“Russia wants to legalise cybercrime for homeland [security]” – Oh My, that IS shocking! Was my initial reflection on this headline from a piece by Gintara Radauskas published in Cybernews. I then immediately thought this article was either A.) a case of sloppy reporting (I hoped) or B.) a further indicator that the Russian Federation had totally lost its mind as a rational actor (I feared). 

As much as I wanted Radauskas’s article to be a case of sloppy reporting it was not. Independent fact checking soon showed that, yes indeed the Russian Federations government represented by Alexander Khinshtein, head of the Duma Committee on Information Policy had stated: 

We are talking about, in general, working out an exemption from liability for those persons [hackers] who act in the interests [hacking] of the Russian Federation in the field of computer information both on the territory of our country and abroad.” 

Not only does Alexander Khinshtein sit at the heart of the Russian government, but this article was originally reported via the Russian State owned Tass news agency (Tacc). The message is a clear, legitimate and deliberate message from the Kremlin around this issue. 

Khinshtein’s statement on behalf of the Russian Federation is significant within the CTI circle for a number of reasons. In essence the proposition from the Russian Federation is to decriminalise what CTI Analysts have previously termed “patriotic hacktivism”.  This is known as a private person i.e., not uniformed military, police etc., conducting hacking activity on behalf of their country. What adds an edge to this dry definition is that prior to this announcement, for the past decade, Russian based cybercriminals had been responsible for some of the most damaging cyber-attacks against Western countries in the form of ransomware.

Will decriminalisation of patriotic hacktivism in Russia happen?

While I am of the mind that the Russian government has genuinely signaled that it is considering decriminalising patriotic hacking activity, this does not equate to automatic passing of this legislation. The messaging circulating this could very well be deliberate disinformation designed to “saber rattle”. At a time of extreme tension between Russia and the West, the bottom line is, what would happen if the legislation followed the pronunciation?

To further consider this question, below is an abridged Strengths Weakness Opportunities and Threats (SWOT) analysis I quickly collated after reading Radauskas article.

Figure 1: SWOT analysis of the possibilities around the Russian Federation decriminalising Patriotic Hacktivism

From a Western perspective, the most compelling factor for not passing the legislation is the point outlined in the “Threat” section shown in Figure 1. By decriminalising patriotic hacking, the Russian authority loses a significant element of control over their hacking diaspora with the removal of legal threat. Of course, the Russian Federation has shown time and again their aloof attitude to the rule of law and will happily engage in physical intimidation of those who oppose. With recent known attacks including the murder of (Alexander Litvinenko et al). As such from the Russian Federation’s perspective, the threat outlined in Figure 1 is however negligible within the wider context of the message the Russian Federation is trying to send.

Based on the above and other less compelling factors, I can only see it being in the Russian Federation’s interest to decriminalise patriotic hacking. Certainly within President Putin’s interests, if this allows him to hold onto power for one more day. 

How will decriminalisation of patriotic hacktivism affect the Cyber Threat from Russia?

The fact that Russian hackers have been working with the Russian military and intelligence agencies is certainly not new. It has been an open secret for the past decade at least, that the Russian Authority has been highly active in leveraging a range of Russian cyber criminals towards achieving state aims. Witnessing the history of the “Black Energy” malware and its origins on Russian speaking cybercriminal forums circa 2007 used by the Russian state affiliated group “Sandworm” post 2015 is just one example of this. 

So, what would really change if decriminalisation occurred?

In my assessment, decriminalisation would move cyber criminality into the mainstream of the Russian tech sector. Even today, the Russian hacking scene is still somewhat of an underground scene. Many Russian hackers see cyber criminality as a transit route to a more mainstream tech career rather than a final destination in and of itself. Any type of decriminalisation, be it growing weed, prostitution or computer hacking creates the possibility of turning a side hustle into a full-time gig. Essentially, this shift could have huge implications for the overall cyber threat posed by the Russian Federation. 

This assessed increase in threat would be caused by the formalisation of hacking as a “career path” that decriminalisation would create. The Russian hacking scene, although underground, is already developed with defined cyber-criminal “software houses”. Many include complete development lifecycles and even “customer” criminal support. Decriminalisation would allow this scene to fully come to light with formalised offices, supporting courses and career plans. Similar to the same way the Iranian hacking scene developed in the wake of the Stuxnet incident in 2010. 

How to respond?

  • Let us put this news into perspective: If the Russian Duma passed the proposed decriminalisation law today, the possible impact outlined above would take months if not years to manifest. Politics and its social impact move slowly, and we would not see a rapid change from this legislation. 
  • Integrate CTI into your defences: Even without this news, the war in Ukraine has laid bare the true threat from the Russian Federation. Cyber is just one aspect of the threat quiver of methods that can be used to target the West. As such, there has never been a better time to integrate CTI into your cyber defences. 

See our short video on how a mark 1 version of this process may work:

  • Take a moment to reflect: Considering this type of legal move is an unprecedented step on the part of the Russian Federation, even if it is yet more disinformation from this state. What this does highlight is how far the current Russian authority has drifted from international norms. As the old Chinese curse says – “may you live in interesting times”.