Cyberwar (2016) s01e14 Episode Script

Crime & Government Russia's Hackers

1 BEN: A Russian cyber gang robs western banks.
They would go for the $100,000 or $1,000,000 wire transfers.
Their malware shows links to Putin's government.
When I saw the commands and the comments, I knew that it was something different from the rest.
Do criminal hackers help Russia spy on its enemies? And what does this say about the country's hacking scene? They think to hack Americans is like a heroic thing for them.
Over the past few years, I've reported for VICE from inside Russia, and I've witnessed firsthand the authoritarian power of the Vladimir Putin regime.
I've also learned that hackers at intelligence agencies, like the FSB, Russia's State Security Service, have a murky relationship.
The country's hackers make headlines around the world for thefts and politically motivated cyber-attacks.
Just ask Hilary Clinton and the Democratic National Committee.
But how strong is the collaboration between cyber criminals and Russian spooks? I'm in Pittsburg, where a little-known FBI office specializes in cybercrime investigations.
This is the spot where the Feds disrupted one of the most sophisticated and lucrative malware schemes ever discovered.
"Gameover ZeuS" infected over a million computers, creating a network, or Botnet, that spanned the globe.
Those infected computers helped hackers rob more than 150 banks around the world, stealing more than $100 million from US banks alone, and in such a way that was hard to trace.
And Cryptolocker, a ransomware program installed by Gameover ZeuS, shut hundreds of thousands of users out of their own computers until they paid to have them unlocked.
After taking down the Botnet, the FBI identified the mastermind as a Russian suspect named Evgeniy Bogachev, and made him number one on their Most Wanted Cyber Criminal List.
Scott Smith was the Special Agent who led FBI Pittsburgh.
And who was it targeting specifically, Gameover ZeuS? It was mostly targeting the banking industry, or payrolls, larger businesses.
It was trying to get the banking credentials, passwords, and get in and do large-scale wire transfers.
They generally were not looking for some of the individual private accounts for $1,000 or $2,000.
It just wasn't what they They had so much access to so much larger accounts, they would go for the $100,000 or $1,000,000 wire transfers.
The FBI pinned Gameover ZeuS on an organized group based in Russian dubbed the "Business Club".
And at the head of it was a mysterious character named Evgeniy Bogachev, AKA Slavik.
So who is the Business Club? Business Club is a pretty close-net organization.
Each person headed their specialty, or area of responsibility.
You know, those that would work on the infrastructure, those that would supply the mules that would take out the money, those that would create the accounts that would sweep the funds to, those that have more technical abilities to tweak the malware and direct it and put it out.
And we know that there is a certain character at the centre of it BOTH: Bogachev.
Yeah, Bogachev.
So you're pretty familiar with this guy? Yeah, he was the in a sense, the head.
He had both the technical skills and the criminal background to bring together the organization, to tie it together, to make it profitable.
You know, he actually has a $3,000,000 reward for the apprehension and prosecution.
So that's the largest for a cybercriminal ever.
That entices a lot of different people to help us out with his apprehension.
How has the Russian government cooperated with your office, with the FBI, with respect to Bogachev and some of these cyber criminals? Have they been easy to work with, or? I'm sure they know who he is, and to the extent they would help us, that's more of a sometimes political question than it is a FBI law enforcement question.
But if there's anything I know about Russia, it's that the extradition of their own, especially to the good old US of A, is unthinkable.
But there may be another reason that the indicted hacker, Bogachev, feels protected in Russia.
After looking at Gameover ZeuS, a Dutch security company called Fox-IT discovered that the malware had been retooled with an espionage component.
The targets, which included foreign ministries and intelligence agencies, were written right into the code.
And they were all in the wheelhouse of the FSB, Russia's security and intel agency that's the successor to the KGB.
When I saw the commands and the comments, I knew that it was something different from the rest.
Started researching it, and you know, quite quickly figured out what it was.
This is Michael Sandee.
He's a financial malware expert who's been tracking Gameover ZeuS and obsessing over Bogachev for years.
So what about that? There was a surveillance aspect to Gameover ZeuS.
So it wasn't just stealing money, it was also espionage against very specific targets.
The most obvious ones were Turkey and Georgia, and later when the you know, the more recent Ukrainian conflict started, they started to target Ukraine as well.
There were actual specific names of government employees that were listed in their search commands.
But would you say that the evidence suggests that, in some way, some possible Russian agent with the FSB, or some of their state intelligence services, slipped some names or some search terms to Bogachev to insert into Gameover ZeuS? Yeah, that is a very good possibility.
Like it was just a large amount of commands in there.
You know, when you see them all together, you know well, this is not just, you know he himself just thinking up, you know, search terms.
This is something that was given to him, obviously.
There's a $3,000,000 bounty on Bogachev from the US government; that's a lot of money.
It is.
But nobody's found him, in the world.
So what's what's with that? Why hasn't anybody found him, and why hasn't he been apprehended? Yeah, it's a good question.
Obviously I also don't know, because if I knew, then you know, I would be cashing in that $3,000,000 obviously.
But you know, a number of things could have happened.
Maybe he is now full-time working for the government, or he has really disappeared somewhere.
It's really difficult to say.
With a multi-million dollar bounty on his head, Bogachev is going to be a tough guy to track down.
But even if it is next to impossible to meet the legendary Slavik, I want to get on the ground with Russian hackers to see the scene for myself.
BEN: I'm in Moscow, trying to learn more about the links between Russian black hat hackers and the country's spy agencies.
I'm looking into the case of an infamous Russian hacker named Evgeniy Bogachev.
He's the FBI's number one Most Wanted Cyber Criminal, but rumour has it he's under the protection of Putin's government, and that makes sense.
Turns out the malware Bogachev used to rob banks also contains surveillance software serving the country's geopolitical interests.
Andrey Soshnikov is a BBC reporter in Moscow.
He became known for exposing Russia's troll farms, which spread pro-Russian and anti-American propaganda around the world.
I asked him about the hacking scene in Russia, and how Bogachev fits into it.
Bogachev is a legend, of course.
Still number one on the FBI list.
I know his fans.
Some of my people I know, they pray for Bogachev.
And why is he such a legend in Russia? A bright mind.
He has such a he's so clever.
They think to hack Americans is like a heroic thing for them.
America is our former enemy, and it's our kind of enemy nowadays.
Americans use their infrastructure to monopolize internet, and some day they can use it against us.
So hacking them, it shows them that we are stronger, that we have the best minds.
Is the Russian government interested in bringing Bogachev to justice, like to jail? No, absolutely not.
- No? - No, absolutely not.
Because they receive no punishment for hacking out of the country.
So then how do some of these people get into the black market and work for criminal syndicates? It's not the black market.
You can call it black market; it's just a free market.
There's no security service trying to put this down.
They use it themselves because they can't afford to use hackers full-time.
So they just can hire them.
Speaking to ordinary people like me, I can use this black market too, if I need.
I can just connect to one website, and I can hire any expert I need in this cyber fraud, hacker, everything I need.
Russia may have some of the world's most notorious hackers, but it's also home to some of the world's best security researchers.
I'm at the headquarters of the Russian cyber security giant, Kaspersky.
It's a private company, but it frequently works with Russian law enforcement in cybercrime investigations.
Looks like a government command centre.
Yeah, yeah, yeah.
(Laughing) So we have three rooms like this in Moscow, Seattle, and Beijing.
And is this all just code? Yes, it's machine code, machine code of one of the most known, the ZeuS.
- ZeuS, right.
- ZeuS malware, yeah.
This is the larger-than-life big boss of Kaspersky, Eugene Kaspersky.
He's known for throwing epic parties and as a pioneer of anti-malware.
Some people, they collect post stamps (Laughing) Butterflies.
So I was I was collecting computer viruses as a hobby, and then my hobby slowly became my job.
But now you say that the best hackers in the world are in Russia.
Unfortunately, yes.
Well, we estimate that now there are about a dozen Russian-speaking criminal gangs, cybercriminal gangs, which are very professional and they're quite a serious problem.
And Kaspersky, as I understand it, is tracking some of these groups.
Yes, of course.
It's a company mission to save the world, to save the cyber world.
Why is it so hard to catch people like Bogachev, who are these, you know, brilliant hackers? In some cases, they are really professional, so they can stay in the shadow for a long, long time.
And for example, they don't attack victims on the territory of their own country, so the local law enforcement, they don't have the the permission to start the criminal case.
Simply because there was no, zero victims on territory of Russia.
With no victims inside the country, Bogachev and his group may not have to worry about the Russian authorities, but he's still the FBI's Most Wanted Cyber Criminal.
I'm in Las Vegas to meet an expert on Russian cyber gangs.
He made a name for himself by trolling the dark web and revealing the inner workings of several major crime rings.
As you can imagine, Brian Krebs has also managed to piss off said rings.
One hacker tried to get even with him by sending a gram of high-grade heroin to his house, and then phoning in a tip to the cops.
One thing I wanted to ask you about, because you said the Russian government condones hacking or hackers; what do you know about kind of the connections between Russian intel and hiring freelancers? What's the relationship there? I've long suspected that some of the longest running Russian hacker forums are actually run by the FSB.
Really? I'm sure, because they have to know who these people are.
And And when they become useful for some reason, their government's not shy about making that desire known.
Some of the guys that I've been able to track down, a lot of these guys kind of romanticize the way the Soviet Union was, and they sort of want that to be they want Russia to be a superpower again.
They want Russia to be somebody to be reckoned with.
BEN: Which brings me to another character: Bogachev.
BRIAN: He's a really interesting guy.
He's an interesting guy, 'cause one thing that we've seen in Gameover ZeuS, there was actual surveillance information, or surveillance tools, inside of his code.
He was trying to gather stuff on Turkey, and FSA, and Georgia, and Ukraine.
Why would he have done that? This is a guy who's been only interested in money for this many years.
You know, I mean, you increase your usefulness if you have that kind of access, so and a guy like that would need protection.
Oh yeah, the FBI is very interested still.
He's probably not able to leave Russia ever.
(Laughing) I mean, if he does, you know, there's a good chance he'll get picked up.
BEN: I reached out to all of my sources and followed every lead, but I haven't been able to arrange a meeting with the notorious hacker, Evgeniy Bogachev.
I heard he was living large in southern Russia, under the protection of Russian intel.
In fact, there was a rumour he even got plastic surgery to avoid being recognized.
Bogachev or not, I wanted to see this Russian cyber-criminal underworld for myself.
So I'm meeting with a famous hacker here in Russia named NSD.
He's a pretty interesting character, 'cause our local producer, Dima, said he wanted VICE to buy shares in his new Russian company, and he was also concerned that the cameras that we're using would give him radiation.
So this is gonna be pretty interesting.
Hello.
Nice to meet you.
Oleg Tolstykh, AKA NSD, isn't of Middle Eastern descent, and dresses in the style of a Gulf Sheik because "it feels good," as he said to me.
He was once a notorious hacker, rumoured to be involved in carding and bank theft.
But after he appeared in an infamous YouTube video, living the Russian hacker life, he supposedly went legit.
Now, he claims to run a public software company that's listed on the Moscow Stock Exchange.
So I did see a video of you before this.
Do you know what video I'm talking about? So when you were younger, you were described as a computer genius.
Was it tough though, when you were younger, to make money? So I know you don't want to talk about the dark side of the world of Russian hackers, but I'm going to be here for a few more days.
Do you have any advice for me on how I can better report on that world? Do you think any of them would talk to me? - I think no.
- Why not? Uh uh Oleg gave me a true taste of just how freaky and shadowy the Russian hacking world is.
But I needed more, and got the name of another supposed hacker with a colourful past.
Warning: Things are about to get even weirder.
Meet a self-described hacker who calls himself "Nc".
I found him in a typical-looking Soviet-era apartment block.
Holy shit! [Bleep].
It's just - He's even got the weird TV going off in the corner for no reason.
Very cool room.
So, what do you hack? So what have you hacked, stolen and sold? Why are you, why are you stealing (Chuckling) TRANSLATOR: He just got like, you know, literally - Hmm? - No, I'm okay.
Are you Are you hacking VICE right now? Oh, that's weird.
This got real in a hurry.
That's not gonna happen.
I'm not giving him anything.
You say you have customers or clients? Are any of those you know, the FSB? The Russian government? Just like a scene out of Hackers, and he would never answer a question, and said, "Everything is open, but I hack things.
" That was That was insane.
BEN: Here in Moscow, finding a hacker who would talk openly about their relationship with Russian intel was near impossible, until we prowled a local hacker bar and met up with a woman who calls herself "Eas7".
She's a known hacker and once worked on industrial espionage for the FSB.
And is it a regular thing for FSB to approach hackers, cyber criminals, to do work for them? Is that something that happens all the time in Russia? Have you ever worked with anybody who could be classified as a "cybercriminal", somebody who works in, you know, groups that will hack things for money or for illegal purposes? Yes.
(Laughing) Is there a kind of unwritten rule that hackers in Russia don't hack Russian institutions? Those industrial espionage targets you were targeting, were they American companies? So, according to Eas7, the Russian government hires freelancers to do some of its dirty work, and many of those same hackers are involved in criminal activities.
Russian authorities don't seem to care much about their citins hacking foreign targets, and those hackers may even be protected when they prove to be useful in other ways.
That might explain why it's so hard to find Bogachev, and why it's so hard to attribute any attacks that come out of Russia.
US intelligence officials, for example, are confident that the Democratic National Committee hack was directed by the Russian government.
But that doesn't necessarily mean Putin's hackers were the ones actually responsible for it.
Maybe this is an arrangement that suits the Putin regime? The government gets a steady stream of hacking talent that can act outside of the bounds of International Law and Russian officials also get plausible deniability for the attacks that ultimately serve their interests.