LAS VEGAS—Kimberly Zenz, head of threat intelligence for German cybersecurity organization DSCO, thinks we've got it all wrong about Russia.

Instead of thinking of Russia and its myriad intelligence agencies as a single, monolithic entity, we need to view it as a collection of individual groups that are often at odds with each other, Zenz explained here at Black Hat. Unfortunately, that chaos is bad for US, too.

In her talk, Zenz presented a cast of characters, all jostling with each other for power, influence, and resources. There's the MVD, the interior ministry; the GRU or GU, which is military intelligence; and the FSB. Within the FSB are two other organizations, the CZI and the CIB. This alphabet soup of agencies overlap in key areas, like law enforcement, cybercrime, and intelligence of various stripes.

Zenz also listed the security company Kaspersky Labs as an "honorable mention." This earned some chuckles from the audience, but Zenz was quick to explain that she put Kaspersky on the list not because of the claims they are in cahoots with Russian intelligence to damage targets in the US. Rather, they are a powerful, well-respected company engaged in battling cybercrime, which means they are also competing in the same sphere as Russian intelligence agencies.

"A lot of people in this audience will probably come at this from a Western perspective" and think that any problem for Russia is a good thing for the US and its allies, Zenz said. But she argued that turmoil isn't always a good thing, as internal struggles within Russia have led competing agencies to behave erratically. "This incentives them to take risks."

Zenz pointed to several headline-grabbing events attributed to Russia. NotPetya, for example, was malware eventually attributed to Russian actors. "I don't believe anyone in any Russian security services wanted to cause 10 billion [dollars] in damages," said Zenz. "But they did."

In these and other cases Zenz suggests the agencies responsible may have been under pressure to get "wins" in order to gain influence over rival organizations. It's not all cloak-and-dagger, though. Zenz pointed to several instances where news reports showed one agency responsible for an important project, only to have another agency scoop that project up later on.

Rival agencies also don't coordinate with each other, as evidenced in some high-profile hacking cases traced to Russian intelligence. Both the APT 29 and APT 28 groups, for example, attacked the Democratic National Committee during the 2016 election. "In an ideal situation, multiple agencies within a country would not be targeting the same people at the same time," said Zenz. This isn't merely inefficient, it increases the likelihood that both agencies will be found out.

Other times, the rivalries play out in arrests and accusations of treason. The Russian laws related to treason are extremely broad, but it's a subject Russian courts take very seriously, Zenz explained. If someone in an agency wants to damage a rival, they can simply cry treason.

Zenz should know. She was accused by a Moscow military court of being a US agent in 2010 ("depending on reporting, the FBI or the CIA"). This was all part of a large and confusing case that swept up (among other people) a Russian cybercriminal, Russian intelligence officials, and Kaspersky researcher Ruslan Stoyanov.

Zenz says she is not a US agent, but did recount how the FSB ended up searching her apartment in Russia after Brian Krebs posted a story tangentially related to her.

Trying to understand this bizarre and harrowing experience is part of what drove Zenz to examine the relationship between various Russian agencies, cybercriminals, security experts, and others. In sifting through the rumors and facts related to her case, Zenz seems to have come to at least one solid conclusion: Russia uses treason charges to create "chilling effects." If there's a behavior Russian intelligence wants to stop, Zenz said, they charge someone with treason and that sends a message to others. This could be the case for Stoyanov, who is serving a 14-year prison sentence.

Zenz's personal story is also tied up in a shift in global priorities, which favors investment in cyber operations. "The role of cybersecurity in the Russian understanding of strategic security is huge," she said. "And because it's so important, that's why there's so much infighting now.

"You have to do it if you're there, because if you don't your rivals will and will use it to crush you."