Computer Crime Research Center


Viruses: From Russia, With Love?

Date: June 09, 2004
By: John Blau, IDG News Service

As Internet access spreads in the former Soviet Union, so does malicious code.

For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers, and virus writers confined inside the country by restricting their access to the Internet.

A decade later, Internet penetration is booming in the region, particularly in Russia, and viruses are epidemic. In fact, Russians are linked to some of the nastiest viruses the technology world has ever experienced: Bagel, Mydoom, and Netsky, to name just a few.

Security experts warn that the situation is likely to worsen as hacking, cracking, and virus writing shift from being a mischievous hobby of young kids to a lucrative occupation of skilled professionals working hand-in-hand with hardened criminals.

"The influence of organized crime in this area is steadily growing," says Alexander Gostev, a security expert with Kaspersky Labs in Moscow. "We are now seeing more malicious programs written by professionals, and not by script kiddies as we experienced two to three years ago."

DK Matai, chairman of Mi2g, a London-based security service provider, agrees. "The Mafia, which has been using the Internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud," he says.

Easy Money

The motive is obvious: money--in some cases, big money, which fuels other traditional Mafia activities, such as drug smuggling and prostitution.

"There is more of a financial incentive now for hackers and crackers as well as for virus writers to write for money and not just for glory or some political motive," says one former hacker, known as 3APA3A, who is currently employed as a security expert.

That view contrasts sharply with the situation several years ago when hacking had another status in Russia. In a message published on, one former hacker-turned-teacher wrote that during his childhood, he and a couple of friends hacked programs and distributed them for free. "It was like our donation to society," he wrote. "It was a form of honor; [we were] like Robin Hood bringing programs to people."

Today, hundreds or even possibly thousands of skilled Russians desperate for cash are scouring the Internet looking for security vulnerabilities in the computer networks of companies, particularly in the U.S. and Europe. They are creating worms and Trojans for stealing credit card and other financial information, or turning inflected computers into zombie hosts to establish illegal spam farms, or extorting money by threatening companies with a distributed denial-of-service attack if they don't pay. And more.

Indeed, if there were a happy haven for hackers these days, it would be Russia, according to Ken Dunham, director of malicious code at iDefense in Reston, Virgina. "In Russia, perhaps more than in most other countries right now, hacking magazines and software are sold on the streets of Moscow," he says. "It's not a secret as you'd expect, but right out there in the open."

Moscow even has a hacking school: Civil Hackers' School.

Perfect Breeding

The combination of over-educated and under-employed specialists has made Russia an ideal breeding ground for hackers. The hacker community was infused with professionals following a financial crash in 1998 that left many computer programmers and business people financially destroyed and out of work. Even today, the country continues to churn out plenty of students who excel at mathematics and physics, but who struggle to find work.

"Russian criminals offer students money to spend time with them to carry out illegitimate activities in return for cash," Matai says. "They're active not only in schools and universities, but also through their own recruitment centers where they siphon off talent for organized criminal purposes, which include selling services to groups in other countries, such as Islamic hackers."

Another factor making Russia an even more fertile nest for hackers is the growing number of residents now able to access the Internet. The Ministry for Communications projects their numbers to grow from 6 percent of the population (around 148 million) in 2003 to 15 percent by 2005. Eleven million people currently use the Internet, while around 9 million own a computer.

Cybercrime doubled in 2003 to 11,000 reported cases, according to the Ministry of Internal Affairs. The most frequent crimes were illegal access to computer information, distribution of pirated software, and cyberattacks on financial institutions.

Next Page: Home to Some of History's Most Notorious Hacks

Home to Some of History's Most Notorious Hacks

Russian hackers have been behind some of the most audacious cybercrimes ever reported. Mathematician and computer specialist Vladimir Levin from St. Petersburg was nabbed in 1995 and sentenced to three years in a Florida prison in 1997 for hacking into Citibank's computers and electronically transferring around $10 million out of the bank's accounts. To this day, no one knows exactly how he broke into the bank's system.

In 1999, Russian hackers were credited with disrupting NATO and U.S. government Web sites.

In 2000, Vasiliy Gorshkov and Alexey Ivanov were lured to the U.S. by Federal Bureau of Investigation agents and later arrested. Gorshkov was sentenced to three years in prison and given a $700,000 fine after he was convicted on 20 counts of conspiracy, fraud, and other related computer crimes. The pair admitted hacking into the computers of U.S. companies to steal credit card information and other personal financial data and then extort money from the victims by threatening to expose that information to the public on the Internet or to damage the companies' computers.

A gang of computer hackers, headed by a 63-year-old pensioner, was arrested by Russian police in 2001. The former computer programmer for a Moscow institute was apparently bitter over receiving no royalties from his work. So he teamed up with a former policeman and three others to steal the details of credit cards from individuals in the U.S. and Europe and use them to make online purchases. The gang then channeled their income back to Moscow through a bogus Internet site they had created, which sold useless information about timber in Russia.

Uneven Enforcement

Hacking is illegal in Russia, just as it is in the U.S. Enforcement, however, is where the two countries differ. In Russia, hacking is sometimes more akin to a getting a parking ticket than a serious felony--something that on paper is wrong but not morally reprehensible, according to Timofey Saitarly, project administrator at the Ukrainian Computer Crime Research Center.

"Young people often hack expensive foreign software because they can't afford it," he says. "Some of the software costs as much as they make in an entire month or even more."

Sergey Bratus, a research associate at the Institute for Security Technologies Studies at Dartmouth College in Hanover, New Hampshire, has a similar opinion. "A huge problem in Russia, particularly Moscow, is violent crime," she says. "Compared to this, small-time computer crime doesn't seem to be a big issue to society. Hackers aren't making the streets unsafe."

Local investigations also are hampered because authorities cite other, higher priorities. That means many hackers are able to operate in what are essentially safe havens. And in an interconnected world like the Internet, a few safe havens are all that is needed to wreak havoc on every country.

"I know of no hackers being imprisoned in Russia," says Kaspersky's Gostev. "Law enforcement officials don't seem to be taking any real major action maybe because none of this hacking has been directed at Russian companies or organizations. They seem to be more interested in protecting national security."

The Russian government has several groups hunting cybercriminals. The Ministry of Internal Affairs, for instant, has a special task force dubbed "the spider group." And there is a unit within the Federal Security Services, the successor to the Soviet Union's KGB. How effective they are, particularly when a crime extends beyond their borders, is unclear.

"It is one thing to criminalize the creation of viruses," says Gus Hosein, senior fellow at The London School of Economics and Political Science. "It is another to investigate the means through which viruses are propagated in the hope to trace it back to its origin."

Joint Investigations

Such investigations, according to Hosein, would require access to traffic data at ISPs throughout the world. So what about a virus that emerges in the U.S., but is traced back to Russia? Who would do the tracing?

If Russia, for example, were to take the lead, how would U.S. ISPs or those in other countries know that a Russian request for traffic data is "for the investigation of a...
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-01-06 16:57:09 - Mwahahaha Russia is forever :) sdaedf
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo