Why Russian hackers are beating us
Russian cybercriminals approach hacking like a chess game, staying many steps ahead of targets in defense and offense
By Antone Gonsalves
Aug 29 2014
Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players, an expert says.
“Russians are more intelligent than Americans,” Tom Kellermann, chief cyber-security officer for Trend Micro, said. “They’re more intelligent because they think through every action they take to a point where it’s incredibly strategic.
“They’re operating at eight to 12 steps ahead on both the offensive and defensive side of the (chess) board.”
The attacks that occurred this month resulted in the loss of gigabytes of customer data. One of the banks has linked the breach to state-sponsored hackers in Russia, Bloomberg reported Thursday.
The FBI is investigating whether the attacks are in retaliation to U.S.-imposed sanctions for Russia’s involvement in the battle between the Ukranian government and Kremlin-supported separatists.
Trend Micro has studied Russian hackers for years. In 2012, the company released a research paper called “Russian Underground 101” that described in details the tools and services available in online marketplaces.
Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked, Kellermann said.
“The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules,” he said.
Attacks typically start with target reconnaissance to gain an understanding of the network topology and then predicting the security tools and controls that will have to be bypassed to infect systems and get data out.
“They’re complete geniuses because of how they operate with their very chess-like perspective on IT and cybersecurity,” Kellermann said.
The hackers develop automated attack platforms and exploit kits with some of the most advanced capabilities and are adept at finding and exploiting zero-day vulnerabilities in software.
Indeed, the hackers responsible for the latest breach exploited a zero-day flaw in at least one bank’s website.
Tools are available for each attack stage, including the delivery of the exploit, the lateral movement of malware in the network, data mining and the exfiltration of data.
“It (Russia) is the most advanced marketplace for hacking services in the world and it maintains, what I would consider, the true Silicon Valley of the East,” Kellermann said. “It has the greatest expertise when it comes to ethical hacking, penetration testing and black-hat hacking.”