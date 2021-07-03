Hydra was born in 2015, had around $ 9.4 million in revenue the following year, managed to reach $ 1.4 billion in 2020 and continues to exist.

This week, Germany’s leading newspaper, Bild, reports a major Russian hacking attack on the German banking system and names “Russian hackers from the ‘Fancy Lazarus’ group as the culprits.” If the attack did indeed take place – for the moment there is no official confirmation – it will be, as always, difficult to attribute it definitively to Russian state actors, even if they are blamed by cybersecurity experts. The group of cyber extortionists known as “Fancy Lazarus” could be linked to China, North Korea, or no government.

Because of this denial, US President Joe Biden had to be careful when he tried to draw “red lines” on Russian President Vladimir Putin at a summit last month: He couldn’t tell Putin directly to stop cyber attacks. . Instead, he spoke about not harboring cybercriminals, an argument Putin tried to deflect by saying that Russia would consider handing the cybercriminals back to the United States, but on a reciprocal basis. This is impossible as a global system, since in theory only specific exchanges could be organized.

The denial of the Russian state’s participation in cyber attacks is, on the one hand, stronger than its depredations in Ukraine, for example. On the other hand, it seems unconvincing to anyone who knows a great Russian institution: a market for the dark web called Hydra, which might be the biggest in the world and couldn’t exist anywhere else. As well as being a major drug broker, he helped create a network of hacker money laundering channels that were difficult for non-Russians to use.

The average lifespan of a dark web market, or dark market – an online shopping site on an encrypted and anonymous network like Tor – was estimated in 2018 to be around eight months. They collapse under the weight of scams or fall victim to repressive measures, sometimes led by competitors. It’s a jungle there, and customers and suppliers are used to migrating to new places. The oldest exceptions among dark markets are extremely rare.

Hydra is an exception to end all exceptions. It started in 2015, had around $ 9.4 million in revenue the following year, managed to reach $ 1.4 billion in 2020, and is still running. These figures come from a report by cybersecurity risk intelligence firm Flashpoint and cryptocurrency analysis firm Chainalysis, which also estimates that Hydra accounts for over 75% of the world’s black market revenue. .

All of this business volume is in cryptocurrencies. Chainalysis estimates the proportion of Bitcoin flow from illegal activity at a small fraction of 1%, but, as the analyst firm wrote in its 2021 “Cryptocrime Report”, “the first thing that stands out is the receipt by Russia of a disproportionate amount. share of black market funds, which is mainly due to Hydra. ” It’s not surprising: In Moscow and other Russian cities, Hydra is the place of acquisition of drugs, mainly distributed as “hidden treasures” by teams of young people who can make thousands of dollars a month by hiding orders under the benches of parks, burying them under trees, nailing them. at the bottom of mailboxes.

An illicit market as large and old as this is, of course, an entire ecosystem, it generates a strong demand for money laundering services which can also be used to legalize the proceeds of other types of cybercrime other than trafficking. drug. Chainalysis and Flashpoint describe a major change that took place in Hydra’s money management practices in 2018. In order to withdraw their money from Hydra, sellers must convert it to Russian rubles through a specific range of local vendors. . This has done little to please the traffickers and, according to the report, some drug traffickers now prefer to liquidate money outside of Hydra, burying caches of currency as well as drug “treasures”. But, according to the Flashpoint-Chainalysis report, reliance on local services and rubles has made money laundering “difficult, if not impossible, to track.”

A person is using a laptop computer. EFE / SASCHA STEINBACH / Archives

This, of course, makes Hydra’s monetary infrastructure valuable to all kinds of local cybercriminals. Chainalysis’s “Crypto Crime Report” contains a case study of a Russian over-the-counter cyber currency broker who has received $ 265 million in cryptocurrency since it became active – possibly coincidentally – 2018. A significant chunk of the money comes from Hydra, but other streams have poured in from various strains of ransomware and scams. The OTC broker has also helped customers convert their illegally obtained bitcoins into cash.

The US Department of Justice said it managed to recover some of the ransom paid to hackers who crippled the colonial pipeline earlier this year, but when the bitcoin was recovered, the ransomware creators could already have converted it to rubles. using the channels that have sprouted. Hydra, nourished by their reliable volumes.

In any conversation about Hydra, your krysha, or protection, is the elephant in the room. Putin’s Russia is increasingly a police state that has concentrated enormous power in the hands of law enforcement. Legitimate businesses are regularly looted, confiscated or ruined by these agencies. Yet Hydra thrives like few or no other dark markets. Its creators, who intended to expand internationally but seem to have given it up, at least temporarily, clearly feel safe in Russia. Its exclusive reliance on ruble-based financial infrastructure is proof of this. Quoting Flashpoint and Chainalysis, “Law enforcement scrutiny and competitive shenanigans have so far escaped Hydra.” This may be a mere coincidence, or it could indicate that Hydra is more resistant to geopolitical fluctuations and law enforcement efforts. The longer Hydra operates without major disruption, the more realistic the latter option becomes, the only plausible explanation being that of economically motivated regional players. “

This is a cautious way of claiming that Hydra has powerful protectors at the top of the Russian establishment. Russia has repeatedly denied any official connection to the cyber attacks. However, as Flashpoint and Chainalysis point out, the scale of the Hydra phenomenon would be unlikely without some sort of semi-official sanction.

Russia has few internationally competitive tech companies, but a lot of engineering talent, even the adventurous type. A unique amalgamation of corruption, cutting-edge expertise, and a geopolitical stance that makes any attack on Western institutions useful at some level for government, makes Russia a major player in the cybercrime space. Second, after Ukraine, in the adoption of cryptocurrencies, Russia is building technological competition that no other country seems to have the nerve to develop.

Can Putin do something about it? This is probably not the right question. So far, you have no real incentive to try to crack down, especially if the illicit activity was transparent to someone you know and trust, and therefore you are open to providing services to the community. ‘State if necessary. The threat of retaliation from the United States is not convincing enough: As it stands, Putin can leave people like Hydra to worry about this prospect. And if they are crushed, others can take their place. The dark web is nothing if it is not resilient.

With information from Bloomberg

KEEP READING:

Vladimir Putin enacted a law that requires tech giants to open offices in Russia if they are to avoid sanctions and lockdowns