Russian hackers: champions in money-stealing technologies
More than 11 thousand cyber crimes occur in Russia annually. However, experts believe that the majority of hackers’ activities remain unknown to the police. Also, most Russian companies are trying to conceal their vulnerability from clients. The domestic hackers have established themselves long ago as the champions of the criminal Internet-community.
In the beginning of June 2016, one of the largest crackdowns in the whole history of cyber crimes occurred in Russia. A joint operation of the Ministry of Internal Affairs of the Russian Federation (MIA) and the Federal Security Service of the Russian Federation (FSB) in 15 Russian regions resulted in arrest of a group of 50 hackers who had stolen more than 1.7 billion rubles from financial institutions using malicious computer software and intended to withdraw 2.2 billion rubles more through fictional bank transfer orders. Experts believe that this is just the tip of the iceberg.
"An indicator of the Russian hackers’ mastery is the fact that currently there are three major cyber crime ecosystems in the world – and there are no American or West-European groups among them. Russian-speaking hackers remained the champions for a long time, although recently they have yielded the leadership to Chinese colleagues – but only due to their superior numbers. The Latin-American hackers community holds the third place," – the Kaspersky Lab, known primarily for its antivirus software, told CrimeRussia.
Video: Fifty hackers detained for stealing 1.7 billion rubles from Russian banks
It was the Kaspersky Lab who assisted Russian law enforcement authorities in tracing the criminal group by analyzing their malicious software, determining the hackers’ network infrastructure, and then – identifying their personalities. The infection of financial structures’ networks and money withdrawals were performed using the Lurk Trojan – either via an employee’s workstation with further penetration into the corporate network, or through a hacked web-site. The virus is very difficult to detect because it does not write itself on the hard drive but instead operates in the memory of infected computers. The hackers also created a special system to cover up their traces. They used the anonymous Tor network, various VPN-services and wireless access points belonging to other users. So far, Sberbank is named among the victims. Some sources say that Metallinvestbank, Russky Mezhdunarodny (Russian International) Bank, Metropol Bank, and REGNUM Bank have been affected by cyber attacks as well.
"While Chinese cyber criminals were initially focused on attacking online gamers and stealing data, the characteristic features of "ours" always were: continuous invention of new technologies, specialization in botnets, stealing money from banks and their clients, distribution of spam, and DDoS attacks," – Kaspersky Lab notes.
The main reason behind the Russian leadership in cyber crimes is a large number of specialists whose education is "too good", and whose everyday jobs don’t require such high qualifications. Many experts link the creation of a hackers community in Russia with the financial crisis of 1998.
"The peak of hackers’ activity in Russia was in the 1990s and early 2000s, when many skilled young programmers were unable to find a decent job and had to commit cyber crimes," – Kaspersky Lab experts say.
It’s still difficult for graduates of technical universities to find a good job.
"The organized crime exploits this situation: they offer students to make some money on development of illegal software. They search for suitable candidates not only in universities, but also using specially-created recruitment centers," – D. K. Matai, the Executive Chairman of a British research company MI2G, says.
More than 11 thousand cyber crimes occur in Russia annually. It’s twice as much as it was 10 years ago. First of all, this is due to the increased availability of the Internet. Today, more that 11 million people in Russia are connected to the Internet. The most frequent crimes are: illegal access to computer information, distribution of pirated products, and virus attacks on financial institutions.
More than once Russian citizens were involved into most high-profile cyber crimes. For example, in 1995 Vladimir Levin, the ‘parent’ of domestic hackers movement, was jailed in the US for illegal withdrawal of funds from bank accounts in various countries. According to some sources, an amount estimated in the range from 400 thousand USD to a quarter of the 12 million USD stolen by him, was never found. In 2000, Chelyabinsk natives Alexey Ivanov and Vasily Gorshkov became famous for breaking into computer systems and incurring damages of 25 million USD to American financial institutions. In addition, they stole information of 6.5 thousand credit cards belonging to one company’s clients and requested a ransom for it.
According to the Group-IB study carried out by the Internet Initiatives Development Fund (IIDF) and Microsoft, current damages to the Russian economy from hackers’ criminal activities exceed 203.3 billion rubles, which is equal to 0.25% of the Gross Domestic Product. More than 92% of major commercial companies, small and medium businesses, governmental structures became victims of cyber attacks. And while larger companies lose funds that could be used for investments, new businesses often barely recover from such attacks, Margarita Zobnina, Head of the IIDF Research Department, notes. Research studies in Russia lose up to 22.8% of the budget funding due to cyber attacks.
According to the most recent data from the Ministry of Internal Affairs (MIA), 41% of all thefts and frauds in Russia are results of cyber attacks. However, experts believe that this figure is not accurate because the majority of hackers’ activities remain unknown to the police. According to the Russian Public Opinion Research Center (VCIOM), 21% of Russians beware of cyber frauds; hackers hold the second place, after terrorists, among groups most feared by the Russians; however, reports to police of a stolen password or virus attack are still pretty rare in Russia.
Experts explain that the Russian legislation is too lax, while potential gains from cyber crimes are huge. For example, criminal twins Evgeny and Dmitry Popelish stole 13 million rubles from 170 client accounts of VTB24 Bank in 46 Russian regions and were sentenced only to a 6-year conditional term and fine of 450 thousand rubles. If the funds were stolen ‘in the real world’ (i.e. not virtually), the brothers would face up to 15 years behind bars.
"There are certain complications in Russia that constrain investigation of such incidents. First of all, the legislation regulating high-tech crimes is weak. For example, in the US companies must report attacks on their IT-structures, this is a legal requirement. In Russia the situation is just opposite: companies prefer to conceal the incidents because they are afraid of reputational losses," – Kaspersky Lab specialists note.
In addition, it’s difficult to prove the very fact of a cyber crime. Most of such crimes fall under petty crime articles with maximal punishment up to 7 years in prison. There are also issues related to the personnel training in Russia – the authorities responsible for investigation of computer crimes do not have special departments and experts with required technical knowledge and skills. Finally, Kaspersky Lab experts say, so-called ‘security on paper’ still exists in many organizations – numerous regulations updated on the regular basis that are not effective in real life. On the West, there are no such regulations, but an organization must make every effort to preserve the security of its clients. If the client data are stolen, the organization would be penalized.
There are also issues related to the cross-border nature of cyber crimes.
"We often encounter viruses created in one country and distributed from another country to infect computers in a third country. It’s difficult to chase a criminal, especially taking that in many countries where hackers operate, there are no clear regulations in this sphere," – Mikko Hyppönen, the Chief Research Officer of F-Secure, says.
The international legislation is not effective either. Different countries have different understanding of what is a cyber crime and what punishment could be imposed for it.
In addition, some experts believe that hackers often operate not on their own, but in collaboration with governmental special services. For example, in 1999 some domestic ‘artisans’ joined international politics: the attack of Russian hackers on the NATO server and web-sites of US military services due to the bombing of Yugoslavia became a high-profile scandal. Many Western experts still believe that the criminals were directed from the Kremlin.
Another example are DoS-attacks on web-sites of the Estonian President, Parliament, Ministries, and press in 2007 that made those inaccessible. In addition, the cyber fraudsters have withdrawn some 1 million USD from local banks. To resist the attack, the country had to shut down the Internet completely. This incident occurred when diplomatic relations between Tallinn and Moscow have deteriorated drastically due to the transfer of Soviet military burials. Later, in 2009, ‘Nashi’ pro-Kremlin youth movement claimed responsibility for the attack.
In 2008, when Lithuania passed a law banning Soviet symbolic, more than 300 local web-sites have been attacked by hackers. During the conflict with Georgia, web-sites of its Defense Ministry and media were attacked. Recently, in 2015, the e-mail account of the American President Barack Obama and the Pentagon e-mail system were hacked.
Although there are no direct evidences of Russian hackers’ involvement into all these incidents, specialists note some indirect signs. For example, all the attacks occurred during work hours in Moscow and used Russian language in some chapters of the code. Nowadays many experts call the Internet a new field for politics – and wars. According to various sources, some 60 countries currently possess cyber spying tools and use hackers’ attacks. 29 countries, including China and France, have special military cyber units.
In summer 2015, the UN Group of Governmental Experts (UN GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security agreed to use cyber technologies for peaceful purposes only and never attack critical infrastructure objects – nuclear plants, banks, etc. However, so far these agreements are only voluntary.
The Russia’s Investigative Committee central office has taken the case of former Vice-Governor of St. Petersburg Marat Oganesyan for investigation. However, the St. Petersburg’s Investigative Committee dept (regional dept where the case had been investigated previously) did not find state budget damage in the Zenit Arena fraud case.
Among his accomplices are a lawyer, who presented himself as the plenipotentiary of the self-proclaimed republic in the International Criminal Court with the United Nations, and an entrepreneur, already serving a sentence for attempting to seize a building.