The Kremlin indicates it might be open to cooperating on stopping cybercrimes
RACHEL MARTIN, HOST:
U.S. officials have talked about a, quote, "multipronged" attack from Russia against Ukraine. That could involve missile strikes and ground forces but also cyberattacks. As NPR's Jenna McLaughlin reports, though, while Russia threatens other countries with cyberwarfare, sometimes it cooperates to prevent them. Just how serious Russia is about that effort and what impact it could have is more complicated, though.
JENNA MCLAUGHLIN, BYLINE: In January, Russia's domestic spy agency arrested a group of high-profile cybercriminals in Moscow and St. Petersburg. State media shared flashy videos of the raids with piles of cash and men tied up.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED PERSON #1: (Non-English language spoken).
(SOUNDBITE OF STRUGGLE)
UNIDENTIFIED PERSON #2: (Non-English language spoken).
MCLAUGHLIN: The Biden administration had pushed the Kremlin to take action against ransomware, which has cost U.S. businesses billions in just the last year. But for many experts, to actually see it happen was shocking.
JACKIE KOVEN: I actually burnt my breakfast.
MCLAUGHLIN: Jackie Koven follows ransomware gangs at a company called Chainalysis. When she found out Russia had bagged some of the U.S.'s most wanted criminals, revealing extensive information about their names and locations, she couldn't believe it.
KOVEN: I was incredibly, incredibly surprised.
MCLAUGHLIN: On the dark web, it even spooked other hackers.
KOVEN: To see it reverberate in the underground in chatter, theories going on about who and how it all came to pass and who was next and what actually led to the downfall. It kind of spurred this whole conversation.
MCLAUGHLIN: Other experts were less stunned. There was so much pressure on Russian officials to do something, anything, to stop the bleeding caused by cybercrime. This particular group, REvil, had already stopped operations after getting a lot of heat from governments around the world for a hack of widely used business software.
KIMBERLY GOODY: There have been major attacks that have hit critical infrastructure or impacted supply chains to the point where the issue could no longer be completely ignored.
MCLAUGHLIN: Kimberly Goody leads a team tracking cybercrime at Mandiant, a cybersecurity firm. She thinks these arrests give Russia the ability to claim the high ground regardless of the impact. But speaking of impact, the answer to that question is complicated, too. A possible chilling effect is that some cybercriminals are too scared to keep operating. This week, one ransomware developer gave victims the key to their data back and announced his retirement. Major arrests can lead to a domino effect, but statistically, ransomware remains a big problem.
GOODY: Though I did look at some of the data that we have, do we see any trends in terms of a decline? And the answer from that perspective is no.
MCLAUGHLIN: Just recently, hackers with possible ties to Russia struck major oil terminals in Europe's biggest ports. So why did Russia make the arrests anyway?
ANDREI SOLDATOV: The FSB has been trying to do something in foreign policy for many years.
MCLAUGHLIN: Andrei Soldatov is a Russian investigative journalist. He thinks these arrests were a chess move made by the FSB, Russia's domestic intelligence agency. Most people assume the Kremlin is a monolith, but there's actually a lot of bureaucratic infighting between agencies.
SOLDATOV: It's an interesting game because they need to show themselves as a reliable partner to the U.S.
MCLAUGHLIN: Despite current tensions, Putin wants to have the option to exercise diplomacy or at least look like a statesman. Now the FSB can do what they want with the cybercriminals they catch. They can force them to work for the state, give them light sentences or unleash them, especially in the face of U.S. sanctions, should Russia invade Ukraine. But cybercriminals don't only live in Russia. Allan Liska tracks ransomware for the cybersecurity firm Recorded Future.
ALLAN LISKA: And it'll be really interesting to see, especially as now we're starting to see more ransomware come out of Iran, come out of China, and I imagine, you know, in 2022 we'll see it coming out of even other countries.
MCLAUGHLIN: But the FSB can't control cybercrime around the world. Liska thinks the choice to let the criminal underground flourish could come back and bite Russia.
LISKA: Those countries won't have the same restrictions on going after Russian targets.
MCLAUGHLIN: Ransomware is now so accessible it's only a matter of time until it explodes beyond Russia's borders. In fact, it's already begun.
Jenna McLaughlin, NPR News. Transcript provided by NPR, Copyright NPR.