Cybercrime in Russia

Jul 14, 2011

By Jarrod Rifkind

Cybercrime is a growing problem for the international community.  The lack of attention given to cybercrime currently can be attributed to the priority given to “cyber” as a military domain.  Over the past decade, cybercrime has caused companies around the world to lose millions, if not billions, of dollars.  These criminal acts are unlikely to diminish in the future.   This can be attributed to the many decentralized, yet organized, groups of technologically skilled individuals that operate internationally.  These organizations are considered to be the primary sources of spyware and malware globally.  Groups within Russia and China are believed to be the source of over 50 percent of these types of malicious software and code.  Russia, specifically, has played host to a number cyber criminal groups. The Russian Business Network (RBN) is one of the most well-known cybercrime groups internationally.  Organizations like the RBN are able to thrive because of the poor economic conditions in the countries in which they operate, their lack of hierarchical organization, and the international nature of the technology they use.

Statistical context:
Global computer crime market turnover = $7 billion
Share of cybercriminals living in Russia = $1.3 billion
Cybercriminals from Russian speaking countries = $2.5 billion

Many believe that poor economic conditions in Russia have contributed to the rise of cybercrime groups.  According to a document  released CERT-LEXSI, the technology industry in Russia only employs 10% of new job candidates every year, and the overabundance of candidates has lowered the salaries of those who are offered jobs.  The paper goes on to say that compared to employees in other Eastern European countries with salaries around 2,500 Euros, Russian technology industry employees have been making closer to 800 Euros (2006 numbers).  Several sources have also attributed the disbanding of the Federal Agency for Government Communications and Information (FAPSI) to the growth and strength of cybercrime organizations in Russia.  After FAPSI disbanded in 2003, many of the employees were recruited by hacker groups, while others joined the Russian security service successor of the KGB, the FSB.  Thus, these underground organizations have members that are financially needy, know ways to use computers maliciously, and often have contacts within the government that protect them and sometimes use them for their own ends.

Most of these criminal organizations in Russia make money by selling cyber “goods” on websites they host.  The items for sale range from botnets used for DDoS attacks to Trojans programmed to attack a specific target.  The groups with these types of websites make thousands, if not millions, of dollars over the course of a year.  According to a document  released by Group-IB, botnets sold on these sites can be used for DDoS attacks and are priced anywhere between 70-500 US dollars.  This large spread in prices is attributed to varying degrees of effectiveness, the quality of the DDoS-services, and the complexity of the mission.  Organizations sell these types of goods and services to continue their operations, and they will continue to exist as long as there is a demand for their services.

One of the most well-known and prominent cybercrime organizations in Russia is the Russian Business Network (RBN).  A Newsweek article describes the group as a shadowy cyberstructure reported to have sold hacking tools and software for accessing U.S. government systems.   Although it disappeared after increased pressure from U.S. and Russian law enforcement, evidence has come to light hinting at the group simply redefining its operations and working off of servers in several countries around the world.  The group has been able to host websites for criminal organizations that want to carry out their own attacks or sell malware, spyware, and botnets to others with similar goals.  It has also made most of its money from spam, child porn, online casinos, phishing scams, fake anti-spyware and anti-virus, and Internet pharmacies.  The technology and international nature of computer networks has allowed organizations like the RBN to adapt, relocate, and survive.  It doesn’t hurt that they operate in countries in which they have ties to powerful government officials who turn a blind eye to and oftentimes profit from their illegal activities. 

The RBN is an example of how Russian cybercrime is not synonymous with traditional conceptions of organized crime.  Although the Russian mafia is probably involved in certain types of cybercrime, the groups that worry Russian and U.S. law enforcement the most appear to be ones comprised of technologically savvy criminals who use the Internet to make profits from products they sell on their own “black markets” or from blackmail. They are organized to the extent that they work together for mutual financial gain or at the behest of the Russian government.  These do not have to be mutually exclusive.  Based on the types of people joining these groups, it is difficult to assert that they are organized according to a hierarchy like other known criminal organizations.   The horizontal network structure of these types of organizations is what will likely make them difficult to remove in the long-run.

There are a number of potential solutions to this international cybercrime problem.  One of the greatest hindrances to deterring global cybercrime is the lack of international law governing the actions states must take against criminal organizations operating within their borders.  Without discussions and actions taken by the international community on cybercrime, groups like the RBN will continue to operate in countries that are not held responsible for their actions.  Some effort has been made on the part of the Russian government to facilitate dialogue between its law enforcement agencies and those in the United States.  They have been working together to target organizations responsible for selling malware and spyware online, but this cooperation must be strengthened in the future.  Lastly, countries like Russia must hold their officials accountable when they choose to associate with groups like the RBN.   Corruption is a problem that Russia has faced throughout its long and tumultuous history.   With these prescriptions in mind, Russia will likely become more willing to deter and remove criminal organizations in the future as it becomes more internationally engaged on and domestically aware of the international legal implications of global cybercrime.