Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Home to Some of History's Most Notorious Hacks
Russian hackers have been behind some of the most audacious cybercrimes ever reported. Mathematician and computer specialist Vladimir Levin from St. Petersburg was nabbed in 1995 and sentenced to three years in a Florida prison in 1997 for hacking into Citibank's computers and electronically transferring around $10 million out of the bank's accounts. To this day, no one knows exactly how he broke into the bank's system.
In 1999, Russian hackers were credited with disrupting NATO and U.S. government Web sites.
In 2000, Vasiliy Gorshkov and Alexey Ivanov were lured to the U.S. by Federal Bureau of Investigation agents and later arrested. Gorshkov was sentenced to three years in prison and given a $700,000 fine after he was convicted on 20 counts of conspiracy, fraud, and other related computer crimes. The pair admitted hacking into the computers of U.S. companies to steal credit card information and other personal financial data and then extort money from the victims by threatening to expose that information to the public on the Internet or to damage the companies' computers.
A gang of computer hackers, headed by a 63-year-old pensioner, was arrested by Russian police in 2001. The former computer programmer for a Moscow institute was apparently bitter over receiving no royalties from his work. So he teamed up with a former policeman and three others to steal the details of credit cards from individuals in the U.S. and Europe and use them to make online purchases. The gang then channeled their income back to Moscow through a bogus Internet site they had created, which sold useless information about timber in Russia.
Uneven Enforcement
Hacking is illegal in Russia, just as it is in the U.S. Enforcement, however, is where the two countries differ. In Russia, hacking is sometimes more akin to a getting a parking ticket than a serious felony--something that on paper is wrong but not morally reprehensible, according to Timofey Saitarly, project administrator at the Ukrainian Computer Crime Research Center.
"Young people often hack expensive foreign software because they can't afford it," he says. "Some of the software costs as much as they make in an entire month or even more."
Sergey Bratus, a research associate at the Institute for Security Technologies Studies at Dartmouth College in Hanover, New Hampshire, has a similar opinion. "A huge problem in Russia, particularly Moscow, is violent crime," she says. "Compared to this, small-time computer crime doesn't seem to be a big issue to society. Hackers aren't making the streets unsafe."
Local investigations also are hampered because authorities cite other, higher priorities. That means many hackers are able to operate in what are essentially safe havens. And in an interconnected world like the Internet, a few safe havens are all that is needed to wreak havoc on every country.
"I know of no hackers being imprisoned in Russia," says Kaspersky's Gostev. "Law enforcement officials don't seem to be taking any real major action maybe because none of this hacking has been directed at Russian companies or organizations. They seem to be more interested in protecting national security."
The Russian government has several groups hunting cybercriminals. The Ministry of Internal Affairs, for instant, has a special task force dubbed "the spider group." And there is a unit within the Federal Security Services, the successor to the Soviet Union's KGB. How effective they are, particularly when a crime extends beyond their borders, is unclear.
"It is one thing to criminalize the creation of viruses," says Gus Hosein, senior fellow at The London School of Economics and Political Science. "It is another to investigate the means through which viruses are propagated in the hope to trace it back to its origin."
Joint Investigations
Such investigations, according to Hosein, would require access to traffic data at ISPs throughout the world. So what about a virus that emerges in the U.S., but is traced back to Russia? Who would do the tracing?
If Russia, for example, were to take the lead, how would U.S. ISPs or those in other countries know that a Russian request for traffic data is "for the investigation of a virus trail or to track the dissemination of information regarding Chechnya?" Hosein says. "The point is that policies will be developed to enhance the investigation of viruses in order to trace virus makers and other perpetrators of cybercrimes, only to see those same powers used for different purposes, such as pursuing copyright crime and 'indecent' communications."
Add to that the global approach virus writers are now taking to make their assaults even more difficult to track. "We are monitoring virus incidents whereby writers operating in country A launch a virus in country B to infect computers in country C," says Mikko Hyppü??nen, director of antivirus research at F-Secure in Helsinki. "It's hard to prosecute offenders especially when laws are nonexistent in many of the countries that these guys are using to launch their virus attacks."
International law is often ill-suited to deal with the problem, with conflicting views on what constitutes cybercrime, how--or if--perpetrators should be punished and how national borders should be applied to a medium that is essentially borderless.
"What is needed is the ability to extradite," says Mi2g's Matai. "But this is not easy because of the anonymous nature of organized crime--it's very difficult to pin down who actually committed a crime--and because individuals who are caught committing a crime in one country may not have any laws against that crime in their own country."
Going Global
Efforts to establish global cybercrime laws exist. London School's Hosein points to the Council of Europe convention on cybercrime, a treaty signed in November 2001 that calls on countries to harmonize their laws on and investigative powers of all illegal behavior, including hacking and child pornography, and to ensure international cooperation in investigations. But Hosein warns that as countries adopt the convention into national law, many tend to go further than necessary in order to expand their powers.
Some experts are in favor of establishing a special global cybercrime task force, similar to the Interpol international police network. "We just need to copy the Interpol structure for traditional crime, make some slight changes and establish cooperative programs," Gostev says.
In the absence of a global Net cop, Microsoft has been offering Wild West-like bounties to catch cybercriminals. But one former virus writer in the Czech Republic dismisses the bounty as a marketing tactic, saying it will have no deterrent effect. "For Microsoft, it's just another excuse for their buggy software," Benny says in an e-mail. "It's only about marketing."
Security experts believe the best way to curb cybercrime is for each and every user to make sure his o front door is securely locked.
"A due diligence approach is required to help fight off this new wave of cybercrime," says iDefense's Dunham. "Everyone must take responsibility for helping to harden computers against attack, from the end user to the CEO of a large corporation."
