Why So Many Hackers Are Russian

00:06

Have you heard the news?

00:07

Just a few minutes ago, there was a massive cyberattack.

00:10

Evil hackers struck a major company.

00:13

Or was it a government institution?

00:15

Maybe a hospital?

00:16

But whatever their target was, the authorities were certain of one thing,

00:21

those hackers, well, they were Russian.

00:24

Anywhere you look, you'll find their trace.

00:26

Companies, infrastructure, politicians.

00:29

They hack it all.

00:31

Nobody can escape them.

00:33

And nobody can catch them.

00:35

But how do they hack?

00:37

Who do they work for?

00:39

And most importantly, who are they, really?

00:43

To find that out, let's dive into the dark world of Russian hackers.

00:54

Meet Leonid.

00:56

He's a 16-year-old from a large Russian city.

00:59

Leonid spends his mornings at school, although he doesn't like it very much.

01:04

While there, he yearns to return home, to a sprawling suburb

01:08

where his mom's apartment is.

01:11

Leonid doesn't go out much, though.

01:13

He spends most of his time on the computer.

01:16

He loves games, cars, war movies, and cool music.

01:21

Leonid also loves his country.

01:23

He's not into politics, not at all.

01:25

But he knows one thing.

01:27

His country is in grave danger.

01:31

It is, as everybody surely should understand, beset by enemies.

01:35

Clues about that are everywhere: on TV, on the Internet, all over the place.

01:41

Everything aligns.

01:43

Everything shows that the whole world is against Russia.

01:47

The only goal of the entire West

01:49

is to destroy Leonid's country and its people.

01:53

Well, at least that's what Leonid reads on the internet and sees on TV.

01:57

He's absolutely sure that everything bad that ever happened in Russia

02:02

is the result of foreign conspiracies.

02:04

Corrupting Western influence

02:06

is why Leonid's father had problems with alcoholism and had to leave.

02:11

It's why the economy is stagnating, and the family is barely holding on,

02:15

even despite the payouts.

02:17

It's why Leonid no longer has a brother.

02:21

Not everybody in Leonid's immediate vicinity

02:24

understands the connection, though, and it frustrates the boy immensely.

02:29

He wants to act, to do something.

02:32

Leonid's brother wanted to act too, and join the army.

02:36

Leonid is neither as brave nor as stupid as that. No.

02:40

He knows that if you want to defeat Russia's enemies, you have to be smart.

02:45

And so when he returns home from school, Leonid becomes somebody else.

02:50

He becomes the Dark Diver.

02:54

He's just a cog in a much bigger movement. He knows that.

02:57

But Leonid learns fast.

02:59

The crew he belongs to is growing.

03:02

Just a few months ago, there were a handful of them.

03:04

Now it's dozens.

03:06

Together, they can do a lot.

03:09

Higher ranking members of Leonid's gang are smart.

03:12

They follow the news and have a good grasp of what's what.

03:15

Every few days, they lay out a set of targets and create a plan.

03:20

The group mostly does DDoS, Distributed Denial of Service.

03:23

They use a botnet, a collection of infected devices all across the world

03:28

to send requests and jam the target server, taking it down.

03:32

The crew's botnet isn't very big, but it's enough for some tasks.

03:36

Whenever they need something more powerful,

03:38

they chip in and buy some traffic from a vendor on the dark web.

03:42

Leonid's crew also probes websites and looks for a chance to deface them,

03:46

or maybe steal some data.

03:48

They scrape leaks for credentials and sometimes send out phishing emails.

03:52

Anything that would allow them to get to the target.

03:55

On a rare occasion, they infect the computer of their target

03:58

with ransomware, making it unusable.

04:01

Their techniques are varied, and so are their targets.

04:04

But there's one thing that ties those targets together.

04:07

All of them, every single one,

04:09

are in the countries Russia considers its enemies.

04:13

One target may be an institution of some European country

04:16

whose leadership said something bad about Russia.

04:19

Another one may be some American company,

04:21

because, of course, America is the main enemy of Russia.

04:25

Every other day, the target is in Ukraine, because that's just how the world works.

04:31

Every time they attack Ukraine, Leonid remembers his brother.

04:34

And thinks about how proud he would be.

04:38

Leonid considers himself a hacktivist,

04:40

one of thousands across the country and beyond.

04:43

I think if you were to use a sports analogy,

04:46

hacktivists are your minor league players.

04:49

They are often students or grad students or recent graduates,

04:54

who are trying to make a name for themselves.

04:56

They're trying to distinguish themselves with bold tacks.

04:59

Usually, idealistic, nationalistic, driven individuals with an agenda.

05:05

Hacktivist used to be independent, so they used to be something like

05:09

an individual groups that work on behalf of their leaders, of their teams,

05:13

of their beliefs, let's call it this way, in what they wanted to achieve.

05:18

The most famous one being KillNet, ZAPЯ, something like Anonymous Russia,

05:24

that's been on the news lately.

05:26

Again, why we're speaking about news because that's what's their aim.

05:30

They want to pop up, to be noticed, people to talk about their activity.

05:35

Chances are, if you've heard about some prominent

05:38

and annoying cyberattack recently, Leonid's group was responsible for it.

05:43

Not because the attack itself was damaging,

05:45

but because the group found a way to spin it.

05:48

They chose a target that would be easily noticeable,

05:52

something you couldn't just ignore.

05:54

Then they attacked it using the easiest way possible.

05:57

Whether the attack succeeded or not,

05:59

they posted about it on their social media.

06:02

The post exaggerated the whole story a bit.

06:04

Or maybe quite a lot.

06:06

But who's going to check anyway?

06:08

In the blink of an eye, the story was picked up

06:11

by every other hacktivist group, spreading it farther and farther.

06:15

Eventually, influencers, news accounts, all kinds of people began sharing it.

06:20

Before long, the news about the attack reached papers and TV channels,

06:25

and now everybody has heard of the operation Leonid's gang pulled off.

06:29

By that time, the effects of the attack have probably been mitigated,

06:33

but that's not the point.

06:35

The publicity, the buzz, the sense that their targets are vulnerable

06:39

and the gang can do everything,

06:42

that's the intention.

06:44

The end goal of Leonid's operation

06:47

is to cause as much arbitrary damage as possible,

06:50

to be the agents of chaos,

06:52

who see doubt, anger, and mistrust in everything they touch.

06:57

In Leonid's mind, that's the only way to fight the enemy,

07:00

who's as strong as the one they are fighting,

07:03

the West, as in the entirety of it.

07:07

All the governments, companies, and people

07:09

that belong to this nebulous and ever-changing group.

07:13

Because if you're in Russia,

07:15

every bit of information you get points to one thing.

07:18

They are responsible for the woes of the Russian people.

07:23

Leonid hates the West with the entirety of his heart,

07:26

and directs his angst to these long nights in front of the computer.

07:30

They give his life meaning, and he can't imagine things any other way.

07:35

In a sense, he's addicted to hacking.

07:38

The feeling it gives him, the thrills, the satisfaction,

07:42

the rush of adrenaline when something large crashes and burns.

07:46

Video games can't provide this kind of joy,

07:49

and real life doesn't even come close.

07:52

Leonid never felt this kind of camaraderie with his school buddies,

07:55

and he no longer has friends beyond other hackers in the gang.

08:00

As the boy dawns his alter ego, he is no longer alone.

08:04

He's no longer in a crumbling apartment block

08:06

on the outskirts of the city. He's in a tribe, a team,

08:10

a community that strives to change the world for the better,

08:14

one downed American website, one interrupted European service,

08:19

one jammed Ukrainian server at a time.

08:22

So far, Leonid did never consider earning money for his hacking endeavors.

08:27

But one day, if it all goes well, that may happen.

08:31

At least, there are people who managed to pull it off.

08:42

This is Peter.

08:44

He lives in the same apartment block as Leonid,

08:47

although they don't really know each other.

08:50

Peter is in his 30s.

08:53

He doesn't work anywhere. At least officially.

08:56

Well, he tried many times, but that didn't last.

08:59

Being a desk drone drove Peter mad,

09:02

so he quit even before Russia's IT market disintegrated.

09:06

An office job also didn't really meet Peter's financial needs.

09:11

Peter is not very good with money.

09:14

He loves nice things, maybe a bit too much.

09:17

Who can blame him?

09:19

Back in school, Peter's teacher always said that he's smart but lazy.

09:24

But when something interests Peter,

09:26

he can be the most hard-working person in the world.

09:29

Having nice things interests Peter a lot,

09:32

and so he found a job that can fulfill his needs

09:35

and give him an outlet to his talents.

09:37

Peter began hacking.

09:41

Not real hacking, at least not how some of Peter's superiors see it,

09:46

more like hacking by proxy.

09:48

The job is simple. Convincing as many people as possible

09:52

to download a small file.

09:54

Peter does that by collecting leaked credentials,

09:57

emails, nicknames, passwords.

10:00

He then stuffs them into login pages of social media accounts,

10:03

looking for matches.

10:04

In an unlikely chance of success, the password works,

10:08

and Peter adds the unlocked account to his loyal army of robots.

10:12

Those robots then do his bidding,

10:14

contacting the entirety of their friend list

10:16

with a simple message bearing a small attachment.

10:21

Most of this process is automated,

10:23

and Peter has only a vague understanding of how it works,

10:26

but even that understanding is more than enough.

10:30

The file Peter sends out is malicious.

10:32

It's also so well-designed that a child could use it.

10:36

Peter pays a small fee for access to that file.

10:38

It's easy, fast, it's like a franchise now.

10:41

You can buy a ransomware for a day or for a week,

10:44

get rich, that's what they think,

10:46

and leave to another country with full bags of money.

10:51

But yeah, that's not how it happens in the real world now.

10:54

As soon as Peter joined the gang, a few years ago, he immediately got lucky.

10:59

A few successful jobs in a row allowed him to get all the things he wanted.

11:03

For a while, he was living like a king.

11:06

His success ended quite soon, though,

11:09

and Peter kept chasing that high ever since.

11:12

Successful attacks still happen. Peter can't complain.

11:15

At least it's better than trying to find a real job.

11:18

Also, he got lucky once, so who says it can't happen again?

11:22

These ransomware attacks allow well-educated individuals

11:27

to make a lot of money very, very quickly.

11:31

With all the sanctions that have taken place within Russia

11:34

since the invasion of Ukraine,

11:36

it has created even less economic opportunity.

11:40

And I think the government in Russia has become even more tolerant

11:44

or even supportive of ransomware groups,

11:47

because all of these groups are bringing money into the Russian economy.

11:52

Law enforcement was never interested in

11:55

how ransomware operators earn their income.

11:57

Peter is pretty sure the police are well aware of what he does,

12:01

but they just don't care about that.

12:03

There's only one thing that could bother them,

12:07

and that's Peter crossing the line.

12:09

A part of Peter's job is to know who his targets are.

12:12

And it's an important part.

12:14

Anybody who lives in Russia, and friendly countries is off limits.

12:19

Larger Russian companies are so far behind the red line

12:22

that it's almost as if they don't exist.

12:25

Thankfully, most of this process is automated, too.

12:28

The malware detects language settings of the victim's device

12:32

and doesn't activate if Russian is selected.

12:34

However, if the target from Russia gets infected anyway,

12:38

Peter might be in trouble.

12:40

The bosses then dispatch a team of real hackers,

12:43

get in touch with the target, and sort out the problem.

12:46

This happened to Peter's victim once.

12:49

He got a sizable penalty and doesn't want the story to repeat.

12:53

It's pretty well known what happens to habitual line crossers,

12:57

people who attack forbidden targets despite the rules.

13:01

In the best cases,

13:02

they lose their business and have no chance of joining any gang.

13:06

Particularly annoying ones get visited by local thugs in the real world.

13:11

If a hacker crosses the line one too many times,

13:15

if he really steps on the toes of people who shouldn't be touched,

13:19

he gets the worst punishment of all,

13:22

the law.

13:24

Peter doesn't know anyone who's been arrested,

13:26

but he sees some of them on the news. The prospect of being paraded

13:30

in front of the whole country in handcuffs doesn't look very enticing.

13:34

As far as Peter understands, it's not politics.

13:37

It's much simpler than that.

13:39

You don't attack your own family.

13:42

And if you do, well, you only have yourself to blame.

13:45

So, Peter picks his targets carefully.

13:48

People in the West are much richer anyway, so why even bother with Russian targets?

13:53

The ransomware groups grew out of the dissolution of the Soviet Union

14:00

I think that the rampant inflation

14:03

and the privatization of industries, left a lot of very highly educated people

14:09

without a means of making an income,

14:12

and they turned to these types of attacks for economic advantage.

14:18

While quite new to the whole ransomware game,

14:20

Peter considered himself a hacker for a long time.

14:24

He got his first computer back in the '90s and quickly learned that

14:27

you don't have to pay money for things like video games if you're clever enough.

14:32

It was a different time, a wild time.

14:36

Back then, Peter couldn't even imagine that hacking can be

14:38

as profitable a business as it is now. Well, at least to some.

14:43

Everybody knows hackers who earn millions without breaking a sweat.

14:47

Someday, after some successful attack, Peter might become one of those, too.

14:53

Just one good job to buy a new car.

14:56

Maybe a new flat in a nicer part of town, or maybe if things turn out really well,

15:02

just leave everything and get away from it all to Dubai, Istanbul, even Europe.

15:08

One good job. Peter likes to sit like that

15:14

and think about all the nice things he'll get after hitting a jackpot.

15:17

But now, he's just noticed that he's all out of cigarettes.

15:21

On his way down to the shop, Peter passes the door of a neighbor he's never seen.

15:26

The door's always closed.

15:28

Peter doesn't know it, but if he ever messes up at work really, really bad,

15:34

he might get a chance of finally meeting the man who lives there.

15:46

The next chapter is loading,

15:47

so you can still hit that subscribe button while we have time.

15:51

Okay, almost over now.

15:55

Peter's neighbor is Andrei.

15:58

Right now, he's at work.

16:00

Andrei leaves early and comes back late.

16:03

He's divorced in his early 40s and doesn't have friends.

16:07

He wouldn't have time for them anyway.

16:10

Andrei finished university at the top of his class,

16:13

computer engineering.

16:14

While studying, he didn't even think about joining the military.

16:18

But one day, his class was visited by a recruiter

16:20

who offered a very enticing offer.

16:23

Andrei is quite good at finding vulnerabilities in computer systems.

16:27

There's a need for people with this skill, the recruiter said.

16:31

If Andrei wants to earn a passable income, he can join some local tech company

16:35

and spend the rest of his life slaving away at a desk job,

16:39

always overworked, and always on the verge of getting fired.

16:42

Or he could work for the government.

16:45

The recruiter was one from the GRU,

16:48

the military intelligence of the Russian armed forces.

16:51

It responds directly to the general staff, the very top of the Russian military.

16:56

Its members aren't your regular soldiers.

16:59

They're an elite. The very best Russia has to offer.

17:03

Andrei joined and never looked back.

17:06

Right now, he's in a grand building in the center of the city,

17:09

by a desk where he spends most of his time.

17:12

The environment isn't dynamic, but after a decade and a half,

17:16

Andrei got used to that.

17:17

He likes it, the predictability, the discipline, the order.

17:22

He even got used to the uniform, which seemed like overkill at first.

17:26

The work itself is hard but satisfying.

17:29

You have to learn and adapt.

17:31

There are lots of challenges, but that's the cost of being at the top of the game.

17:36

Andrei does not just hack things.

17:39

He does that on a level only a handful of people in the world ever reach,

17:44

and his targets reflect that.

17:46

Sometimes, Andrei's unit attacks foreign governments.

17:49

They infiltrate agencies, parties,

17:51

the very lives of world-famous politicians.

17:56

Sometimes, they attack foreign companies,

17:58

typically those in the defense or cybersecurity business.

18:02

But the most satisfying results come from breaching infrastructure,

18:06

breaking into power plants, factories, industrial control networks.

18:11

Andrei is in awe of it, the power he feels

18:15

when he holds the lives of thousands of people in his hands.

18:18

One press of a button, and they're gone.

18:22

A mass tragedy, a world war.

18:24

A lot rests on one click.

18:27

Andrei is addicted to that feeling,

18:29

and there's nothing he would agree to exchange for moments like these.

18:33

In particular, I think that targeting critical infrastructure,

18:36

targeting OT SCADA devices, that's where it all began.

18:40

And that's what we see now, a lot of companies in US, for example,

18:43

at the moment are being targeted, especially the one that do water supplies.

18:47

Of course, everything Andrei does is strictly supervised.

18:51

His agency isn't after death and destruction.

18:54

What the superiors really need are military and trade secrets.

18:58

When necessary, they inflict just enough damage to show that the team was there.

19:02

No more, no less.

19:05

GRU is just one of many Russian institutions that do this kind of job.

19:10

There is the FSB, the Federal Security Service.

19:13

Andrei never met their hackers.

19:15

But people say they're smug and undisciplined.

19:18

Many of them aren't even officers.

19:20

There's the SVR, the Foreign Intelligence Service.

19:23

Andrei collaborated with them once or twice.

19:25

They're competent, but most of their work involves

19:28

informational attacks, political espionage and such.

19:31

Useless tasks, in Andrei's opinion.

19:34

And of course, there are the civilians.

19:37

Thousands upon thousands of them.

19:40

They're difficult to control, more of a mob than an army.

19:43

Some of them hack for political reasons.

19:45

Others seek financial gain.

19:47

In addition to hacking, Andrei's unit

19:50

also controls and orchestrates the civilian attacks,

19:53

picks and clears targets, draws lines, and punishes the misbehaving hackers.

19:58

I might assume that a lot of hacktivists now, especially in Russia,

20:01

they're under government's control.

20:03

That's why I was saying about them targeting the same goals.

20:06

They might be achieving something like an order

20:09

or something like a target they need to hit,

20:12

and they are doing this, one by one.

20:14

Of course, you wouldn't pick a hacktivist or even a ransomware operator

20:19

to do a real hacker's job.

20:20

They won't be able to infiltrate a defense contractor

20:23

or break into an email server of a political party.

20:26

That's the work of Andrei and his colleagues.

20:29

But even a disorganized mob of script kiddies still has its uses.

20:34

But again, if we try to remember that there is a different goal

20:37

for different security operations, then you understand that some operations

20:41

are being designed just to showcase that they've been done,

20:45

that they were implemented, that the goal was achieved,

20:48

and others are staying undercover.

20:50

The other reason might be something like when a magician does his trick,

20:54

he usually shows something in front,

20:56

but the real action is done on the background.

20:58

That might be also a trick.

20:59

When you try to focus attention of cybersecurity authorities,

21:04

let's say in US, into water supply grid,

21:06

at the same time, you might be targeting something else.

21:09

You put their attention in the other spot just to make sure you do all the action,

21:13

all the important action, in quite other directions.

21:17

Andrei isn't too pleased with civilian hackers,

21:20

but he understands that they're a valuable asset for the country.

21:23

They provide cannon fodder, a cheap way to conduct a lot of attacks,

21:27

or in the worst case, at least a distraction.

21:31

They're also the future.

21:33

The kids among them will grow up one day, get bored of hacking for fun.

21:37

They'll want a better life and a real purpose to work for.

21:41

Andrei used to be just like them back in the day.

21:44

In his teenage years, before he was a hacker,

21:47

he frequented the same forums as Peter, and unbeknownst to anybody,

21:51

a lot of that very convenient software Peter uses,

21:54

draws roots from things Andrei wrote in his youth.

21:58

It was malware, quick and dirty exploits to be dropped

22:01

on the dark web for all to use.

22:03

But Andrei's first love was cracking.

22:05

Games at first, then work programs, then industrial software

22:09

that could be sold to Russian businesses and provide teenage Andrei

22:12

with enough money to sustain his hacking hobby.

22:15

The percentage of software that is cracked or not properly licensed in Russia,

22:19

I would say it's in excess of 90%

22:22

if you get into the very sophisticated tools

22:25

that are used for designing electronics and mechanical engineering

22:30

and chemical engineering and these types of applications.

22:32

I think a lot of these things are now embargoed.

22:35

You cannot even purchase legitimate copies of these design tools today,

22:40

so it's almost forced piracy.

22:41

But even before the sanctions went into effect,

22:44

Russian industry ran off of unlicensed or cracked software.

22:49

But besides money, there was one more thing that this activity provided.

22:54

Power.

22:56

The first time Andrei felt it,

22:58

he was still a teenager, hooked on the internet

23:01

through a landline in his parents' flat. He remembers looking at the wire,

23:05

a line of metal encased in transparent plastic,

23:08

pondering how so much can be done through such a thin connection.

23:12

The whole world could fit through there and bend to his will,

23:16

with just a handful of clever math tricks.

23:19

It was a sense of power Andrei never found anywhere else,

23:23

and he hasn't been able to let go of it ever since.

23:26

Sure, the '90s in Russia were full of chaos, and poverty.

23:31

But Andrei remembers the hacker scene of that time very fondly.

23:35

The decade was full of opportunity.

23:37

It hooked Andrei on hacking and instilled in him a sense of purpose.

23:41

It's that feeling that brought him to the GRU

23:44

and gave him the life he has now.

23:47

The '90s brought up an entire generation of hackers who had skills and motivation,

23:51

who could do so much with so few resources.

23:55

If things went differently,

23:57

those people would be the backbone of a strong IT industry.

24:00

Maybe in some other alternative world, Russia is the cybersecurity powerhouse,

24:04

with the most skilled, ethical hackers you can find.

24:07

In that world, Andrei is probably heading a prominent cybersecurity company.

24:12

Leonid is participating in hacking competitions,

24:15

and honing his skills before becoming a well-known researcher.

24:19

And Peter works with customers,

24:20

helping them solve their problems instead of creating ones.

24:24

But that alternative world does not exist.

24:28

This reality is all we have.

24:30

In it, Russia has no place for ethical hackers.

24:34

The easiest path for curious and skilled people is the path of cybercrime.

24:39

It's the only way for them to satisfy their addiction.

24:42

On addiction, the path both creates and feeds

24:46

because the Russian state itself is addicted to cybercrime, too.

24:50

It's an integral part of its foreign policy, economy, and life.

24:54

A quick high instead of the slow and painful process of development.

25:00

Just like any addiction, it's a vicious cycle,

25:03

and there's no indication that it's going to stop.

25:07

Or maybe there is.

25:20

All the characters depicted in this video are fictional.

25:23

We created them by combining everything we know about the Russian hacker world

25:27

into a few easily understandable bits.

25:29

But behind these characters are real people with real lives,

25:33

the real Russian hackers.

25:35

They are people, people who have their own motivations for what they do,

25:39

and who spread fear and misery with a clear and deliberate intention.

25:43

Behind those people is a state for which conducting cybercrime

25:46

is an official way of doing things.

25:48

Crashing websites, pushing ransomware, spreading disinformation,

25:52

and advancing its agenda in any way possible.

25:55

That's how Russian foreign policy works.

25:57

We know quite a lot about the inside life of the Russian hacking scene.

26:01

There are insider reports, whistleblowers,

26:04

people who infiltrated and researched that world.

26:07

And while we don't know a lot about what happens at the very top of it,

26:10

we can infer the intentions of the people who are in charge.

26:14

However, there is one question which remains open.

26:18

Can Russia get rid of its addiction to cybercrime?

26:21

Is it not too late to change?

26:23

Maybe start investing time and resources into becoming a productive technology hub

26:28

and let go of the high that ultimately gets you nowhere.

26:31

Well, not doing anything about that is easier, that's for sure.

26:35

But is the country, and most importantly, the people in it, better that way?

26:41

Thank you for watching, and we'll see you in the next video.