Infighting Among Russian Security Services in the Cyber Sphere

Presented at Black Hat USA 2019, Aug. 8, 2019, 12:10 p.m. (50 minutes).

Much Western coverage of Russian hacking focuses on "Russia," as if the nation were a monolithic whole and all of the various entities conducting offensive hacking campaigns share the same goals and incentives. But, as the cliché goes, "the Kremlin has many towers," and the security services are no exception. If anything, this phenomenon has increased in recent years, as the heightened levels of infighting in all branches of power directly affected the security services and their activities in the cyber realm. Honest people and institutions remain in Russia, but operating that way appears increasingly difficult.

The competition between branches of the security services is periodically apparent to outside observers, such as when rival agencies both compromise the same targets at the same time, thereby increasing the risk of discovery for both, or in which agencies get public assignments for different aspects of cyber operations. It is also apparent in less concrete measures, such as unexpected criminal charges for officials or rumors within Russia of specific conflicts, sabotage and even treason designed to destroy institutional rivals.

One place where all of these factors collide is the treason trial currently taking place in Moscow of two FSB agents, a businessman and the head of cybersecurity investigations at Kaspersky Lab. The actual criminal charges originated as conspiracy accusation by a soon to be convicted and imprisoned cybercriminal seeking to avoid prison in 2011, but were resurrected as a useful tool in 2016.

The speaker is also involved in this case, as she was among those conducting cybercriminal research into the relevant case in 2011 and was subsequently included in the conspiracy accusations. She is named in the current trial as well, but is not charged (foreigners can't be traitors).

This talk draws on more than a decade of research into the cyber threat environment of the RuNet (much of it conducted in Russia) and insight gained as a bit player in a trial that is itself a significant escalation among Russia's security agencies. It will discuss the competition between Russia's security agencies active in the cyber sphere, as well as the specific conflicts, and actions, that may have played a role in creating the current situation, and how the current situation could influence future decisions regarding international campaigns.


Presenters:

  • Kimberly Zenz - Head of Threat Intelligence, DCSO Deutsche Cyber-Sicherheitsorganisation (German Cybersecurity Organization)
    Kimberly Zenz is Head of Threat Intelligence at the Deutsche Cyber-Sicherheitsorganisation (German Cyber Security Organization) in Berlin, where she created the international research program. Prior to her current position, she spent ten years splitting her time between Washington DC and Moscow researching the cyber threat environment of the RuNet for VeriSign iDefense. She is also a nonresident senior fellow with the Cyber Statecraft Initiative at the Atlantic Council's Scowcroft Center for Strategy and Security in Washington DC.

Links:

Similar Presentations: