The rapid growth of the Internet over the last two decades has been matched by an equally rapid growth in cybercrime. Last April, the Russian cyber intelligence firm Group-IB estimated that in 2011, cybercrime around the world generated $12.5 billion in ill-gotten gains for hackers, and that their activity was concentrated in three countries: Russia, China and Brazil. By itself, Russia accounted for about $4 billion of the total or roughly one-third of this market.
Russia’s government has taken some steps to address the problem, but thus far its efforts have done very little to diminish cybercrime, which continues to grow rapidly in the country. According to Group-IB, this illicit industry doubled in size in Rusisa (measured in dollars generated) from 2010 to 2011.
Russian Internet forums continue to openly advertise and export a smorgasbord of customized software and services to hackers both domestically and abroad. These forums remain one of the world’s biggest “electronic arms bazaars,” providing computer weapons to any and all paying hackers intent on digital theft.
The grim urgency of the problem was highlighted by the October 2012 hack of South Carolina’s tax records. This identity theft on an unprecedented scale included the compromise of 3.6 million social security numbers, 387,000 credit/debit card numbers, and private information from 650,000 businesses by yet-to-be-identified foreign hackers.
The formal adoption of new Internet monitoring measures in Russia made world headlines in early November, but these appear to be little more than window dressing. The new monitoring measures include a register maintained by Roskomnadzor, Russia’s Agency for the Supervision of Information Technology, Communications and Mass Media. It allows for official requests to block child pornography sites and for the Russian consumer protection agency, Federal Service for the Supervision of Consumer Rights, to make similar requests to block sites defrauding consumers. Despite the strengthened legal basis for action against Russian hackers, tools and services still available for sale on Russian hacking forums include:
· Computer Hosting. Hosting is the website support service that underlies almost all hacking activity. Virtually every legitimate company in the world that hosts a website does so using a hosting service. On the dark side of hosting, Russian cyber-criminals sell access to dedicated servers or proxy servers providing secure “virtual private networks.” This allows hackers to use remote servers rather than their own computers, which have traceable Internet addresses. Hosting obscures both the source of hacking activity (as has so far been the case with the South Carolina attack) and ensures that even if the origin of the hacking is detected and a complaint lodged with the hosting service, such complaints will be ignored. Low-end dedicated server hosting can cost as little as $0.50 cents a day, while elite “bulletproof” virtual network hosting, including built-in protection from other hackers, can cost as much as $2,000 a month.
· Botnets. “Botnet toolkits” are some of the most popular software available on Russian hacker forums. One, dubbed “Zeus,” is typical of the breed. It can infect multiple computers, then stitch the infected “zombies” into a network under the control of a central computer. Botnets can steal bank account and credit card numbers, passwords, or files, and also be used for spamming, or denial of service attacks (which flood target computers with data until they become paralyzed). Software like Zeus costs between $200-$500, but hackers can also lease access to pre-existing Russian botnets for a lower price.
· Trojans. In addition to the broad-spectrum criminal tools like hosting and botnet services, a stunning variety of plug-in hacking tools are available on Russian hacking forums. Russian hackers offer customized “Trojans” — malware that looks like legitimate computer applications and can be used as parts of botnet attacks or independently. “Exploits” look for vulnerability in webpages and embed scripts, and insert malicious coding into the page, causing those who click on a link to download malware onto their computer. The extortion software “Winlocker” freezes the operating system of a computer until the user pays off the hacker. It only costs the hacker between $8 to $25. Security software checking services allow hackers to stay a step ahead in the computer cops-and-robbers game by testing whether a hacker’s newly designed malicious code will be able to evade notice by anti-virus software such as McAfee and Symantec. Prices range from as little as $0.20 for a single check to $30 for a monthly subscription. Also for sale on the hacking forums are the software activation codes known as “serial keys,” that unlock applications such as the Windows 7 operating system or Microsoft Office. Keys for Russian anti-virus software are for sale at minimal cost. For hackers long on greed, but short on technical skill, Russian hacking forums are packed with technical whizzes offering to either perform such hacks on behalf of a client or walk neophytes through their own attacks. Despite public announcements by the Russian government that it is taking action to fight cybercrime inside the country’s borders, it is doubtful that the problem will diminish anytime soon. According to the best estimate, it is in fact growing at a rapid pace and this is no accident. At first glance, the cybercrime industry appears to be a major problem for Russia. In truth, it appears to be more of a national asset in disguise, one that is now being secretly cultivated by Putin’s government. Given the minimal negative impact on Russia’s domestic population from cyber crime (nearly all Russian hackers aim at more lucrative targets abroad), there is little pressure from the public to crack down on cyber criminals. On the whole, Russia’s economy gains from this industry, which is illicit but nonetheless now generates in excess of $4 billion annually. Russia’s registry of criminal websites maintained by Roskomnadzor certainly does not have Russian cyber criminals running for cover. Not only do the hacking forums that provide these services not bother to hide themselves, they actively flaunt their criminal intentions with names like Exploit.In, InAttack, Hacker Pro Club, and HackForce.Ru. The boldness of Russian cyber criminals is not surprising in light of lax enforcement actions against hackers, even those caught red-handed. For example, the Russian hacker Yevgeny Anikin received a slap on the wrist after he was convicted of stealing $9 million from the Royal Bank of Scotland, avoiding jail time when his sentence was suspended. His co-conspirator, Viktor Pleshchuk, also earned a suspended sentence. By contrast, members of a female Russian punk band received a two-year prison sentence in August for merely singing a song in a Russian church protesting Vladimir Putin’s rule. Given the differences between these two sentences, it is obvious that the policy of Russia’s government is to publicly condemn cybercrime while simultaneously allowing it to flourish more or less in the open. One of the most telling signs of Russia’s relaxed attitude when it comes to hacking is the availability of pirated activation keys for Kaspersky Internet Security, the best-selling product of Russia’s biggest computer security firm. Kaspersky is one of Russia’s wealthiest men, a former Soviet intelligence officer, a close ally of Russia’s president, and yet his company’s premier anti-hacking software is available from hacking forums for a paltry $4-a-year subscription fee.
Expects Russia’s cybercrime industry to continue to grow in sophistication and size in the coming years for a host of reasons, but most of all because the industry helps the country’s economy by extracting wealth from foreign countries. From a strategic standpoint, it also is in Russia’s national interest to cultivate cyber expertise among its people as cyber warfare capabilities could soon become as important as traditional military technologies like those needed to make missiles. In short, Russia’s lax attitude towards cybercrime appears to be at best a form of willful neglect and at worst an intentional policy meant to bolster the country’s power vis-à-vis rival nations.