RuNet – The Iron Curtain of the Digital era?

You may have missed the news reports emerging on Christmas Eve that Russia had successfully trialled its new Sovereign Internet system ‘RuNet’.

Described by the Telegraph as a “country-wide alternative to the global internet”, Professor Alan Woodward of the University of Surrey compares RuNet as a “gigantic intranet” similar to that of a large corporation.

Most reporting primarily appears to be concerned with the potential tightening of censorship by a Russian regime widely known to be poor on human rights issues. However, it would seem that little consideration is being given to Russia’s lack of cooperation in relation to international law enforcement requests to pursue offenders within Russia.

Recent reporting on RuNet indicates the system was successfully tested to ensure the "security" of Russia’s internet infrastructure in the event of a foreign cyber-attack. But this is really just a game of swings and roundabouts.

Now, if you follow the news, you’ll probably have heard of some pretty nasty Russian hacking groups, such as Fancy Bear, the Dukes (aka Cozy Bear) and Evil Corp, to name just a few. There are numerous allegations that these groups are actually Kremlin-sponsored. So, what would happen if the Kremlin used RuNet to allow such groups to attack foreign assets and then close the door on any subsequent enquiries from the victims? 

Russia’s reluctance to assist UK investigations into the poisoning of the Skripals in 2018 or even as far back as the murder of Alexander Litvinenko in 2006 may be just the tip of the iceberg. Moving away from chemical poisonings of a couple of ex-spies, we should not lose sight of a more widespread issue affecting many more people. I am talking about the alleged Kremlin sponsoring of cryptocurrency related crimes.

For example, the well-documented USD $4bn Bitcoin theft from the MtGox exchange and the subsequent laundering of those funds by Russian national, Aleksander Vinnik through BTC-e; some of which was reportedly laundered on behalf of Fancy Bear who allegedly work in cooperation with the GRU (Russian Military Intelligence). And let us not forget the small print highlighting how the company structure behind BTC-e is part of a much wider Laundromat scheme facilitating a variety of Eastern European organised crime groups or other criminal enterprises and alleged U.S. election manipulation schemes, of which some are also possibly Kremlin-sponsored.

Following Vinnik’s high-profile arrest in Greece in 2017, his BTC-e business partner Alexei Bilyuchenko became a key player in another cryptocurrency exchange called Wex (World Exchange Services), which stopped trading in 2018, leaving customers unable to access investments totalling nearly half a billion US dollars. A recent BBC investigation has reported recordings allegedly linked to Konstantin Malofeev — a pro-Kremlin Russian billionaire under U.S. sanctions for bankrolling Moscow-backed forces in Eastern Ukraine. The OCCRP reports that Malofeev discussed the importance of bringing Wex under the control of the Russian Security Service, the FSB.

And then there is Bitriver, the largest ‘data centre’ in the former Soviet Union which has already won clients from all over the world, including the U.S., Japan and China. Most of whom mine bitcoins. Bitriver is the brainchild of the Kremlin-friendly oligarch Oleg Deripaska.

We are talking about some serious cyber/crypto firepower here. And given that we are seeing billions of Dollars of cryptocurrencies being stolen and other criminal funds being laundered on a frighteningly regular basis, it would be somewhat silly to underestimate the potential threat to the world’s economy here.

So, what can stop Russia from using RuNet to protect its emerging dominance in the world’s cryptocurrency markets and the potential state sponsoring of crypto-thefts or even laundering criminal proceeds through crypto mining facilities? Quite honestly, I would say nothing can. After all, we’re talking about a country that annexed Crimea and simply got away with it.

Perhaps the UK needs a BrexNet – a state sponsored internet feed of its own to mitigate some of these risks in a tit-for-tat style exchange. But before I suggest a break-up of the Internet as we know it, it might be worth developing a good understanding of global laundromat schemes and their potential links to cryptocurrencies to help our frontline defences detect, deter or prevent any such future hostile activities.

Why not sign up for my brand new Internet Intelligence & Investigation (i3) based Anti-Money Laundering (AML) training course: Investigating Illicit Financial Networks – Laundromat Methodology which runs from 23-26 March 2020 in the wonderful city of Liverpool. Alternatively, you can book for the course scheduled to run from 1-4 June 2020.