BlackHat USA 2009: Russian's Organized Crime Heritage Paved Way For Cybercrime9:12 PM EST Wed. Jul. 29, 2009
Russia's longstanding history with organized crime has nurtured a current crop of sophisticated cybercrime organizations dedicated to information stealing and political "hacktivism."
During a BlackHat USA 2009 presentation, Dmitri Alperovitch, McAfee Internet threat researcher, said that Russia's history of organized crime has paved the way for the emergence of highly sophisticated cybercrime organizations that have spearheaded the emergence of Internet worms, botnets, spamming, phishing and credit card forums.
But fundamentally, there is little difference between cybercrime and other types of crime. "At the end of the day, it's about the money," he said.
Alperovitch said that the current security environment is ripe for cybercriminals. Unlike other types of crime, cybercrime has low barriers to entry, there is little prevention and few enforcement mechanisms, and the returns are "enormous." The "ease of doing business" has facilitated a reported 275,000 incidents in 2008 which translates to about $265 million lost in the U.S. alone, he said.
And that's just the tip of the iceberg, Alperovitch said.
Russia, in particular, has a long history of organized crime, he said. Organized crime emerged during Lenin/Trotsky era. Russian prisons, known as Gulags, housed criminals who formed a distinct organization known as "Thieves and Law."
"Out of these places evolved sophisticated organizations," Alperovitch said.
Members of these organizations were required to abandon their existing families and commit solely to the organizations, using tattoos as a language to communicate their rank and the crimes they have committed.
"Violations of this code were punishable by physical mutilation and even death," Alperovitch said. "They viewed crime as a way of life. They were willing to live and die for their organization."
Initially, Russian cybercrime had its roots in software piracy. However, cybercrime took off following a 1994 Citibank hack linked to St. Petersburg, which allowed attackers to access more than $10 million via the telephone system. Much of that money was never recovered.
"It was difficult to prosecute," Alperovitch said. "What was clear was that this was not a one-man operation."
In the late 1990s, Russian cybercriminals were an integral part of the creation and the monetization of botnets and Internet worms, Alperovitch said, which paved the way for organized crime organizations built around spamming and phishing.
"They realized early on there is a lot of money to be made in spamming and phishing," he said.
But the attacks were motivated by more than just money. Russian cybercriminals realized that cybercrime efforts could be used for political activism, or "hacktivism," which was reflected in denial of service attacks on Estonia in 2005 and on the Georgian government and news Web sites in 2008.
By mid-2000, these organizations were full-fledged businesses. One cybercrime organization, known as CarderPlanet, specialized in the theft and sale of credit cards and identifying information.
As they developed, these organizations operated like corporations, and assigned jobs to members to buy, sell and trade stolen information. "This is about business. This is all about money. These guys are businessmen. They pay for advertising," said Keith Mularski, an FBI cyber division special agent.
They also created Web forums in which they could communicate with other hackers in the cyber underground.
Incrementally, law enforcement began to catch up to some of the Russian cybercrime organizations. Among those recently arrested was Maxim Yastremsky, a hacker partly responsible for the 2006 TJX breach and Roman Vega, mastermind behind credit card dump sites and carding forums.
Mularski described a deep undercover operation over a three-year time span in which he posed as a cyber criminal on the DarkMarket forum. The sting resulted in the arrest of 56 indivduals worldwide, more than $70 million in potential economic loss prevented, and recovery of 100,000 compromised credit cards, he said.
When people think of cybercrime -- this is the first thing I thought of -- everybody is a geek," Mularski said. "Really, the cybercrime out there is highly organized."