Viruses nip Russia after the Cold War

For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers and virus writers confined inside the country by restricting their access to the Internet.

A decade later, Internet penetration is booming in the region, particularly in Russia, and viruses are epidemic. In fact, Russians are linked to some of the nastiest viruses the IT world has ever experienced: Bagel, MyDoom and NetSky, to name just a few.

Security experts warn that the situation is likely to worsen as hacking, cracking and virus writing shift from being a mischievous hobby of young kids to a lucrative occupation of skilled professionals working hand-in-hand with hardened criminals.

“The influence of organized crime in this area is steadily growing, said Alexander Gostev, a security expert with Kaspersky Labs Ltd. in Moscow. “We are now seeing more malicious programs written by professionals, and not by script kiddies as we experienced two to three years ago.”

DK Matai, chairman of Mi2g Ltd., a London-based security service provider, agrees. “The Mafia, which has been using the Internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud,” he said.

The motive is obvious: money — in some cases, big money, which fuels other traditional Mafia activities, such as drug smuggling and prostitution.

“There is more of a financial incentive now for hackers and crackers as well as for virus writers to write for money and not just for glory or some political motive,” said one former hacker, known as 3APA3A, who is currently employed as a security expert.

That view contrasts sharply with the situation several years ago when hacking had another status in Russia. In a message published on, one former hacker-turned-teacher wrote that during his childhood, he and a couple of friends hacked programs and distributed them for free.

“It was like our donation to society,” he wrote. “It was a form of honour; (we were) like Robin Hood bringing programs to people.”

Today, hundreds or even possibly thousands of skilled Russians desperate for cash are scoring the Internet looking for security vulnerability in the computer networks of companies, particularly in the U.S. and Europe. They are creating worms and Trojans for stealing credit card and other financial information, or turning inflected computers into zombie hosts to establish illegal spam farms, or extorting money by threatening companies with a distributed denial-of-service attack if they don’t pay. And more.

Indeed, if there were a happy haven for hackers these days, it would be Russia, according to Ken Dunham, director of malicious code at iDefense Inc. in Reston, Virgina.

“In Russia, perhaps more than in most other countries right now, hacking magazines and software are sold on the streets of Moscow,” he said. “It’s not a secret as you’d expect, but right out there in the open.”

Moscow even has a hacking school:

The combination of over-educated and under-employed specialists has made Russia an ideal breeding ground for hackers. The hacker community was infused with professionals following a financial crash in 1998 that left many computer programmers and business people financially destroyed and out of work. Even today, the country continues to churn out plenty of students who excel at mathematics and physics, but who struggle to find work.

“Russian criminals offer students money to spend time with them to carry out illegitimate activities in return for cash,” Matai said. “They’re active not only in schools and universities, but also through their own recruitment centers where they siphon off talent for organized criminal purposes, which include selling services to groups in other countries, such as Islamic hackers.”

Another factor making Russia an even more fertile nest for hackers is the growing number of residents now able to access the Internet. The Ministry for Communications projects their numbers to grow from six per cent of the population (around 148 million) in 2003 to 15 per cent by 2005. Eleven million people currently use the Internet, while around nine million own a computer.

Cybercrime doubled in 2003 to 11,000 reported cases, according to the Ministry of Internal Affairs. The most frequent crimes were illegal access to co

Russian hackers have been behind some of the most audacious cybercrimes ever reported. Mathematician and computer specialist Vladimir Levin from St. Petersburg was nabbed in 1995 and sentenced to three years in a Florida prison in 1997 for hacking into Citibank Inc.’s computers and electronically transferring around US$10 million out of the bank’s accounts. To this day, no one knows exactly how he broke into the bank’s system.

In 1999, Russian hackers were credited with disrupting NATO and U.S. government Web sites.

In 2000, Vasiliy Gorshkov and Alexey Ivanov were lured to the U.S. by Federal Bureau of Investigation agents and later arrested. Gorshkov was sentenced to three years in prison and given aUS$700,000 fine after he was convicted on 20 counts of conspiracy, fraud and other related computer crimes. The pair had admitted hacking into the computers of U.S. companies to steal credit card information and other personal financial data and then extort money from the victims by threatening to expose that information to the public on the Internet or to damage the companies’ computers.

A gang of computer hackers, headed by a 63-year-old pensioner, was arrested by Russian police in 2001. The former computer programmer for a Moscow institute was apparently bitter over receiving no royalties from his work. So he teamed up with a former policeman and three others to steal the details of credit cards from individuals in the U.S. and Europe and use them to make online purchases. The gang then channeled their income back to Moscow through a bogus Internet site they had created, which sold useless information about timber in Russia.

Hacking is illegal in Russia, just as it is in the U.S. Enforcement, however, is where the two countries differ. In Russia, hacking is sometimes more akin to a getting a parking ticket than a serious felony — something that on paper is wrong but not morally reprehensible, according to Timofey Saitarly, project administrator at the Ukrainian Computer Crime Research Center (

“Young people often hack expensive foreign software because they can’t afford it,” he said. “Some of the software costs as much as they make in an entire month or even more.”

Sergey Bratus, a research associate at the Institute for Security Technologies Studies at Dartmouth College in Hanover, New Hampshire, has a similar opinion. “A huge problem in Russia, particularly Moscow, is violent crime,” she said. “Compared to this, small-time computer crime doesn’t seem to be a big issue to society. Hackers aren’t making the streets unsafe.”

Local investigations also are hampered because authorities cite other, higher priorities. That means many hackers are able to operate in what are essentially safe havens. And in an interconnected world like the Internet, a few safe havens are all that is needed to wreak havoc on every country.

“I know of no hackers being imprisoned in Russia,” said Kaspersky’s Gostev. “Law enforcement officials don’t seem to be taking any real major action maybe because none of this hacking has been directed at Russian companies or organizations. They seem to be more interested in protecting national security.”

The Russian government has several groups hunting cybercriminals. The Ministry of Internal Affairs, for instant, has a special task force dubbed “the spider group.” And there is a unit within the Federal Security Services, the successor to the Soviet Union’s KGB. How effective they are, particularly when a crime extends beyond their borders, is unclear.

“It is one thing to criminalize the creation of viruses,” said Gus Hosein, senior fellow at The London School of Economics and Political Science. “It is another to investigate the means through which viruses are propagated in the hope to trace it back to its origin.”

Such investigations, according to Hosein, would require access to traffic data at Internet service providers (ISPs) throughout the world. So what about a virus that emerges in the U.S., but is traced back to Russia? Who would do the tracing?

If Russia, for example, were to take the lead, how would U.S. ISPs or those in other countries know that a Russian request for traffic data is “for the investigation of a virus trail or to track the dissemination of information regrading Chechnya?” Hosein said. “The point is that policies will be developed to enhance the investigation of viruses in order to trace virus makers and other perpetrators of cybercrimes, only to see those same powers used for different purposes, such as pursuing copyright crime and ‘indecent’ communications.”

Add to that the global approach virus writers are now taking to make their assaults even more difficult to track. “We are monitoring virus incidents whereby writers operating in country A launch a virus in country B to infect computers in country C,” said Mikko Hypp

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now