The Russian government may be reviewing amendments to its criminal code that will legalise hacking in the Federation.

Russian news service TASS reported that Alexander Khinshtein, head of the state Duma committee on information policy, has demanded exemptions from liability be given to hackers, provided they act in the service of Russian interests.

“We are talking about, in general, working out the exemption from liability of those persons who act in the interests of the Russian Federation in the field of computer information both in the territory of our country and abroad,”

Khinshtein commented, “I am firmly convinced that it is necessary to use any resources to effectively fight the enemy”. Khinshtein has proposed that in order for Russia to respond adequately to threats – it should leverage its well-established community of hackers.

Russian-linked hacking groups Killnet, Cozy Bear, Vice Society and others, operate with a certain amount of impunity within Russia, despite being currently outside the law. Many of these groups are linked to attacks on Ukraine and further afield in the West; all are well known for the damage and disruption they have been able to cause.

Current Russian law Articles 272 & 273 of the Criminal Code of the Russian Federation, cover illegal access and the creation, distribution and use of malicious computer software, i.e. hacking; with sentences of up to seven years.

Despite Russian Ambassador Anatoly Antonov’s recent criticism of the US Treasury’s allegations that Russia is a ‘haven’ for cyber criminals, as “false and irresponsible”; creating a legal loophole for white hat operations in the interest of the Russian government would in fact do exactly that, providing legitimacy for state-sponsored hackers and their activities.

Such a change in the law could also have a ripple effect, with criminal hacking and script kiddies escalating their activities with less fear of retribution.

Whilst this could all be posturing designed to intimidate Western governments and businesses, now might be a good time to take a critical look at your cyber security!

To find out how you can better protect your business drop us a line or give us a call.