In April, German police, tipped off by their American counterparts, discovered the servers of the world’s largest online narcotics and other drug trade.
As of 2017, Hydra has been running an illegal drug business in Russia and neighboring countries. After taking control of the site, German authorities recovered 23 million euros ($16.7 million) in ill-gotten cryptocurrencies.
But what may have caught the attention of Western law enforcement were not Russian drug dealers, who did business mainly in Russia.
Hydra also provided document forgery, hacking, and money laundering services, which could be used improperly against Western interests or civilians.
Although the takedown of Hydra was the result of an operation that began months before Russia’s invasion of Ukraine in February, the digital landscape that was once dominated by it has turned into another, peaceful war between Russia and Ukraine.
In the past, Russian and Ukrainian cybercrooks robbed victims’ bank accounts together – 20 years ago, Russian-speaking cybercrooks from all over the former Soviet Union descended on Odesa for their first global conference.
But according to András Tóth-Czifra, a senior analyst at Washington, DC-based Flashpoint Intelligence, as of 2019, there was a wide divide between Russian hackers and their former partners in crime.
“[There was] growing uneasiness that Ukraine was cooperating with Western cyber police, which itself was a result of Western countries providing assistance to strengthen Ukraine’s cyber defenses,” Tóth-Czifra explained.
“It gave an understanding that if you are in Ukraine, you can be arrested. Of course, you won’t always get arrested, especially if you are a petty hacker. But if, for example, you were a ransomware operator, you faced higher risks. And yes, later, there was a big arrest.”
After the fall of Hydra, many of its clients and vendors have reunited on RuTor, an online forum that is one of the oldest hangouts of Russian cybercriminals.
Then, rumors spread that the website was under the control of the SBU, Ukraine’s security service.
Allegations of a corrupt Ukrainian mafia poisoning the nation’s youth through drug trafficking have been around since the mid-2010s. But apart from the nationality of some of the suspects, there is no hard evidence of a conspiracy leading to the SBU itself.
But these rumors made RuTor the target of the pro-Kremlin hacktivist group Killnet, which attacked the platform with DDoS (distributed denial of service) attacks.
DDoS attacks work by directing botnets (infected computers) under the control of hackers to overwhelm target servers with web traffic, until they become inoperable.
“There was a downgrade of Hydra that created a market war,” Tóth-Czifra said. “But from the context [of the Ukraine war] there, they began to explain their actions. For example, when Killnet recruits its followers to carry out a DDoS attack against RuTor, they portray RuTor as an SBU platform. One thing Killnet has really been doing is trying to get government support; they were open about that.”
Vladislav Cuiujuclu, a cybercrime expert at Flashpoint, added: “It was not an open attack against drug markets, it was an attack on markets allegedly linked to Ukraine. WayAway, seen as a follower of Hydra in some ways, Killnet actually supports them. So maybe the Ukrainian connection is an easy thing for them. “
In November, Killnet said it was responsible for a cyberattack on Skylink, the satellite communications network of business magnate Elon Musk, and the White House, for their support for Ukraine. They are also believed to be behind the latest cyber attack on the European Parliament.
“A definite change that we have seen in the last nine months is the appearance of groups that are more focused on DDoS, but more importantly they are openly recruiting people on Telegram with various bots,” revealed Cuiujuclu.
“I’m not just talking about Killnet, I’m talking about Anonymous Russia and all those groups. According to the management of these groups, they employ hundreds and thousands of people who are said to be volunteers.”
Killnet is a group of hacktivists with clear political goals they want to achieve.
For the most part, cybercrooks who are mainly interested in making money have not had a conflict, their interest in current affairs depends on how they can make a profit.
For example, when integration was announced in Russia, darknet fraudsters started selling fake Schengen visas.
And the operation in Russia’s Kherson and Ukraine’s Mariupol did not disrupt the flow of mephedrone, hashish and other drugs in those areas, as an investigation by the independent Russian newspaper Novaya Gazeta found.
But at least one group of ransomware kingpins, Conti, swore allegiance to Russia before being betrayed by a Ukrainian insider, who leaked their secret chat logs.
From these logs, it appears that Conti may have a loose working relationship with Russian intelligence.
And while botnet attacks and hacktivists are one thing, what about the “real” world of the Internet?
In October, the popular Telegram SHOT channel, which often publishes Kremlin talking points, reported that a 16-year-old girl working as an emissary for an online drug dealer in Nizhny Novgorod was ordered to pay a debt to her boss by fire. military office.
Since the outbreak of war, dozens of offices under construction have caught fire across Russia. However, this young man refused to continue with this plan, instead he gave the two he burned with him to the police; the genius remains broad.
Russian law enforcement sources told the pro-Kremlin news site Life.ru that Ukrainian agents paid 30,000 Russian rubles ($470) to every recruitment office burned down while sharing clips of the attack on social media. -5,000 ($80). An act of destroying Russian infrastructure, on the other hand, could reach $20,000.
Although Al Jazeera could not independently confirm this offer, Flashpoint analysts said such actions were likely organized by existing saboteur networks.
“It’s possible that some saboteurs are recruited through the dark net, but I think a lot of the coordination of the burning of recruitment sites and things like that, is done by groups like the Free Russia Movement who have openly requested these actions, and they have Telegraph bots where you can just contact them and, you know, offer your services ,” said Tóth-Czifra.
At the beginning of the war, the management of Legalizer.cc, one of the largest drug platforms in Ukraine, announced that they “sympathize with what is happening” and provide “financial assistance to residents of Ukraine who find themselves in a difficult situation”.
With the request, the platform promised to deposit about $ 20 at a time in the users’ crypto-account. Elsewhere on the site, you can read feedback from recipients expressing their gratitude, and a few pictures of food or other important items they bought.
“Thanks to the forum for moral and financial support!!!” another wrote. “We will win! Ukraine will be free!”
Judging by the ongoing response, as of December the program is still ongoing.
But hackers once again took advantage of this problem.
According to a recent report on the Latvian-based news site Meduza, which has been exiled as Russia cracks down on independent media, Ukrainian charities have been hacked and their donations transferred to Russia’s neo-Nazi military group Rusich, to buy equipment and bulletproof vests. .
Rusich also accepted payments from the accounts of at least three online drug markets, though they may have only used the dealers’ darknets to hide their money trail, or infected the dealers’ computers with malware. Rusich leader Alexei Milchakov confirmed the hacking scams and called the drug lords “true Russian fanatics.”
“These are simple tricks you can buy commercially from illegal songs,” says Tóth-Czifra.
“Most of the hackers on these platforms will be financially motivated, they will have no qualms about diverting donations or hacking a charity fundraising website. But I think we are not seeing the full picture. The numbers are relatively small, but if you run several schemes like this, after a while, you will accumulate a lot of money.”