Russia - a happy haven for hackers

Internet crime is reaching epidemic proportions

For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers and virus writers confined inside the country by restricting their access to the internet.

A decade later, internet penetration is booming in the region, particularly in Russia, and viruses are epidemic. In fact, Russians are linked to some of the nastiest viruses the IT world has experienced so far: Bagel, MyDoom and NetSky, to name just a few.

Security experts warn that the situation is likely to worsen as hacking, cracking and virus writing shift from being a mischievous hobby of young kids to a lucrative occupation of skilled professionals working hand-in-hand with hardened criminals.

"The influence of organised crime in this area is steadily growing, says Alexander Gostev, a security expert with Moscow-based Kaspersky Labs. "We are now seeing more malicious programs written by professionals, and not by script kiddies as we experienced two to three years ago."

DK Matai, chairman of Mi2g, a London-based security service provider, agrees. "The Mafia, which has been using the internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud," he says.

The motive is obvious: money - in some cases, big money, which fuels other traditional Mafia activities, such as drug smuggling and prostitution.

"There is more of a financial incentive now for hackers and crackers as well as for virus writers to write for money and not just for glory or some political motive," says one former hacker, known as 3APA3A, who is now employed as a security expert.

That view contrasts sharply with the situation several years ago when hacking had another status in Russia. In a message published on, one former hacker-turned-teacher wrote that during his childhood, he and a couple of friends hacked programs and distributed them for free. "It was like our donation to society," he writes. "It was a form of honour; [we were] like Robin Hood bringing programs to people."

Today, hundreds or even possibly thousands of skilled Russians desperate for cash are scouring the internet looking for security vulnerability in the computer networks of companies, particularly in the US and Europe. They are creating worms and Trojans for stealing credit card and other financial information, or turning inflected computers into zombie hosts to establish illegal spam farms, or extorting money by threatening companies with a distributed denial-of-service attack if they don't pay. And more.

If there were a happy haven for hackers these days, it would be Russia, says Ken Dunham, director of malicious code at US-based iDefense. "In Russia, perhaps more than in most other countries right now, hacking magazines and software are sold on the streets of Moscow," he says. "It's not a secret as you'd expect, but right out there in the open."

The combination of overeducated and underemployed specialists has made Russia an ideal breeding ground for hackers. The hacker community was infused with professionals following a financial crash in 1998 that left many computer programmers and business people financially destroyed and out of work. Even today, the country continues to churn out plenty of students who excel at mathematics and physics, but who struggle to find work.

"Russian criminals offer students money to spend time with them to carry out illegitimate activities in return for cash," Matai says. "They are active not only in schools and universities, but also through their own recruitment centres where they siphon off talent for organised criminal purposes, which include selling services to groups in other countries, such as Islamic hackers."

Another factor making Russia an even more fertile nest for hackers is the growing number of residents now able to access the internet. The Ministry for Communications projects their numbers to grow from 6% of the population (around 148 million) in 2003 to 15% by 2005. Some 11 million people currently use the internet, while about nine million own a computer.

Cybercrime doubled in 2003 to 11,000 reported cases, according to the Ministry of Internal Affairs. The most frequent crimes were illegal access to computer information, distribution of pirated software and cyberattacks on financial institutions.

Russian hackers have been behind some of the most audacious cybercrimes ever reported. Mathematician and computer specialist Vladimir Levin was arrested in 1995 and sentenced to three years in a prison in the US in 1997 for hacking into Citibank's computers and electronically transferring about $10m out of the bank's accounts. To this day, no one knows exactly how he broke into the bank's system.

In 1999, Russian hackers were credited with disrupting Nato and US government websites.

In 2000, Vasiliy Gorshkov and Alexey Ivanov were lured to the US by FBI agents and later arrested. Gorshkov was sentenced to three years in prison and given a $700,000 fine after he was convicted on 20 counts of conspiracy, fraud and other related computer crimes. The pair had admitted hacking into the computers of US companies to steal credit card information and other personal financial data and then extort money from the victims by threatening to expose that information to the public on the internet or to damage the companies' computers.

A gang of computer hackers, headed by a 63-year-old pensioner, was arrested by Russian police in 2001. The former computer programmer for a Moscow institute was apparently bitter over receiving no royalties from his work. So he teamed up with a former policeman and three others to steal the details of credit cards from individuals in the US and Europe and use them to make online purchases. The gang then channelled their income back to Moscow through a bogus internet site they had created, which sold useless information about timber in Russia.

Hacking is illegal in Russia, but is sometimes more akin to a getting a parking ticket than a serious felony - something that on paper is wrong but not morally reprehensible, according to Timofey Saitarly, project administrator at the Ukrainian Computer Crime Research Centre ( "Young people often hack expensive foreign software because they can't afford it," he says. "Some of the software costs as much as they make in an entire month or even more."

Sergey Bratus, a research associate at the Institute for Security Technologies Studies in the US, has a similar opinion. "A huge problem in Russia, particularly Moscow, is violent crime," she says. "Compared to this, small-time computer crime doesn't seem to be a big issue to society. Hackers aren't making the streets unsafe."

Local investigations also are hampered because authorities cite other, higher priorities. That means many hackers are able to operate in what are essentially safe havens. And in an interconnected world such as the internet, a few safe havens are all that is needed to wreak havoc on every country.

"I know of no hackers being imprisoned in Russia," says Gostev. "Law enforcement officials don't seem to be taking any real major action maybe because none of this hacking has been directed at Russian companies or organisations. They seem to be more interested in protecting national security."

The Russian government has several groups hunting cybercriminals. The Ministry of Internal Affairs, for instance, has a special task force dubbed "the spider group".  And there is a unit within the Federal Security Services, the successor to the Soviet Union's KGB. How effective they are, particularly when a crime extends beyond their borders, is unclear.

"It is one thing to criminalise the creation of viruses," says Gus Hosein, senior fellow at The London School of Economics and Political Science. "It is another to investigate the means through which viruses are propagated in the hope to trace it back to its origin."

Such investigations, according to Hosein, would require access to traffic data at internet service providers throughout the world. So what about a virus that emerges in the US, but is traced back to Russia? Who would do the tracing? 

If Russia, for example, were to take the lead, how would US ISPs or those in other countries know that a Russian request for traffic data is "for the investigation of a virus trail or to track the dissemination of information regrading Chechnya?" Hosein says.

"The point is that policies will be developed to enhance the investigation of viruses in order to trace virus makers and other perpetrators of cybercrimes, only to see those same powers used for different purposes, such as pursuing copyright crime and 'indecent' communications."

Add to that the global approach virus writers are now taking to make their assaults even more difficult to track. "We are monitoring virus incidents whereby writers operating in country A launch a virus in country B to infect computers in country C," says Mikko Hyppönen, director of antivirus research at F-Secure in Finland. "It is hard to prosecute offenders especially when laws are nonexistent in many of the countries that these guys are using to launch their virus attacks."

International law is often ill-suited to deal with the problem, with conflicting views on what constitutes cybercrime, how - or if - perpetrators should be punished and how national borders should be applied to a medium that is essentially borderless.

"What is needed is the ability to extradite," says Matai. "But this is not easy because of the anonymous nature of organised crime - it is very difficult to pin down who actually committed a crime - and because individuals who are caught committing a crime in one country may not have any laws against that crime in their own country."

Efforts to establish global cybercrime laws exist. Hosein points to the Council of Europe convention on cybercrime, a treaty signed in November 2001 that calls on countries to harmonise their laws on and investigative powers of all illegal behaviour, including hacking and child pornography, and to ensure international co-operation in investigations. But Hosein warns that as countries adopt the convention into national law, many tend to go further than necessary in order to expand their powers.

Some experts are in favour of establishing a special global cybercrime task force, similar to the Interpol international police network. "We just need to copy the Interpol structure for traditional crime, make some slight changes and establish cooperative programmes," Gostev says.

In the absence of a global net policeman, Microsoft has been offering Wild West-like bounties to catch cybercriminals. But one former virus writer in the Czech Republic dismisses the bounty as a marketing tactic, saying it will have no deterrent effect. "For Microsoft, it's just another excuse for their buggy software," says Benny. "It's only about marketing."

Security experts believe the best way to curb cybercrime is for each and every user to make sure his or her front door is securely locked.

"A due diligence approach is required to help fight off this new wave of cybercrime," says Dunham. "Everyone must take responsibility for helping to harden computers against attack, from the end-user to the chief executive officer of a large corporation."

John Blau writes for IDG News Service

Read more on Hackers and cybercrime prevention