Shaming Russia Into Action On Cyber Crime

krebsatwpost writes "The Washington Post ran a piece earlier this week that confronts the myth that cyber criminal gangs in Russia and Eastern Europe avoid attacking their own, pointing to numerous examples of late that counter this common misconception. The story draws on data from Team Cyrmu about distributed denial-of-service attacks (DDoS) that target Russian and E. European organizations, intel from McAfee about Russian banks and federal agencies that appear to be under control over cyber gangs there, and tens of gigabytes of data stolen via keyloggers that disproportionately impact Russian systems, including that of a top Gazprom official. The piece begins: 'If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that US authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'"

Shortsighted if true

[causality (777677)]

But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?

There are a few problems that really will go away if you ignore them. This doesn't sound like one of those.

Re:

[Jurily (900488)]

There are a few problems that really will go away if you ignore them. This doesn't sound like one of those.

Given the law enforcement culture of the Russians, I don't see how it would matter either way.

Re:

[RCL (891376)]

It'd be unfair to say that our (Russian) government ignores that problem. But little can it do to stop a major and profitable business of software/video/etc piracy and cyber crime with its numerous, but underpaid and corrupted police forces.

Re:

[AaronLawrence (600990)]

So in general, a better economy in Russia should tend to see these things die out?

Re:

[RCL (891376)]

In general, yes. Better economical situation makes law system stronger. Poor economical conditions are likely to result in mafia and other informal structures with their own (usually more complicated and brutal) laws.

That's not something specific to Russia.

I hate to say this.

[paganizer (566360)]

I really hate to say this. Because I'm a big hater of big government, I support Freenet 0.5, anonymity and privacy.
But things are a little TOO free in Belarus and some of the other Ex-soviet states when it comes to Child Pornography; when you have plain old unsecured websites with for-pay preteen sex shows that have been operating for years without problems, something is WRONG.

Re:

[AHuxley (892839)]

Because someone in Russia can get the real IP's and real names for say a Texas lawyer, UK law professor or fortune 500 insider?
Over a few years a Russia can drop the addicted westerner a visit and remind them of their weekend web use.
For a few easy, small tasks, it can all be contained.
The East German's did this with West German's who had interesting pasts in WW2.

Re:

[AHuxley (892839)]

Russian side is an unknown, shared files, shared sites, no profit, for profit, same site, resold under 10 different names?
The real number is western credit card use.
Real people buying their way in, thinking the credit card companies would just pass details on as another transaction and the East bloc providers would keep details safe on a HD, connected to username, pw.
So you have 10000 card names in need of pics and vids via 1 site?
All the FSB can do is sort, who is a Dr, grad student who might run a de

Widespread blackouts from Moscow?

[AHuxley (892839)]

" But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they
were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'""

In the eyes of the Russia gov they are just learning? Russia was invaded and messed with so many times, why not bone up on the 'internet'?
One day Russia will need the skills the brave apartment dwelling computer experts have learned and s

Re:

[RCL (891376)]

There might be some points in what you say, but I think that your conspiracy theory is way too advanced. Just imagine a secret service chief that relies on basement-dwelling hackers to "bring down supercomputers" of a hostile entity. Or just imagine that you're a secret service officer and you are repeating your above post to your chief.

The real problem with cybercrime is Russia is that government cannot control its own population, has no efficient mechanisms to uphold the law and Russia's own IT industry

Re:

[AHuxley (892839)]

After decades of trying to use death squads, assassins, protesters, political parties, journalists ect.. "basement-dwelling hackers" would seem a step up.
As for ""bring down supercomputers" of a hostile entity", you dont need your "basement-dwelling hackers" to do that every night or the west will learn and harden.
Moscow just wants a generation thats got the smarts, if and when needed.
The best way to get that is fearless practice.
If your real Ip is spotted by the FBI, Interpol, Canada, South Africa

Re:

[shutdown -p now (807394)]

All from a lap-top and modem in a Moscow apartment shared by 2 families and 2 large dogs.

In true spirit of /. I'm going to nitpick on technical details. Russia is not Turkmenistan, and you'll be hard pressed to find a working modem in a Moscow apartment these days. 5 to 50 Mbps, ADSL or cable, is more like it.

Re:

[AHuxley (892839)]

Gary McKinnon, the Uk based, US military hacker only needed a modem :)
Point taken, internet connection would have been more correct.

Re:

[smoker2 (750216)]

Gary McKinnon isn't really a hacker. Most of his transgressions are accounted for by pinging certain US govt IPs looking for open RDP ports, and he got in because they weren't passworded. Apparently this accounts for in excess of $800,000 in damage to their systems. He also related how he used to regularly "bump into" other "hackers" while cruising those systems. He only got caught because he was using a system one day, and the real user saw his mouse moving. McKinnon pretended to be doing a security audit

Blackhole all of Russia

[rossz (67331)]

Seriously. If they won't deal with the cyber crime and if the majority of cyber crime originates there, give the Russian government a deadline to get their asses in gear or they will be blocked. Getting this done on the backbone might be problematic, but not impossible.

I've already blocked all of Russia and China from accessing my servers because of too many problems from those countries.

Re:

[RCL (891376)]

You seem to overestimate the power of our (Russian) government. Asking them to "fix" cyber crime is essentially the same as asking them to make Russia a developed country. They cannot do that just by issuing some law.

Russian cyber crime is rooted in:

• Poor and passive population
• Nascent IT industry
• Weak (or even lack of) law enforcement

I'm afraid that you cannot set any reasonable deadline for a government to fix those problems. If you really wanted to fight cybercrime, you'd be engaged yourself (one who i

Re:

[rossz (67331)]

I never said to "fix" the problem. I said give them a deadline to "get their asses in gear". Perhaps it's a language problem since I used a slang expression. What I was trying to say is give them a deadline to make an _attempt_ at dealing with the problem. From where we are sitting, the Russian government is at best doing nothing, at worse actively working with the criminals.

No one expects an overnight miracle. What we do expect is for Russia to abide by and cooperate with international law. Your head

Re:

[rossz (67331)]

If you really wanted to fight cybercrime, you'd be engaged yourself (one who is not willing seeks excuses, one who is, seeks possibilities). But from what you say, you prefer just hiding from Russians and Chineese.

After thinking about this part of your comment I became a bit annoyed. The world condemns the U.S. for "sticking our noses into other people's business". Now you are condemning us for not sticking our nose into your business. My suggestion of blocking your country is exactly what we should do t

Re:

[RCL (891376)]

Well, there is a lot of (deluded) people in Russia, who still believe that our country is an equal rival to States, and who are strongly anti-US (actually they're hypocrites who would not reject US money/jobs, if offered). However, such people do not, in general, visit English language sites.

People who work abroad (usually in IT (or financial) industries) are much less conservative. I spoke for myself, not for the majority of my country, who have never met/talked to an American.

Re:

[RCL (891376)]

I don't know of cases where cybercriminals were saved by Russian government from Western investigators. There are some political cases, not involving cyber crime, though, but it is a highly controversial topic.

And about EU deadlines: I'm afraid I don't believe that Bulgaria and Romania really fulfilled the obligations. In some cases, it's impossible to fight corruption given the country current situation - Russia is such a case, and one of the reasons why is being "huge", as you mention. In order to be ef

Re:

[DiLLeMaN (324946)]

The EU has deadlines for new member states to get some things in order (corruption, law and even the macro economics) why can't a huge country like Russia to do the same

Because comparing a group of nations to one country which recently switched economic model and mindset from communism to "that free thing" is problematic at best.

Not saying that Russia gets a free pass because they had a bad childhood or something, but you can't compare it with Europe. I think their size is actually working *against* them, as well.

Government "vs" criminals?

[shutdown -p now (807394)]

But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'"

This assumes that "government" and "criminals" in Russia isn't the same thing. Which hasn't been true for, oh, ever since Yeltsin first came to power (and actually even a bit before then).

Who's to say those keyloggers aren't there with tacit acceptance and even encouragement of the guys higher up, as a useful surveillance tool that doesn't need any laws or warrants, and for which the government can only deny any responsibility?

Re:

[tetromino (807969)]

Suppose you are right, and that some of these criminals are sharing the results of their keylogging with a crooked FSB officer.

What possible benefit would the FSB guy get from this information? What's he going to do with 10,000 passwords from random IP addresses from all over the country? Print them out, use them as a wall decoration?

What the FSB guy needs is the password for ONE specific account for ONE specific person - say, the email address of a prominent businessman or an opposition figure. Rather than

Re:

[shutdown -p now (807394)]

What the FSB guy needs is the password for ONE specific account for ONE specific person - say, the email address of a prominent businessman or an opposition figure. Rather than going through a phisher and hoping that after N years, somewhere in the results the right password would turn up, it would make much more sense for the FSB guy to go through the usual channels (enter the premises and install a hardware keylogger, make the ISP log the suspect's packets, and so forth).

You missed my point. Of course the FSB guys don't need to log everything on everyone! But I'm sure it comforts them to know that when they need to log someone, chances are high, he has a keylogger and all that already - and they know where to go to get access to it.

Just tell me...

[bitrex (859228)]

But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?

I don't come to Slashdot for these kind of thought-provoking rhetorical questions about ethical and legal gray areas! Just tell me who the goodies and the baddies are! Go USA hacker-hunters, wooo!

Re:

[martin-boundary (547041)]

Just tell me who the goodies and the baddies are! Go USA hacker-hunters, wooo!

I'm sorry to disappoint you, but the baddies are in the USA.

No wait, you're American? In that case, the baddies are in the rest of the world.

Had a similar experience myself

[TheModelEskimo (968202)]

When I used to live in Russia, there was this incredibly gifted computer hacker who lived in the flat above me. He used to charge my mother and I about half a day's pay just to come back into the flat at night, because he was able to cyber-electronically control the entries to the building.
We would sit at work all day, not worried about the industrial chemicals we were breathing so much as this new, digital threat that went beyond our powers of imagination. Though we were strong physically, and even had local mafia connections of our own, this man with the thick eyeglasses, tight jeans, and a sort of mangy, even putrid smell about him, held our lives for ransom with nothing but a few keystrokes and some Zholz Cola.

Sorry, just kidding...I never lived in Russia. But the whole idea of this article seems a bit funny to me.

no update for Windows, or "bad" people in the East

[Max_W (812974)]

A lot of computers in Russia run cracked version of Windows. I do not know the exact figure, but I would think 99%. A CD with a cracked Windows, PhotoShop, AutoCad, etc. costs about USD 3.- at a street market. The same is for other countries of the FSU.

So what is installed from these CDs is anybody's guess. No need even to infect, a hidden program may come right from an installation CD. The groups that crack Windows sometimes even write their own copyright notice on CDs.

The disk with an authentic Windows is possible to buy only in large cities. Very few shops sell authentic Windows DVD, as they seem to be too expensive for majority of users. I could find out and buy there only a "gray" OEM Windows Vista Russian version for an equivalent of several hundred USD.

No need to say that these Windows installations do not update via Windows update. WTO makes Russian government to fight cracked software. So sometimes militiamen come to the places, where cracked software is sold and break DVDs and CDs. Then these markets just move into more obscure places.

So what have we got? Millions and millions of PCs, which run OS that cannot be patched or updated. So, guess what, these millions PCs neither patched, not updated.

Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.

Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?

It is easy to blame people in Eastern Europe for being of criminal persuasion, but for an average PC user in that parts there is absolutely no choice. Even if someone wants to buy the legal OS or software there are no shops which sell such, but the cracked soft is sold on every corner. Why is it so easy to crack by the way, if there is strong encryption around?

So someone imposed the worldwide OS monopoly of easily cracked software via convoluted drivers policies. The cracked versions of this software are easily infected as they do not update. Hundreds of millions of PCs run this s*** and the blame is on the Russian government and "bad" people of the East, of course.

Re:

[Max_W (812974)]

By the way, these DDoS attacks coming from the IPs in Russia and FSU could be originated from anywhere. Because the PCs in these parts, which run non-updateable non-patchable Windows, are easy prey for any malicious individual or group around the world.

What I mean is that this problem is of a commercial origin, non political. In the past even cracked versions of Windows could be updated via Windows update, but now there is the authenticity check. And if the OS is not authentic - highway.

Windows was made

Re:

[somenickname (1270442)]

Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.

Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?

If the government were actually interested in fixing this situation they could:

1) Create their own linux distro and mandate that the government use it. They have already said they want to do this and it was previously discussed on Slashdot.

2) Pass a law that says no new computer can be sold without a legitimate operating system on it (It doesn't matter if it's Windows, Russian Linux, OSX. It just must be a legal copy). More importantly, enforce the law. This should at least get most or all new computers

Re:no update for Windows, or "bad" people in the E

[wumpus188 (657540)]

It's not that hard to fool Genuine Windows validation and keep Windows patched (on XP, at least - all that required is patched version of LegitCheckControl.dll which is easy to find). My guess is that most of these pirated XP disks already have validation cracked and latest service packs installed.

The problem is inherent to Windows itself - legit or not, cracked ot original, some day your Windows PC is going to be 0wn3d.

Re:no update for Windows, or "bad" people in the E

[Archon-X (264195)]

I don't know anything about your background or travels, but I find the picture that you paint of russia contrasts strongly with that of what I've seen.

Bear in mind that Moscow has been the world's most expensive city to live in for multiple consecutive years now [ 1 [cnn.com] 2 [smh.com.au] ]

What you seem to be regurgitating in your post is rhetoric, which you've taken it upon yourself to extrapolate wildly.

There are multiple vectors for disassembling your post, but the most obvious ones are:

So what have we got? Millions and millions of PCs, which run OS that cannot be patched or updated. So, guess what, these millions PCs neither patched, not updated.

The last check of google reports over 194,000 hits for WGA cracks [3 [google.com.au]].

I'd love to see the data behind your bold claim, in which you plead ignorance, but continue to fabricate 'statistics'.

A lot of computers in Russia run cracked version of Windows. I do not know the exact figure, but I would think 99%.

On a closing note, I'm amazed noone else has yet flamed you for posting:

When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.

Maybe you should do some research in general, and pay a visit to distrowatch...

Re:

[Max_W (812974)]

I lived in Russia for 17 years, even more in Ukraine. Now I work in the West. I do not have exact figures, but I am convinced that the figure should be close to 100% of cracked Windows installations.

Most of these PCs are not updated due to the relatively recent Windows authenticity check. The most widespread browser is still IE6(!) in the RuNet.

Anybody, anybody, can install and run bots on these PCs. I do not exclude that these cyber attacks are carried out from Russian IPs by people who want to make ba

Re:

[gad_zuki! (70830)]

No need to say that these Windows installations do not update via Windows update.

Automatic updates works on these machines, just not through the website.

Re:

[Max_W (812974)]

What do you mean I paid for cracked Windows? The CDs with cracked Windows and other soft are being sold in millions of copies right now.

The computers, which run these non-updateable non-patchable cracked OSs, can be used by about any criminal group or any intelligence service, who manage to install an exe with a spy software. What is not that difficult snce there are vulnerabilities, which are, well, not patched. I think the PCs in the FSU is the "playground" for many international criminal groups and int

huh

[khallow (566160)]

I was originally going to observe that I couldn't see how you could possibly "shame" Russia into doing anything. But that observation holds for all governments. The concept of the title just won't work. Government cannot be shamed.

Follow The Money

[b4upoo (166390)]

Some Russian hackers will not be touched as long as they are bringing foreign money home to Russia.
Phone sales used to work like that in Florida. Crooked companies called all over America from Florida bases. It was a huge industry employing tens of thousands in the Miami, Ft. Lauderdale area. As long as cash was being brought into Florida law enforcement wouldn't touch these criminals. These companies had an absolute rule about never selling anything within t

Russia is in the "big four" bulletproof hosting

[v1 (525388)]

From Wikipedia [wikipedia.org], Bulletproof hosting (sometimes known as 'bulk-friendly' hosting) is a service provided by domain hosts which allows their customer considerable leniency in the kinds of material they may upload. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.[1]
Many service providers have Terms of Service that do not allow certain materials to be uploaded, or the service to be used in a particular way, and may suspend a hosting account, after a few compl

Re:

[rel4x (783238)]

That has been true in the past, but nowadays it's largely "fast flux" hosting. Essentially just botnets where the name servers/web host change every X interval, so nothing can get shut down. If you tried, by the time you got off hold with the ISP and talked to a real human the website would be hosted elsewhere.

ha ha

[TrueRecord (1101681)]

US authorities simply aren't getting the cooperation they need

"US authorities" are not authority and suck.

Did "US authorities" ever wonder what the rest of the world needs?

Fix your typo: Cymru, not Cyrmu

[whitroth (9367)]

Unless you feel like living in the Untied Snakes of Aremica

      mark

Re:

[Cassius Corodes (1084513)]

Hah, I like how you have a faint glimpse of history but lack the intelligence to really grasp the magnitude of it.

Re:

[ShadowRangerRIT (1301549)]

You do realize that the missile defense system is a joke, right? Particularly if you actually expect it to be able to stop a Russian nuclear attack. Agreeing not to deploy an expensive and useless system to prevent another country from actually getting nuclear weapons is a great idea. We save money, give up nothing of consequence, and maybe prevent Iran from acquiring nukes.

Re:

[RCL (891376)]

The Internet will fragment itself into pieces. See the history of IRC and how it all ended for the network.

Luckily, you actually cannot cut us (I'm Russian) off, nor you can do anything to prevent this large population (1,5 bln people: Russia and China combined) from using computers, joining networks and/or cracking the software. Just think how hard Chineese government tries to cut off its people from outside world and how badly it fails.

China calls in its credit?

[SmallFurryCreature (593017)]

The US is in depth, the last thing it needs right now is to upset China who it owns money too, or Russia that could easily start up another arms race.

The US already has more then enough foreign wars to deal with as it is, it does NOT need cold war 2.0

Re:

[maxume (22995)]

If China tried to call in its credit, it would get lots of nice green paper, and a polite invitation not to do business in the U.S. anymore.

It would be tough for the U.S. to deal with (anything that China produces a lot of would suddenly get more expensive; good thing they don't provide all that much food, energy or basic material...), but it would be disastrous for China (the stability of the country depends on the government providing economic growth and opportunity).

Re:

[Daimanta (1140543)]

MOre like:

In Soviet Russia, if you try to shame the goverment, they will disappear YOU!

Re:

[John Hasler (414242)]

Traditional ethnic organized crime hits mostly people of their own ethnicity because their neighbors are conveniently close at hand. Online, though, it's just as easy to hit an EUian as a neighbor. Even if Russians are hit with the same probability as anyone in the world the result is a net positive cash flow into Russia.

Re:

[AHuxley (892839)]

In Capitalist west Russian bring Topol M* plans to you.
In Capitalist Russia Topol M protects you.
*recent intercontinental ballistic missile

Re:

[Elektroschock (659467)]

And why should Russia waste its own law enforcement resources to please American corporations? Rather it tries to make Russia independent from foreign extortion such as dependency on proprietary software. You don't have to become a Stallmanist [facebook.com] to understand that the current copyright system benefits US media corporations and works against the interests of artists.