Australian official demands Russia bring criminal hackers ‘to heel’
A senior official in Australia criticized the Russian government on Wednesday for failing to properly police cybercriminals based in its jurisdiction.
Michael Pezullo, a public servant rather than a politician — currently serving as the secretary of the Department of Home Affairs — said the Russian Federation hosted “the greatest density of cybercriminals, particularly those with ransomware,” in the world.
He said Russia was “not a rule of law country” and described “the thought that you can apply conventional law enforcement disciplines” to address criminals based there as “completely naive,” according to Reuters. “We call on the Russian government to bring those hackers to heel,” he added.
Australian officials previously criticized the Russian state for failing to tackle the criminals involved in the ransomware attack against health insurance business Medibank, which saw hackers gain access to the data of 9.7 million current and former customers.
This information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. This was subsequently posted online as part of an extortion attempt.
Australian Prime Minister Anthony Albanese, who confirmed that he himself was a Medibank customer, said at the time he had authorized the Australian Federal Police to confirm that they knew the cybercriminals were based in Russia.
“We know where they’re coming from, we know who is responsible, and we say that they should be held to account,” Albanese said last November, adding: “The nation where these attacks are coming from should also be held accountable for the disgusting attacks and the release of information — including very private and personal information.”
Cozy relationships?
The relationship between the various arms of the Russian state and its cybercrime underworld is contested. Western nations allege that the Russian government colludes with criminals on operations, while the Kremlin blames the West for not supporting its proposals regarding online crime at the United Nations.
Constitutionally, the Russian Federation cannot extradite its own citizens to another country. Its internal Federal Security Service (FSB) also does not have the remit to investigate crimes that take place abroad.
Western law enforcement agencies have accused the FSB of tasking cybercriminals with conducting cyber operations on its behalf, with alleged banking trojan developer Maksim Yakubets accused of providing “direct assistance to the Russian government” by acquiring “confidential documents” for the agency.
Earlier this year the United Kingdom and United States announced sanctions on seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan — a gang which also has alleged affiliations with Yakubets.
Britain’s National Cyber Security Centre — a part of signals and cyber intelligence agency GCHQ — assessed that it was “highly likely” that key group members “maintain links” to Russian intelligence services and “have likely received tasking,” from them.
“The targeting of certain organizations, such as the International Olympic Committee, by the group almost certainly aligns with Russian state objectives,” the NCSC said.
Representatives of the Russian government have repeatedly denied allegations that it fails to tackle cybercrime and have responded that “it is only possible to defeat digital crime together” and cite the United States’ lack of support for its efforts at the United Nations to develop a new international convention on cybercrime.
Western diplomats have said that Russia is using the convention not to tackle cybercriminals but to advance its own national interests regarding internet governance.
Negotiations regarding the treaty are ongoing in Vienna. Diplomatic delegations from U.N. member states aim to come up with a draft treaty that can be voted on at the General Assembly before the end of 2024.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.