The Story of the tech.net.ru Crackers

tabdelgawad writes "The Washington Post is running a three-part story (Part 1, Part 2, and Part 3) detailing the events of the arrest of the two Russian crackers, Vasiliy Gorshkov and Alexey Ivanov, from a couple of years ago (See also Previous Slashdot Story 1 and 2). The writeup is light on technical details, but includes fascinating information about the crackers' socioeconomic conditions and motivations, as well as the competence and effectiveness of the FBI in combatting cybercrime."

What about not stealing?

[POds]

Say, instead of stealing credit card number or anything at all, they just left evidence on the computer that they were there (like they did).

Could they still have been prosequted, or would anyone ever have bothered to bring it this far?

Sounds like these guys could have made a business out of it, if only it was done right (not that im suggesting my suggestion was right :)).

Re:interesting paper

Note that the US didn't make the list either, "because [US-based attacks] constituted such a large portion of the dataset"...

My favorite quote for the lazy :

[aepervius]

U.S.-based attacks triggered nearly half (49%) of all the events in the 4th quarter. The U.S.-based events were not included in this study because they constituted such a large portion of the dataset and because the main focus of the study was on socioeconomic, political, and geographic patterns in the data. In order to better understand and predict the sources and nature of future attacks, data was col- lected and parsed for non-U.S. originating events.

In other word, if you want to stop piracy and hacking, shut down the most [cyber]terrorist country : ther U.S.

Not so black and white....

[pragueexpat]

I've been reading this story with interest, since I'm American, currently living in Prague, and recently visited Ukraine (OK, not Russia, but economically similar). The mafia is all over that place, and I have no doubt that these kids were being hassled for "protection money". Many homes in Russia do not even have hot water, so you can't think of this place as you would a western democracy - the people do anything to survive. Now, of course, this is no excuse for criminal behavior. However, I keep thinking - isn't it better that these guys are finding the cracks in your system and telling you about them, instead of just stealing all the credit card info and causing much more damage to your business in bad publicity and pissing off customers? This is really a catch-22. As a business owner, of course I don't want to encourage blackmail. But having vulnerabilities on your business site is YOUR problem and its better that you're told about them before someone else takes advantage. I would rather pay someone and find out about vulnerabilities than have someone else steal all my info and ruin my business reputation. Of course, these guys could just keep coming back for more money every month if they already have my CC#s and info. In that case, your server's vulnerability has cost you big time. Sorry, I don't have a good answer to this, but let's not let the business owners off the hook because they are being blackmailed from people who found mistakes in THEIR OWN servers. To sum up: Blackmail=BAD, businesses that don't secure their systems=ALSO BAD.