SOURCE COMPANY INTELLIGENCE REPORT 20161086 CRIME A SYNOPSIS 0F RUSSIAN STATE SPONSORED AND OTHER CYBER OFFENSIVE CRIMINAL OPERATIONS Summary Russia has extensive programme of state-sponsored offensive cyber operations External targets include foreign governments and big corporations especially banks FSB leads on cyber within Russian apparatus Limited success in attacking top foreign targets like G7 ermnents security services and but much more on second tier gov ones through 11 back doors using corporate and other visitors to Russia FSB oiten uses coercion and blaclanall to recruit most capable cyber operatives in Russia into its state-sponsored progammes Heavy use also both wittiogly and unwittingly of CIS emigres working in western corporations and ethnic Russians employed by neighbouring governments e g Latvia - Example cited of successful Russian cyber operation targeting senior Western business visitor Provided back door into lmportantWestern institutions - Example givenofUScitizenofRussian origin approached'by F83 and Problems however for Russianaudmities themselves in counteringlooal hackers and ryber operating outside state control Jenna Bank slalom there wereover 20 serious studs on correspondent accounts held by CBR in 2015 comprising Boobies several hillbnin Ernud - Somedeta sgiven Mill 1 Wemzoma knomdgeofosdooal cybermmamste-sponsored smother-vibe - -- Jpn-W m uu - - - - - SOURCE western governments penetrating leading foreign business corporations especially banks domestic monitoring of the elite and attacking political opponents both at home and abroad The former intelligence of cer reported that the Federal Security Service was the lead organization within the Russian state apparatus for cyber operations In terms of the success of Russian offensive cyber operations to date a senior government gure reported that there had been only limited success in penetrating the ' rst tier foreign targets These comprised western 98138813115 67 and NATO governments security and intelligence services and central banks and the iFis To compensate for this shortfall massive effort had been untested with much greater success in attacking the secondary targets particularly western private banks and the governments of smaller states allied to the West 5 he mentioned Latvia in this regard Hundreds of agents either consciously cooperating with the FSB or whwe personal and professional IT systems had been unwittingly compromised were recruited Many were people who had ethnic and family ties to Russia and or had been incentivized nancially to cooperate Such people often would receive monetary inducements or contractual favours from the Russian state or its agents in return This had created dl icuities for parts of the Russian state apparatus in obliging indulging them e g the Central Bank of Russia knowingly having to cover up for such agents money laundering operations through the Russian nancial system in terms of the recruitment of capable cyber operatives to carry out its ideally deniable offensive cyber operations a Russian 11 specialist with direct lmowiedge reported in June 2016 that this was oiten done using coercion and blackmail in terms of 'foreign' agents the FSB was approaching US citizens of Russian Jewish origin on business tripsto Russia In onecasea US Moscow to attract investors in his new information Ethnology program pmvideseedcapitaltothls personin return for them being able to access and modifyhis IP with a view to targeting priority foreign targets by planting a Trojan virus in the soiiware 'I'he had implied signi cant operational success as aresult of mailing cheap targem on ieirPCs and other platforms by in a more advanced and successfuliPSB operation an IT operatordnside a ieadingRussianSOE who previonsiyhad beenempioyedonconventionai defensive 1T workmen had been under-instruction forthe iastyearto conductan offensive whet-operation againstaforeign company Aithough the iatter was apparently an to Russia ask 115' an successfully had penetrated hispersonaltl'l and through managed-mmvarmoshnpom t unions 'm time 30 pF-II l u-t-y-H h SOURCE S in terms of other technical lT platforms an FSB cyber operative agged up the Telegram' enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB not least because itwas used Russian internal political activists and oppositionists His her understanding was that the FSB now successfully had cracked this communications software and therefore It was no longer secureto use 6 non-state sponsored cyber crime was becoming an increasing problem inside Russia for the governmentand authorities there The Central Bank of Russia claimed that in 2015 alone there had been more than 20 attempts at serious cyber embezzlement of money from corresponding accounts held more comprising seven billions Roubles More generally s he understood there were circa 15 major organised crime groups in the country involved in qrber crime all of which continued to operate largely outside state and F83 control These included the so-mlled 'Anunak 'Buktrap' and Metel organisations 261m 2015 - a -                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu