A super smart, talented, young female Russian hacker was surprised to see her computer company on the United States sanctions list last week.The White House fact sheet said Alisa Shevchenko’s company “provided the GRU with technical research and development.” No details or proof was given.
The GRU is Russia’s GRU military intelligence agency.
In her recent interview with The Guardian, Alisa Shevchenko described herself as “a typical introverted computer geek” who is self-taught. She declined to say how old she was, stating it was an “impolite question” and said, “If you really need a number then go ahead and make it up based on my photographs.”
Shevchenko’s company is known for working with other companies to help them discover any flaws in their computer systems.
In an interview with The Guardian communicated via encrypted email from a location she said was “a wild countryside area a few hours away from Bangkok”, Shevchenko said, “She was furious at her company’s inclusion on the list, and denied ever having knowingly worked for the Russian government.”
She spoke of the “insane level of hysteria around the entire ‘Russian hacking’ story” and suggested that the US authorities were guilty either of “a technically incompetent misinterpretation of the facts” or had been fooled by a “counterfeit in order to frame my company”.
“Those who could have had an interest in framing her could include competitors, US intelligence or Russian intelligence, with the goal of screening the real culprits,” Shevchenko said.
She said, “A young female hacker and her helpless company seems like a perfect pick for that goal. I don’t try to hide, I travel a lot, and am a friendly communicative person. And most importantly, I don’t have any big money, power or connections behind me to shrug off the blame. So really, it could be anyone.”
Shevchenko told the Guardian she dropped out of three different universities because she loved learning but passionate but didn’t enjoy the structure of a university course.
Around 2004, she joined Kaspersky Lab, a high-profile Russian cyber security firm.
She left that firm to set up her own company, initially called Esage Lab (“I was thinking of something ‘sage’, as in a wizard or a magician,” she said), but later changed the company name to ZOR, although both company names are on the US sanctions list.
Shevchenko said she “specializes in finding so-called “zero-days”, previously undisclosed software bugs that could leave companies vulnerable. We have not only searched for bugs but exploited them, but only with the customer’s sanction.”
Shevchenko admits that in the past she was approached repeatedly by people she believed to be from the Russian government, although she insisted that she had always rejected the advances. She said she had not been threatened or intimidated as a result.
Shevchenko said “she had turned down plenty of offers of work on ideological grounds. I never work with douchebags. I only work with honest and open people that I feel good about.”
Shevchenko said she closed her company, ZOR, over a year ago citing how it was difficult and expensive it was to do the public relations work required to build up her business.
She now works as a “one-man army”, she said. “I am now de facto blocked from the world’s major information security market.”
The only side benefit of her predicament is, according to Alisa, “I have received a number of employment, business partnership, or collaboration offers” in the days since the sanctions list was released.”
According to a tweet, Alisa has a plan for the future