Russia’s Complicity in Cybercrime Jeopardizes U.S. National Security

The revelation that an Eastern European group is responsible for the massively disruptive ransomware attack on the Colonial Pipeline should spur U.S. policymakers to confront Russia’s brazen enabling of cybercrime. Russian authorities and top-level cybercriminals have long shared an informal understanding, buttressed by state co-optation and coercion, that criminal hackers occasionally lend security services their expertise in exchange for a near-free rein to hack, extort, and steal from foreign entities, especially those in the West—just not any in Russia or the near abroad. The fuel crisis the Colonial Pipeline shutdown has caused underscores the serious, real-world consequences that bargain has for Americans. As the Biden administration begins to implement its national cybersecurity strategy, it must take steps to address Russia’s strategic negligence toward cybercrime. 

Russian authorities have leaned repeatedly on cybercriminals for help conducting complex operations. In 2014, Russia’s security service officers, known as the FSB, enlisted a pair of criminal hackers to compromise Yahoo’s email service—one of whom was the subject of an Interpol Red Notice for illegal hacking—and provided “sensitive” information “that would have helped him avoid detection by law enforcement, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers.” In 2017, the New York Times reported that the FSB was “grafting an intelligence operation onto a far-reaching cybercriminal scheme” orchestrated by Evgeniy Bogachev, then the world’s most wanted cybercriminal. As Bogachev pursued financial gain, the FSB was “piggybacking” on his intrusions, scouring the millions of computers he had compromised for valuable intelligence.

More recently, U.S. prosecutors brought charges against Maksim Yakubets for a “decade-long cybercrime spree,” first as a money launderer for Bogachev’s crew and later as the leader of a prominent gang called Evil Corp. The State Department’s $5 million reward for Yakubets’ capture now exceeds the one for Bogachev. In a sanctions announcement, the U.S. Department of the Treasury noted that “in addition to his involvement in financially motivated cybercrime” Yakubets “provides direct assistance to the Russian government’s malicious cyber efforts” and even holds an FSB security clearance. Yakubets’s government ties go beyond business: in 2017, he reportedly married the daughter of a former officer in the FSB’s Vympel special forces.