BONN, Germany — Two teams of highly skilled hackers directed and protected by the Russian state are on the offensive.
Cybersecurity experts and intelligence officials tell NBC News the same hackers who broke into the Democratic Party’s computers, the World Anti-Doping Agency’s Administration System and who are implicated in the leaks of the personal emails of former Secretary of State Colin Powell and the health documents of Olympians are executing a Kremlin-backed campaign of cyber-espionage and sabotage.
Their target: Western democratic institutions and Russia’s political opponents.
“They are starting to figure out the way to apply the power they have in terms of technical capabilities into the geopolitical aspect,” Italian cyber security investigator Stefano Maccaglia told NBC News.
At a small square in Rome on a recent summer day, Maccaglia explained how he came to know most of these hackers in the early 2000s, when he was one himself. Having since crossed to the other side, Maccaglia’s job now is to investigate — sometimes for the Italian government — the Russian hackers’ cyber-attacks.
Maccaglia, who is now an advisory consultant for the network security company RSA, explained that the two teams of Russian hackers vary from trained researchers with a mathematical background to “the very funny person” skilled in computer programming languages and are turned into “gangs of cyber-mercenaries” who offer their “brilliance” to the highest bidder.
“They obviously have a very good life now,” Maccaglia said of the privileges they enjoy for their services.
Related: Experts: Same Russians Hacked Olympic Whistleblower, Democrats
Their relationship to the Russian state, he explained, is a win-win: The cyber gangsters are allowed to keep stealing — their traditional hacking work — as long as they do the bidding of Russian intelligence services.
In exchange, they receive state protection.
“They are above the law and are obviously protected,” Maccaglia said. “That’s why nobody can prosecute them. There is no way to reach them anymore.”
Cybersecurity experts and intelligence officials said that the tools and methods the Russian hackers use against American and other targets are at times extremely sophisticated and that their attacks adapt immediately every time a target attempts to secure its system during the attack.
“Russian operators are among the most impressive and disciplined operators that we know of,” said Thomas Rid, a securities studies professor at the Kings College of London.
Maccaglia believes that the cyber-espionage army at the Kremlin’s disposal is “a couple of thousand” strong. He added that analysis shows that there are only a few layers of hierarchy between the hackers and the Russian government — explained by their immediate shift of interest in targets every time the Kremlin changes its foreign policy alliances.
Angry BEARS
“What you see – is the typical kind of attacks we are seeing … with origin BEAR,” said Andreas Koenen, pointing to a graphic outlining the Russian cyber-attacks against Germany’s institutions.
Intelligence officials like Koenen and cybersecurity experts often dub all Russia-backed hackers as “BEARS.”
The two teams responsible for the DNC break-in and other recent attacks are called FANCY BEAR and COZY BEAR.
Koenen is the man overlooking the Federal Office for Information Security (BSI), the German equivalent of the NSA. The graphic he was pointing to stands prominently on the wall of the agency’s Situation Room at its headquarters in Bonn, where NBC News was granted rare access.
From -, Germany’s emergency response teams monitor all cybersecurity threats against state computer systems and key infrastructure, such as water, gas, energy and telecommunications, in real time.
Koenen said the Russian hackers responsible for infiltrating the DNC are a “really, really advanced group of hackers,” as they have exhibited during previous occasions.
One such hit was the 2015 hack of the computer system of the German parliament — the Bundestag — used by all German lawmakers, which Koenen called an act of “state sabotage.”
“Data was flowing out of the German parliament and the attackers were able to get access to several email accounts,” Koenen said.
Once inside the German parliament’s internal network, the hackers were able to completely take over the lawmakers’ computers, to steal…
