You may have missed the news reports emerging on Christmas
Eve that Russia had successfully trialled its new Sovereign Internet
system ‘RuNet’.
Described by the Telegraph
as a “country-wide alternative to the global internet”, Professor Alan Woodward
of the University of Surrey compares RuNet as a “gigantic intranet”
similar to that of a large corporation.
Most reporting primarily appears to be concerned with the potential
tightening of censorship by a Russian regime widely known to be poor on human
rights issues. However, it would seem that little consideration is being given
to Russia’s lack of cooperation in relation to international law enforcement
requests to pursue offenders within Russia.
Recent reporting on RuNet indicates the system was
successfully tested to ensure the "security" of Russia’s internet
infrastructure in the event of a foreign cyber-attack. But this is really just
a game of swings and roundabouts.
Now, if you follow the news, you’ll probably have heard of some
pretty nasty Russian hacking groups, such as Fancy Bear, the Dukes (aka Cozy
Bear) and Evil Corp, to name just a few. There are numerous allegations that
these groups are actually Kremlin-sponsored. So, what would happen if the
Kremlin used RuNet to allow such groups to attack foreign assets and then close
the door on any subsequent enquiries from the victims?
Russia’s reluctance to assist UK investigations into the poisoning
of the Skripals in 2018 or even as far back as the murder of Alexander
Litvinenko in 2006 may be just the tip of the iceberg. Moving away from
chemical poisonings of a couple of ex-spies, we should not lose sight of a more
widespread issue affecting many more people. I am talking about the alleged Kremlin
sponsoring of cryptocurrency related crimes.
For example, the well-documented USD
$4bn Bitcoin theft from the MtGox exchange and the subsequent laundering of
those funds by Russian national, Aleksander Vinnik through BTC-e; some of which
was reportedly laundered on behalf of Fancy Bear who allegedly work in cooperation
with the GRU (Russian Military Intelligence). And let us not forget the small
print highlighting how the company structure behind BTC-e is part of a much wider
Laundromat
scheme facilitating a variety of Eastern European organised crime groups or
other criminal enterprises and alleged U.S. election manipulation schemes, of
which some are also possibly Kremlin-sponsored.
Following Vinnik’s high-profile arrest in Greece in 2017, his
BTC-e business partner Alexei Bilyuchenko became a key player in another
cryptocurrency exchange called Wex (World Exchange Services), which stopped
trading in 2018, leaving customers unable to access investments totalling
nearly half a billion US dollars. A recent BBC investigation has
reported recordings allegedly linked to Konstantin Malofeev — a pro-Kremlin
Russian billionaire under U.S. sanctions for bankrolling Moscow-backed forces
in Eastern Ukraine. The OCCRP
reports that Malofeev discussed the importance of bringing Wex under the
control of the Russian Security Service, the FSB.
And then there is Bitriver,
the largest ‘data centre’ in the former Soviet Union which has already won
clients from all over the world, including the U.S., Japan and China. Most of whom
mine bitcoins. Bitriver is the brainchild of the Kremlin-friendly oligarch Oleg
Deripaska.
We are talking about some serious cyber/crypto firepower
here. And given that we are seeing billions of Dollars of cryptocurrencies
being stolen and other criminal funds being laundered on a frighteningly regular
basis, it would be somewhat silly to underestimate the potential threat to the
world’s economy here.
So, what can stop Russia from using RuNet to protect its
emerging dominance in the world’s cryptocurrency markets and the potential
state sponsoring of crypto-thefts or even laundering criminal proceeds through
crypto mining facilities? Quite honestly, I would say nothing can. After all, we’re
talking about a country that annexed Crimea and simply got away with it.
Perhaps the UK needs a BrexNet – a state sponsored
internet feed of its own to mitigate some of these risks in a tit-for-tat style
exchange. But before I suggest a break-up of the Internet as we know it, it might
be worth developing a good understanding of global laundromat schemes and their
potential links to cryptocurrencies to help our frontline defences detect, deter
or prevent any such future hostile activities.
Why not sign up for my brand new Internet Intelligence &
Investigation (i3) based Anti-Money Laundering (AML) training course: Investigating
Illicit Financial Networks – Laundromat Methodology which runs from 23-26
March 2020 in the wonderful city of Liverpool. Alternatively, you can book for the
course scheduled to run from 1-4
June 2020.
