Shaming Russia Into Action On Cyber Crime

krebsatwpost writes "The Washington Post ran a piece earlier this week that confronts the myth that cyber criminal gangs in Russia and Eastern Europe avoid attacking their own, pointing to numerous examples of late that counter this common misconception. The story draws on data from Team Cyrmu about distributed denial-of-service attacks (DDoS) that target Russian and E. European organizations, intel from McAfee about Russian banks and federal agencies that appear to be under control over cyber gangs there, and tens of gigabytes of data stolen via keyloggers that disproportionately impact Russian systems, including that of a top Gazprom official. The piece begins: 'If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that US authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'"

Re:Shortsighted if true

[Jurily]

There are a few problems that really will go away if you ignore them. This doesn't sound like one of those.

Given the law enforcement culture of the Russians, I don't see how it would matter either way.

I hate to say this.

[paganizer]

I really hate to say this. Because I'm a big hater of big government, I support Freenet 0.5, anonymity and privacy.
But things are a little TOO free in Belarus and some of the other Ex-soviet states when it comes to Child Pornography; when you have plain old unsecured websites with for-pay preteen sex shows that have been operating for years without problems, something is WRONG.

Blackhole all of Russia

[rossz]

Seriously. If they won't deal with the cyber crime and if the majority of cyber crime originates there, give the Russian government a deadline to get their asses in gear or they will be blocked. Getting this done on the backbone might be problematic, but not impossible.

I've already blocked all of Russia and China from accessing my servers because of too many problems from those countries.

Re:Blackhole all of Russia

[RCL]

I don't know of cases where cybercriminals were saved by Russian government from Western investigators. There are some political cases, not involving cyber crime, though, but it is a highly controversial topic.

And about EU deadlines: I'm afraid I don't believe that Bulgaria and Romania really fulfilled the obligations. In some cases, it's impossible to fight corruption given the country current situation - Russia is such a case, and one of the reasons why is being "huge", as you mention. In order to be effectively managed, Russia should be split into smaller independent states of the same language and culture which would later re-unite (something like US model). Russia is formally a federation, but really it's a feudal state with a single (but highly dependent on his leutenants) king.

Anyway, breaking Russia into parts is utopia and only few percent of my fellow countrymen (Russians) would agree with me, because it effectively means bringing Russia into a civil war and "wild west" way of life for some moment. So there's no easy solution to fight corruption and unlawfullness.

Re:Blackhole all of Russia

[DiLLeMaN]

The EU has deadlines for new member states to get some things in order (corruption, law and even the macro economics) why can't a huge country like Russia to do the same

Because comparing a group of nations to one country which recently switched economic model and mindset from communism to "that free thing" is problematic at best.

Not saying that Russia gets a free pass because they had a bad childhood or something, but you can't compare it with Europe. I think their size is actually working *against* them, as well.

When is the USA going to tackle cyber crime

USA still the World's leading producer of spam, why do the USA government do so little about it. Are they being paid off or is there a more sinister motive for their compliance with the criminals ?

Re:no update for Windows, or "bad" people in the E

[Max_W]

By the way, these DDoS attacks coming from the IPs in Russia and FSU could be originated from anywhere. Because the PCs in these parts, which run non-updateable non-patchable Windows, are easy prey for any malicious individual or group around the world.

What I mean is that this problem is of a commercial origin, non political. In the past even cracked versions of Windows could be updated via Windows update, but now there is the authenticity check. And if the OS is not authentic - highway.

Windows was made on purpose to be easily crackable and was updated in those years to make it spread around the world. Now they stopped updating the cracked OS installations, in hope that people like me, who need a PC for work, will search and buy the authentic Windows DVD. Bu it left a huge immense base of un-patched PCs.

This is the real origin of this problem.

Re:no update for Windows, or "bad" people in the E

[somenickname]

Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.

Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?

If the government were actually interested in fixing this situation they could:

1) Create their own linux distro and mandate that the government use it. They have already said they want to do this and it was previously discussed on Slashdot.

2) Pass a law that says no new computer can be sold without a legitimate operating system on it (It doesn't matter if it's Windows, Russian Linux, OSX. It just must be a legal copy). More importantly, enforce the law. This should at least get most or all new computers pre-installed with the Russian OS just to comply with the law.

3) Refuse to let hardware vendors sell a product in Russia if it doesn't work out of the box or have a verified driver for Russian Linux on the installation CD. Linux generally has better hardware support than Windows these days so, this really isn't too onerous of a requirement on hardware vendors.

I'm probably over simplifying but, normal people don't care about their operating system. They want a button to click that connects to the magical "linksys" wifi network, an icon that says Internet under it and an icon that says Office under it. If you give them those three things, there is little chance they will notice the difference and probably less chance that will care enough to "fix" it with a Windows install. Though, they may start to get a little suspicious when they don't have to re-install every 3 months because, "it's going slow".

Re:Widespread blackouts from Moscow?

[smoker2]

Gary McKinnon isn't really a hacker. Most of his transgressions are accounted for by pinging certain US govt IPs looking for open RDP ports, and he got in because they weren't passworded. Apparently this accounts for in excess of $800,000 in damage to their systems. He also related how he used to regularly "bump into" other "hackers" while cruising those systems. He only got caught because he was using a system one day, and the real user saw his mouse moving. McKinnon pretended to be doing a security audit and left quickly. That $800,000 is to cover red faces more than anything. Shame on the UK for turning him over. Up to 70 years in jail for that ? "The US military alleges that Mr McKinnon caused $800,000 of damage and left 300 computers at a US Navy weapons station unusable immediately after the September 11, 2001, terror attacks." I mean, puhlease. Can you make that any more emotionally convicting ?

And we wonder why people are being sued for url traversal. (if you leave it accessible, don't bitch when people access it)

ha ha

[TrueRecord]

US authorities simply aren't getting the cooperation they need

"US authorities" are not authority and suck.

Did "US authorities" ever wonder what the rest of the world needs?

Re:Shortsighted if true

[RCL]

In general, yes. Better economical situation makes law system stronger. Poor economical conditions are likely to result in mafia and other informal structures with their own (usually more complicated and brutal) laws.

That's not something specific to Russia.

Fix your typo: Cymru, not Cyrmu

[whitroth]

Unless you feel like living in the Untied Snakes of Aremica

      mark