Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       


The Lauded Russian Hacker Whose Company Landed on the U.S. Blacklist

The blacklist includes two people suspected of cybercrimes, and four others who are military intelligence officers. All are the kinds of figures one might expect to be on a list of people targeted by the Obama administration in retaliation for Russia's malfeasance, including efforts to influence the 2016 election.

Then there is the one who calls herself "mishacker," a globe-trotter with a rebellious online persona who is perhaps the most intriguing of the newly revealed Russian spies.

On what appears to be her personal website, called "Hello, stranger," that person, Alisa Shevchenko, introduces herself and expounds on some of her digital accomplishments, including setting up a work space for hackers in Moscow.

"My name is Alisa," the site reads. "I am a human being. Part misfit, part mishacker. A businesswoman in the past as well as in a possible future. Currently I am mostly working on vulnerabilities and exploits, while striving to minimize entropy in the process."

The White House identified the company Ms. Shevchenko founded, Zor Security, as a supplier to the Russian military's Main Intelligence Directorate, or G.R.U., the group said to be behind the hacking attacks on the Democratic National Committee and other political organizations. The United States government said the company provided technical support to the G.R.U. for the attacks.

Ms. Shevchenko had been a minor celebrity in Moscow computer industry circles as a "legal" hacker. An article in the Russian edition of Forbes magazine in 2014 described the work of her business as discovering security flaws in the software of banks and other institutions.

And a year before the United States government applied sanctions against her company, the Department of Homeland Security said she had helped prevent cybercrime under a program of information sharing between the public and private sector. Ms. Shevchenko was said to have assisted a French company, Schneider Electric, in identifying vulnerabilities in its software.

Ms. Shevchenko was recognized in a notice from the department's Industrial Control Systems Cyber Emergency Response Team, set up to coordinate between the government and industry to protect "the nation's critical infrastructure."

This nod from the American government illustrates Ms. Shevchenko's ambiguous role and, more broadly, the diversity of people believed to be working inside Russia's government hacking program. The inclusion of Ms. Shevchenko's company on the American sanctions list sheds light on the sprawling scope of the effort, which drew in students, civilians and possibly criminal hackers to bolster the military and intelligence agencies' cyberwar abilities.

Praised in the Russian news media as a young talent in 2005, when she was just 21, Ms. Shevchenko worked on cyberdefense projects but embraced the symbols and parlance of criminal hackers.

She has tattoos and often posts messages on Twitter under the handle "badd1e."

In a flurry of Twitter posts on Friday, Ms. Shevchenko mocked an American sanctioning agency, the Office of Foreign Assets Control, with a vulgarism, and said that she had already closed Zor Security.

A message sent to Ms. Shevchenko's Twitter account was not answered Friday.

"How my little simple company (closed long ago at that) could possibly appear in the same list with the FSB and international terrorists," she wrote, using the initials of the Russian name of the Federal Security Service, the successor to the K.G.B.

The Forbes article identified Ms. Shevchenko as the winner of a hacking contest in 2014, in which she had found her way into industrial control software used for such things as running electrical power plants and grids.

"I didn't expect such triviality," she was quoted as saying after winning the contest. She said she found "around 10 vulnerabilities in just a few hours."

On her website, Ms. Shevchenko posted a link to a blog entry on the award she won.

"If exploited in real life, discovered vulnerabilities could cause harmful consequences, such as denial of service, functional failure of critical infrastructure management systems, which in its turn may disrupt normal life of an entire city," the blog post said of her hack.

Her Twitter feed cultivates the persona of a digital rebel.

In Moscow, her website said, Ms. Shevchenko founded a working space for hackers in the Chistye Prudy neighborhood of the capital, called Neuron Hackspace, also ostensibly for legitimate security purposes.

The more prominent of the two cybercriminal suspects designated in the sanctions announced by the Obama administration was Yevgeny M. Bogachev, who the Treasury Department said was a developer of malicious software. One product, called Zeus, was used to steal bank account information, while another, Cryptolocker, scrambled the system of victims until they paid a ransom, according to the Treasury Department. The sanction notice said Mr. Bogachev had stolen about $100 million from American companies and government agencies.

While the Treasury Department imposed sanctions on Mr. Bogachev for criminal activities rather than political ones, at times in Russia's digital underworld, the distinction is one without a difference.

In the current wave of Russian politicized hacking, code from the Zeus malware showed up in phishing attacks, according to Dmitri Alperovitch, a co-founder and the chief technology officer of the American cybersecurity company CrowdStrike.

The Treasury Department also imposed sanctions on Aleksei A. Belan, who is accused in the theft of email addresses and passwords from customers of three e-commerce companies.

"The fact is, the Russian system of mathematical education is quite good," Anton M. Shingarev, a vice president at Kaspersky, a Russian antivirus company, said in an interview. "And it produces a lot of computer programmers. And this is the reason why there are a lot of Russian hackers."

[Source: By Andrew E. Kramer, The New York Times, Moscow, 31Dec16]

Bookshop Donate Radio Nizkor

Privacy and counterintelligence
small logoThis document has been published on 02Jan17 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.