Russian Cybercrime: Geeks, Not Gangsters

When people think of cyber-crime, the typical image being pushed today is that of highly organised criminal operations. New research, however, suggests the underbelly of cyber-space may be less Mafia-like than some think.

The exploits of russian cyber-criminals are widely reported. For instance, a checque scam was exposed at last month’s Black Hat event, and last year, it was alleged at the RSA show in London, that  network provider the Russian Businesss Network, was aided by both Internet registrars and the Russian Police.

Scanning the forums

In an effort to improve the level of understanding of today’s black hats, security researchers Fyodor Yarochkin and “The Grugq” have spent several months looking at Russian hacker forums.

“It is an ongoing project that we started about 18 months ago,” Grugq told eWEEK. “Originally it started when Fyodor investigated some service offerings from Russian hacker forums for a specific project that I was working on. It turned out to be extremely interesting and amusing, so we discussed doing more long-term monitoring on the forums. It grew from there into what is now a continuous monitoring program.” Their research was presented last month at the Hack in the Box 2010 conference in Amsterdam.

Geeks not gangsters

What the two found was that the image of a highly organised cyber-underworld run by hardcore criminals is not the order of the day. Instead, the dozen or so hacker forums they analysed illustrated that many of the users are “geeks, not gangsters,” the researchers said.

“Basically, from what we’ve seen on the forums much of what goes on with the sales of services is much more petty criminal activity, or crimes of opportunity,” Grugq said. “Often poor students who like to hack for fun will sell access to a server they’ve owned. Many don’t even realise that this is an illegal activity. This sale will be for $20 or $30 (£!3 or £19), which is a lot of money for a poor student in Russia, but for a hardened criminal mastermind bent on destroying Western civilization — not so much.”

Similarly, many of the sales of stolen assets tend to be at a very low price point, Yarochkin said. Even a distributed denial of service attack only costs $80  (£51.50) a day to carry out, he added.

“These are not prices that are attractive to serious criminals,” he said.

“In terms of percentage, there’d be two to three guys working on stuff professionally, versus 10 to 20 hobbyists,” he continued. “Most of the activity is essentially petty criminal activity where guys are trying to make a little extra cash on the side. You can think of it as a self-organising hierarchical system with needs and people able to provide goods and services to satisfy the needs.”