Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] E-Soeldner aus Russland - Jane´s -

--------------------------- ListBot Sponsor --------------------------
Great prices on everyday items.  Find beautiful jewelry and fashion
essentials for men, women and children at eBayTM.  With over six
million items for sale everyday, youre bound to find what youre
for - probably at a lower price too!

Ich habe es noch nicht gelesen. Ist das ein Hype? Jane´s ist ja sonst
sehr gut informiert. Ralf

Russian hackers for hire: the rise of the e-mercenary 
By Ruth Alvey, Jane's Intelligence Review, 7/30/2001
No URL available.

HIGHLIGHT: The underemployment of highly skilled Russian hackers has
increased the danger that intelligence agencies or criminal
organisations will employ them for more sinister activities. Ruth Alvey
BODY:  In April 2001, the Russian newspaper Moskovsky Komsomolets
reported that the US embassy in Moscow had attempted to recruit a
Russian hacker, known as 'Verse', to secretly collaborate "in the
interests of American intelligence services against the Russian

The Russian Federal Security Service (Federalnaya Sluzhba Bezopasnosti -
FSB) subsequently issued a statement alleging that 'Verse' was
introduced via the internet to William Smith, a retired US Air Force
colonel. 'Verse' was given a codename and instructions on how to
communicate with the US authorities. He was then instructed to hack into
the FSB central servers to create programs to conduct electronic
surveillance, while also selecting hackers to help him in his task of
finding and copying databases that would interest the USA and destroying
others. Rather than complete his mission, 'Verse' apparently confessed
all to the FSB and the espionage plot was uncovered.

This may be an example of FSB propaganda, but there is no doubt that the
wealth of computer expertise and hackers in Russia mean that events like
this can occur. The damage a single Russian hacker could inflict was
demonstrated in the case of Citibank, where US$10 million was stolen. If
an individual could be this successful, there is ultimately the
potential of even greater danger from hackers with a more sinister
motivation and support from powerful groups. 
Cybercrime in Russia has been growing rapidly in recent years: 1,375
crimes were registered in the high technology field in 2000, a growth of
18% from 1999. This is particularly worrying as only 4.5% of the Russian
population are connected to the Internet compared to connectivity rates
in the USA of 49.1%. Conservative estimates suggest that there are
between 250 and 500 hackers in Russia today, with 15-20 hackers
available for hire in Moscow, and around 10 in St. Petersburg. However,
Hacker magazine sells 30,000 copies in Russia monthly, and 1,605
Russians participated in a single hacking competition on a Russian
website: last year, suggesting that the actual number is
much higher.

A Gallop media survey conducted in 1999 found that 73% of Russian
internet users are men and 63% are aged between 16 and 34.
discovered that 63% of all users are either students, or white-collar
workers and two-thirds of internet users have a higher education. Thus
the average Russian hacker is a young male who is either a technically
skilled professional or within the education system, as confirmed by the
concentration of cybercrimes in the past 20 years at primary scientific
research centres including Moscow, Novosibirsk, Zelenograd, and St.

Underemployment in the 1990s has meant that there have been fewer
opportunities for the technically skilled to use their talents within
Russia, leading some to provide their talents to interested parties for
a price. This problem was exacerbated by the economic crash of 1998 when
the Aladdin Software Security Company estimated that only 50% of Russian
software companies would survive the impact. It was later reported by
The Moscow Times that the crash increased cybercrime activity.

With a growing pool of technical talent becoming available for hire,
Russia's legitimate 'offshore programming sector' is growing at between
40 to 60% annually. As Russia is recognised as a prime site for
contracting expertise, businesses and governments are involved in
promoting education and skill development within Russia. Motorola works
with higher education institutes and runs courses including hi-tech
programming and IT skills. The US government has invested $500,000 in a
centre to train specialists in e-commerce and to help the development of
small and medium-sized companies. If computer experts are hired and
trained by Western businesses, it is not surprising that intelligence
agencies and organised crime groups may look to exploit this expertise
for their own advantage, particularly when the cost can be as little as
$100 a time, according to a Moscow hacker.

The collusion of the secret services with hackers may not seem
surprising, as hacking can provide a more anonymous form of espionage
with less likelihood of being caught. Foreign espionage by Russia via
the internet began as early as 1985 when the Committee for State
Security (Komitet Gosudarstvennoi Bezopasnosti - KGB) is known to have
paid an East German hacker, Markus Hess, to penetrate the systems of US
defence agencies in the case of the 'Cuckoo's Egg'. Hess persistently
sought unclassified but sensitive information from the agencies and
gained access to Milnet, the computer network of the armed forces,
through university research servers.

A similar example of Russian espionage was the 'Moonlight Maze' case of
1999, when hackers broke into the Pentagon's computer system accessing
'sensitive information about essential defence technical research
matters'. Although the stolen information was not top secret it would be
invaluable to foreign governments, terrorist groups, and private
companies, as the networks hold information on military logistics,
planning, payrolls, purchases, personnel, and routine Pentagon e-mails
between the departments. The most sophisticated attacks in this case
came from servers 20 miles outside of Moscow and were eventually traced
to staff at the Russian Academy of Sciences laboratory, the country's
leading scientific research body, with links to thousands of senior
scientists at institutions and universities across the Federation. These
alleged examples of espionage were compounded by the presence of the
internet monitoring system SORM-2 and its requirement to route all
electronic information through FSB headquarters, suggesting that the
information acquired in the 'Moonlight Maze' case did fall into Russian
government hands.

At the Global Cybercrime Conference in 1998, Oleg Gordievsky, the former
London KGB section head, supported the existence of this form of Russian
espionage. "There are organised groups of hackers tied to the FSB and
pro-Chechen sites have been hacked into by such groups... One man I
know, who was caught committing a cybercrime, was given the choice of
either prison or co-operation with the FSB and he went along."

BBC reports in March 2001 suggested that the FSB used Russian hackers in
the campaign against Chechnya, threatening them with prison sentences if
they refused to co-operate. Sergei Pokrovsky, the editor of Khaker, a
hacking magazine, and Vasilyev, a convicted hacker and the head of the
Moscow Civil Hacking School, both confirm that Russian intelligence
agencies do employ hackers for foreign and domestic espionage. However,
as the US embassy case suggests, employing hackers from the former USSR
for espionage is not only limited to the Russian security services but
also extends to industrial espionage. Gordievsky claims that 12 of his
29 agents were communication experts who obtained, via the internet,
intelligence on the attitudes of banks towards Russia and industrial
development, conducting industrial espionage on the internet for the
benefit of the state.

Russian organised crime is similarly eager to use the hackers at its
disposal. Dmitriy Chepchugov, the Head of Department 'R', the high
technology crime branch of the Ministry of Internal Affairs, believes
that hacking is becoming an organised crime issue. The benefits to
organised crime are clear - IT improves the planning and information
channels of such groups allowing them to become more globally
co-ordinated. The internet adverts placed by organised crime groups in
Moscow, St. Petersburg, and Murmansk for computer programmers and the
arrest of large groups of hackers, particularly for their involvement in
financial crimes, suggest that use of hackers is increasingly prevalent.

These impressions were reinforced by the comments of Kuzjma Shalenkov,
the deputy chief of the main Economic Crime Fighting Directorate of the
Ministry of Internal Affairs (Ministerstvo Vnutrennikh Del - MVD). In
1998, Shalenkov claimed that joint law enforcement efforts had "stopped
the activities of an international organised criminal grouping which
specialised in the thefts of hard currency through illegal breaking and
entering into computer networks of foreign banks". Similarly, experts in
the Federal Bureau of Investigation's (FBI) System Administration,
Networking, and Security Institute reported the discovery of a team of
Russian and Ukrainian hackers that attacked 40 e-banking and e-commerce
sites over a period of a year from March 2000.

The Russian cyberpolice have discovered 12 online theft groups in
Moscow, and 20 people from such groups were put under investigation in
1999 for internet credit card fraud. Widespread online fraud suggests a
large organised group is needed to facilitate the crime.

The growing number of reports in the press about the use of Russian
hackers in espionage and criminal activity is ominous for the future.
While the Russian hackers remain underemployed and over- skilled, there
is always the danger that intelligence or criminal groups will employ
them under more arcane auspices.

Ruth Alvey is a research fellow at the 'Organised Russian and Eurasian
Crime Research Unit' at Keele University. 
GRAPHIC: Photograph 1, Oleg Gordievsky, the former London KGB section
head, supports allegations that the Russian secret services have
employed hackers against pro-Chechen websites. (Source: PA News)

To unsubscribe, write to infowar -
 de-unsubscribe -!
- listbot -