If you want to hack a telephone, order a cyberattack on a competitor’s Web site or buy a Trojan program to steal banking information, look no further than Russia.
The breadth and sophistication of services sold on Russian
language Web sites offer a small window onto a Russian criminal underground that is costing Western firms billions of dollars in credit card and online banking fraud as well as “phishing” attempts to lure people into downloading malware or disclosing passwords.
“If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe, but in terms of quality then Russia is probably the leader,” said Vitaly Kamluk, a cybersecurity researcher in Moscow.
Two of the five most wanted men in the US for cybercrime are Russian, and one is from Latvia, which was part of the Soviet Union.
Russians were also behind the biggest cybercrime case in US history. US federal prosecutors named four Russians and a Ukrainian in a banking card fraud spree that cost companies including J.C. Penney Co, JetBlue Airways Corp and French retailer Carrefour SA more than US$300 million.
The risk of being prosecuted is so low it does little to dissuade highly educated and skilful — but underemployed — programmers from turning to illicit hacking for profit or fun.
In a country where wages are lower than in the West and life is expensive, and which has long produced some of the world’s best mathematicians, the temptation to turn to crime is great and the hackers are generally ahead of the people trying to catch them.
“People think: ‘I’ve got no money, a strong education and law enforcement’s weak. Why not earn a bit on the side?’” said Alexei Borodin, a 21-year-old hacker.
As long as these hackers target victims abroad, experts say, the Russian authorities are willing to sit back and let them develop tools to burrow into computer vulnerabilities, which they can in turn use for their own cyberespionage.
Two of the Russian suspects in the banking card fraud case were arrested while in the Netherlands, but two others — Alexander Kalinin, 26, and Roman Kotov, 32 — are still at large and thought to be in Russia, where experts doubt they will be caught.
Moscow’s decision to harbor Edward Snowden, wanted in the US for leaking details of government surveillance programs on the telephone and Internet, is likely to freeze already slow-moving cross-border police cooperation with Washington, they said.
“They have been doing this in Russia for many years now,” said Misha Glenny, an expert and author on cybercrime. “Russian law enforcement and the [Federal Security Service] FSB in particular have a very good idea of what is going on and they are monitoring it, but, as long as the fraud is restricted to other parts of the world, they don’t care.”
Several e-mail requests for comment and telephone calls over three weeks to the special Russian Ministry of the Interior unit tasked with policing the Web — Department K — went unanswered.
HACKER VERSUS HACKER
The pool of talent churned out by top-tier institutes excelling in hard sciences across the former Soviet Union is indisputable.
A trio of students from the St Petersburg National Research University, for instance, won the oldest and most prestigious world programing competition, the ACM International Collegiate Programming Contest, four times in the last six years.
Three Russian teams, one from Belarus and one from Ukraine, were also among the top 10 finalists this year in the contest, which featured teams from 2,322 universities in 91 countries.
However, in a survey this year, only 51 percent of information-technology specialists in Russia polled by Headhunter, a recruiting Web site, found jobs in the country’s burgeoning IT sector. It said an average salary in Moscow for work in information security was 65,000 rubles (US$2,000) a month, far less than Western counterparts would earn.
Hacking is not a crime in and of itself. So-called white hat hackers, who access computers to bolster security defenses, face off at the front lines of a virtual battleground with criminals, known as crackers or black hat hackers, who break in with ill intent.
Hackers on both sides of that divide are mostly aged 22 to 30 and, in Russia, many may have been university classmates.
Borodin, who works on start-ups involved in Bitcoin, the virtual currency, describes Web security as his hobby. Known as ZonD80, he began exploring computer vulnerabilities at the age of 12, and made waves last year by publishing a hack allowing iPhone users to avoid paying for in-App upgrades — a system loophole it took him about a week to find.
He says he has never broken the law.
“I hacked Apple and Google systems, but I’ve been working on the other side for ages... Now it’s fun to design defenses against all the hacks I used to do myself,” he said in an interview via instant messenger. “There aren’t really any boundaries. Someone can go over to the bad side or suddenly become a protector. In any event, if you’re caught, then you were in the wrong place at the wrong time.”
WEAPONS RACE
At the Moscow headquarters of the Kaspersky Lab, a Russian rival to US security firms Symantec and McAfee, sweatshirt-clad youths sit silently tapping away in an ultra-sleek workspace.
“Stealing money from behind a screen is incomparably easier psychologically than attacking someone in the street,” Kamluk, 29, said in a round, glass room known as the Virus Lab.
Here, client data on millions of suspicious programs is parsed by analysts sitting at a circle of screens that looks like a spaceship’s control room.
“Using technical means, you can fight cybercrime endlessly, but it is a non-stop weapons race: We make security systems and they find ways around it,” Kamluk added.
The soft-spoken Belarusian, who sports a Mohawk and a T-shirt printed with green-on-black computer code, was hired in 2005 and is now part of an elite team chosen by chief executive Eugene Kaspersky to investigate new or exotic cyberthreats.
The Global Research and Expert Analysis Team, or GREAT for short, discovered the Stuxnet cyberweapon, which is believed to have been used by the US and Israel to attack Iran’s nuclear program a few years ago.
This year Kamluk and other GREAT prodigies uncovered a Russian-speaking cyberespionage gang, Red October, operating a complex data-hijacking system used to steal intelligence from government, military and diplomatic targets worldwide.
GREAT was not able to identify who was behind the gang, but the manpower and expense needed to wield such a network is believed by some experts to point to the involvement of a state intelligence agency, possibly Russian.
ADVICE FORUMS
Online forum threads offer advice on what countries have the most crime-friendly laws and sell cybertools such as “bullet-proof hosting” from which to launch attacks.
In a feeble nod to the law, some sellers post disclaimers, denying responsibility if their service is put to criminal use.
Such forums played a crucial role in the criminal baptism of a generation of programmers who emerged onto the job market in the 1990s when the Soviet Union was unraveling and have served as hacker incubators popularizing cybercrime in Russia.
“In 2008, you needed to buy a Botnet [a network of infected computers] and set it up, it was quite sophisticated. Nowadays, every schoolboy can do this by ... using forums and reading,” said Maxim Goncharov, a researcher at security firm Trend Micro.
The amount of cash flowing to this underground industry is hard to quantify as many companies do not report losses. Moscow-based cyberforensics firm Group-IB estimated the Russian cybercrime market was worth US$2.3 billion in 2011 and far more today.
Some of the cash, it says, goes to pay off corrupt police, who then tip off the criminals.
Andrey Komarov, head of international projects at Group-IB, said cybercriminals are winning in the war against the world’s law enforcement agencies.
“It is like the battle between a fly and an elephant,” Komarov said. “Some cybercriminals have very close contacts with corrupted law enforcement agencies, and during our investigations some disappeared and were not arrested.”
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
Can US dialogue and cooperation with the communist dictatorship in Beijing help avert a Taiwan Strait crisis? Or is US President Joe Biden playing into Chinese President Xi Jinping’s (習近平) hands? With America preoccupied with the wars in Europe and the Middle East, Biden is seeking better relations with Xi’s regime. The goal is to responsibly manage US-China competition and prevent unintended conflict, thereby hoping to create greater space for the two countries to work together in areas where their interests align. The existing wars have already stretched US military resources thin, and the last thing Biden wants is yet another war.
Since the Russian invasion of Ukraine in February 2022, people have been asking if Taiwan is the next Ukraine. At a G7 meeting of national leaders in January, Japanese Prime Minister Fumio Kishida warned that Taiwan “could be the next Ukraine” if Chinese aggression is not checked. NATO Secretary-General Jens Stoltenberg has said that if Russia is not defeated, then “today, it’s Ukraine, tomorrow it can be Taiwan.” China does not like this rhetoric. Its diplomats ask people to stop saying “Ukraine today, Taiwan tomorrow.” However, the rhetoric and stated ambition of Chinese President Xi Jinping (習近平) on Taiwan shows strong parallels with