Why Russian hackers are beating us

security hacker
Credit: Thinkstock

Russian cybercriminals approach hacking like a chess game, staying many steps ahead of targets in defense and offense

Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players, an expert says.

"Russians are more intelligent than Americans," Tom Kellermann, chief cyber-security officer for Trend Micro, said. "They're more intelligent because they think through every action they take to a point where it's incredibly strategic.

[Ukraine says Russia is attacking critical infrastructure]

"They're operating at eight to 12 steps ahead on both the offensive and defensive side of the (chess) board."

The attacks that occurred this month resulted in the loss of gigabytes of customer data. One of the banks has linked the breach to state-sponsored hackers in Russia, Bloomberg reported Thursday.

The FBI is investigating whether the attacks are in retaliation to U.S.-imposed sanctions for Russia's involvement in the battle between the Ukranian government and Kremlin-supported separatists.

Trend Micro has studied Russian hackers for years. In 2012, the company released a research paper called "Russian Underground 101" that described in details the tools and services available in online marketplaces.

Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked, Kellermann said.

"The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules," he said.

Attacks typically start with target reconnaissance to gain an understanding of the network topology and then predicting the security tools and controls that will have to be bypassed to infect systems and get data out.

"They're complete geniuses because of how they operate with their very chess-like perspective on IT and cybersecurity," Kellermann said.

The hackers develop automated attack platforms and exploit kits with some of the most advanced capabilities and are adept at finding and exploiting zero-day vulnerabilities in software.

Indeed, the hackers responsible for the latest breach exploited a zero-day flaw in at least one bank's website.

Tools are available for each attack stage, including the delivery of the exploit, the lateral movement of malware in the network, data mining and the exfiltration of data.

"It (Russia) is the most advanced marketplace for hacking services in the world and it maintains, what I would consider, the true Silicon Valley of the East," Kellermann said. "It has the greatest expertise when it comes to ethical hacking, penetration testing and black-hat hacking."

Russia has used hackers before to strike political targets. In 2007, the country was behind distributed denial of service (DDoS) attacks that took down Estonian government websites during a disagreement over the relocation of a Soviet-era grave marker and war graves.

In 2008, Russia orchestrated an attack that disrupted Internet communications in Georgia several weeks before invading the country.

Without cooperation from the Russian government, arresting hackers in the country is nearly impossible. Therefore, U.S. companies have to change their security paradigm from keeping hackers out to catching them once they are in the computer network.

[Feds probing possible hacking incident at JP Morgan Chase]

The first step is to collect intelligence on the most likely attackers and then perform penetration testing on critical software most likely to be on the path hackers would take in the network, Kellermann said.

Secondly, spending should be less concentrated on antivirus software, firewalls and intrusion detection systems and shifted to technology that detects malware and its lateral movement within a network.

This story, "Why Russian hackers are beating us" was originally published by CSO.

Join the discussion
Be the first to comment on this article. Our Commenting Policies