If you want to hack a telephone, order a cyberattack on a competitor’s Web site or buy a Trojan program to steal banking information, look no further than Russia.
The breadth and sophistication of services sold on Russian
language Web sites offer a small window onto a Russian criminal underground that is costing Western firms billions of dollars in credit card and online banking fraud as well as “phishing” attempts to lure people into downloading malware or disclosing passwords.
“If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe, but in terms of quality then Russia is probably the leader,” said Vitaly Kamluk, a cybersecurity researcher in Moscow.
Two of the five most wanted men in the US for cybercrime are Russian, and one is from Latvia, which was part of the Soviet Union.
Russians were also behind the biggest cybercrime case in US history. US federal prosecutors named four Russians and a Ukrainian in a banking card fraud spree that cost companies including J.C. Penney Co, JetBlue Airways Corp and French retailer Carrefour SA more than US$300 million.
The risk of being prosecuted is so low it does little to dissuade highly educated and skilful — but underemployed — programmers from turning to illicit hacking for profit or fun.
In a country where wages are lower than in the West and life is expensive, and which has long produced some of the world’s best mathematicians, the temptation to turn to crime is great and the hackers are generally ahead of the people trying to catch them.
“People think: ‘I’ve got no money, a strong education and law enforcement’s weak. Why not earn a bit on the side?’” said Alexei Borodin, a 21-year-old hacker.
As long as these hackers target victims abroad, experts say, the Russian authorities are willing to sit back and let them develop tools to burrow into computer vulnerabilities, which they can in turn use for their own cyberespionage.
Two of the Russian suspects in the banking card fraud case were arrested while in the Netherlands, but two others — Alexander Kalinin, 26, and Roman Kotov, 32 — are still at large and thought to be in Russia, where experts doubt they will be caught.
Moscow’s decision to harbor Edward Snowden, wanted in the US for leaking details of government surveillance programs on the telephone and Internet, is likely to freeze already slow-moving cross-border police cooperation with Washington, they said.
“They have been doing this in Russia for many years now,” said Misha Glenny, an expert and author on cybercrime. “Russian law enforcement and the [Federal Security Service] FSB in particular have a very good idea of what is going on and they are monitoring it, but, as long as the fraud is restricted to other parts of the world, they don’t care.”
Several e-mail requests for comment and telephone calls over three weeks to the special Russian Ministry of the Interior unit tasked with policing the Web — Department K — went unanswered.
HACKER VERSUS HACKER
The pool of talent churned out by top-tier institutes excelling in hard sciences across the former Soviet Union is indisputable.
A trio of students from the St Petersburg National Research University, for instance, won the oldest and most prestigious world programing competition, the ACM International Collegiate Programming Contest, four times in the last six years.