian police arrested members of the criminal group known as Lurk. They pulled in a total of 50 people. The Lurk group was believed to have stolen nearly three billion rubles ($45 million) from Russian and foreign banks. The operation was a joint effort of the Russian Interior Ministry, the FSB, and the investigative unit at Kaspersky lab.
But 2016 was also the year that saw Russian cyber interference in the U.S. election, and the contact people at the FSB and Kaspersky lab were promptly locked up in jail by the FSB, which was paranoid about possible leaks to the Americans.
International cooperation in fighting criminal hackers seemed to be in ruins when the Americans responded to Russian interference by adopting a naming and shaming policy that included putting FSB officers on the FBI most-wanted list.
The officers added to the list were members of a unit that was long suspected of both prosecuting hackers and running them – and running them against Western targets. Worse yet, rumor had it that the unit used the information obtained from Western partners to locate, approach and recruit Russian hackers.
The naming and shaming policy was a strong signal, but the bold move was hardly of help against criminal hackers. Russia remained one of the largest exporters of that commodity, and it was impossible to catch them without help on the ground.
Moscow understood this perfectly well. And the FSB really began to enjoy putting its Western counterparts before a difficult choice. A general introduced by the FSB as its top official in charge of international cooperation, including counterterrorism, was identified by the Ukrainians as being present in Kiev during the Maidan revolution. Counterterrorism cooperation is too important to be abandoned over an issue of morality; the FSB won that round. And since that worked, at Lubyanka they decided to apply the same strategy to restart cyber cooperation with the West. The security agency badly needed it to put an end to the embarrassing naming and shaming policy, and the Kremlin wanted to restart bilateral cyber talks with Western countries rather than having to face a united front.
What came in handy was that Russia kept hosting international sports competitions, and in 2018 Moscow hosted the FIFA World Cup. A few months after, the Kremlin launched a national coordination center for computer incidents, created under the auspices of the FSB. Western law enforcement was welcome to contact the Center in the future if there were any hacking attacks. That didn’t go well. Some information was shared, but mostly with the countries traditionally close to the Kremlin, like the regimes in Central Asia and Belarus. The West largely ignored the Center.
But once the Kremlin decided on a strategy, it stuck by it. In April, when the Germans accused Russia of being behind an attack on the computers of at least seven federal MPs and 31 lawmakers in regional parliaments, Foreign Ministry spokeswoman Maria Zakharova pointed out that the Germans had failed to contact the FSB’s center on computer incidents. The positions on both sides became entrenched, and then the U.S. was hit by the Colonial hack.
Russian criminal hackers are still out there, at large and in large numbers, and they cannot be ignored. Most of them are on Russian soil, and if there are still Russian criminal hackers who are acting independent of the authorities, they can only be fought with local cooperation. But what if all the doors to cooperation, both government and private, remain shut and sealed, except the door of the FSB — the very agency which is accused of carrying out repressions, poisonings, and cyber-attacks?
Is cooperation with this agency feasible? If so, to what extent and at what level? These questions are what many people in Western law enforcement are asking themselves these days. Treating the FSB as a possible partner is again on the agenda. And that means that from now on, every major cyber-attack attributed to Russian criminal hackers will play into the hands of the Kremlin.
Published in The Moscow Times on May 14, 2021