Dmitry Smilyanets
cost U.S. companies hundreds of millions of dollars when he was a hacker living in Russia in the 2000s. He said a selfie from a trip to Amsterdam in 2012 tipped off U.S. authorities to his whereabouts, ultimately landing him in prison.
Mr. Smilyanets now helps companies protect themselves against cyberattacks and studies the activity of Russian ransomware gangs as principal product manager for identity intelligence at the cybersecurity company Recorded Future Inc. He is the subject of a WSJ podcast series, Hack Me If You Can.
Here are highlights of his interview at the WSJ Pro Cybersecurity Forum on Wednesday, edited for clarity.
How he got into criminal hacking:
“During this time in Russia, there was no law for cyber and at some point I believed I wasn’t committing any crimes. It felt easy.”
The relationship between ransomware groups and the Russian government:
“If we talk about financially motivated hackers, what happens is directly or indirectly, they know someone from the government and they pass information or help in this or other cases. It doesn’t mean they’re employed [or] it doesn’t mean they’re on a paycheck with the state but there is a connection. Sometimes we see it clear, sometimes not.”
How the war in Ukraine has changed Russian hackers:
“When Russia attacked Ukraine, some groups there declared loyalty to the Russian government. …Those groups, they consist not only of Russian criminals. They consist of former Soviet Union bloc citizens, including [from] Ukraine.”
“I don’t see Russia asking them directly because that’s not what’s really happening. What I see, a lot of groups who made some money with ransomware, they decided to be loyal to the state and create hacktivism. Instead of making money, they create destruction, they develop new ransomware payloads that have no intention to decrypt. That’s malware to disrupt the network, not to ask for ransom. That’s growing, unfortunately. This war caused a lot of hatred on both sides, people just jumping into this boat of hacktivism without thinking of consequences.”
Advice on preventing ransomware attacks:
“We see that almost 50% of attacks start with compromised credentials of the employees, so that’s the angle I suggest everyone to look at. It’s very important for you to learn when your employee is compromised.”
Write to Catherine Stupp at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Read the full article here