Slashdot Mirror
Shaming Russia Into Action On Cyber Crime
krebsatwpost writes "The Washington Post ran a piece earlier this week that confronts the myth that cyber criminal gangs in Russia and Eastern Europe avoid attacking their own, pointing to numerous examples of late that counter this common misconception. The story draws on data from Team Cyrmu about distributed denial-of-service attacks (DDoS) that target Russian and E. European organizations, intel from McAfee about Russian banks and federal agencies that appear to be under control over cyber gangs there, and tens of gigabytes of data stolen via keyloggers that disproportionately impact Russian systems, including that of a top Gazprom official. The piece begins: 'If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that US authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'"
There are a few problems that really will go away if you ignore them. This doesn't sound like one of those.
Given the law enforcement culture of the Russians, I don't see how it would matter either way.
I really hate to say this. Because I'm a big hater of big government, I support Freenet 0.5, anonymity and privacy.
But things are a little TOO free in Belarus and some of the other Ex-soviet states when it comes to Child Pornography; when you have plain old unsecured websites with for-pay preteen sex shows that have been operating for years without problems, something is WRONG.
Why, yes, I AM a Pagan Libertarian.
Seriously. If they won't deal with the cyber crime and if the majority of cyber crime originates there, give the Russian government a deadline to get their asses in gear or they will be blocked. Getting this done on the backbone might be problematic, but not impossible.
I've already blocked all of Russia and China from accessing my servers because of too many problems from those countries.
-- Will program for bandwidth
But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?
I don't come to Slashdot for these kind of thought-provoking rhetorical questions about ethical and legal gray areas! Just tell me who the goodies and the baddies are! Go USA hacker-hunters, wooo!
When I used to live in Russia, there was this incredibly gifted computer hacker who lived in the flat above me. He used to charge my mother and I about half a day's pay just to come back into the flat at night, because he was able to cyber-electronically control the entries to the building.
We would sit at work all day, not worried about the industrial chemicals we were breathing so much as this new, digital threat that went beyond our powers of imagination. Though we were strong physically, and even had local mafia connections of our own, this man with the thick eyeglasses, tight jeans, and a sort of mangy, even putrid smell about him, held our lives for ransom with nothing but a few keystrokes and some Zholz Cola.
Sorry, just kidding...I never lived in Russia. But the whole idea of this article seems a bit funny to me.
So what is installed from these CDs is anybody's guess. No need even to infect, a hidden program may come right from an installation CD. The groups that crack Windows sometimes even write their own copyright notice on CDs.
The disk with an authentic Windows is possible to buy only in large cities. Very few shops sell authentic Windows DVD, as they seem to be too expensive for majority of users. I could find out and buy there only a "gray" OEM Windows Vista Russian version for an equivalent of several hundred USD.
No need to say that these Windows installations do not update via Windows update. WTO makes Russian government to fight cracked software. So sometimes militiamen come to the places, where cracked software is sold and break DVDs and CDs. Then these markets just move into more obscure places.
So what have we got? Millions and millions of PCs, which run OS that cannot be patched or updated. So, guess what, these millions PCs neither patched, not updated.
Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.
Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?
It is easy to blame people in Eastern Europe for being of criminal persuasion, but for an average PC user in that parts there is absolutely no choice. Even if someone wants to buy the legal OS or software there are no shops which sell such, but the cracked soft is sold on every corner. Why is it so easy to crack by the way, if there is strong encryption around?
So someone imposed the worldwide OS monopoly of easily cracked software via convoluted drivers policies. The cracked versions of this software are easily infected as they do not update. Hundreds of millions of PCs run this s*** and the blame is on the Russian government and "bad" people of the East, of course.
What I mean is that this problem is of a commercial origin, non political. In the past even cracked versions of Windows could be updated via Windows update, but now there is the authenticity check. And if the OS is not authentic - highway.
Windows was made on purpose to be easily crackable and was updated in those years to make it spread around the world. Now they stopped updating the cracked OS installations, in hope that people like me, who need a PC for work, will search and buy the authentic Windows DVD. Bu it left a huge immense base of un-patched PCs.
This is the real origin of this problem.
Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.
Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?
If the government were actually interested in fixing this situation they could:
1) Create their own linux distro and mandate that the government use it. They have already said they want to do this and it was previously discussed on Slashdot.
2) Pass a law that says no new computer can be sold without a legitimate operating system on it (It doesn't matter if it's Windows, Russian Linux, OSX. It just must be a legal copy). More importantly, enforce the law. This should at least get most or all new computers pre-installed with the Russian OS just to comply with the law.
3) Refuse to let hardware vendors sell a product in Russia if it doesn't work out of the box or have a verified driver for Russian Linux on the installation CD. Linux generally has better hardware support than Windows these days so, this really isn't too onerous of a requirement on hardware vendors.
I'm probably over simplifying but, normal people don't care about their operating system. They want a button to click that connects to the magical "linksys" wifi network, an icon that says Internet under it and an icon that says Office under it. If you give them those three things, there is little chance they will notice the difference and probably less chance that will care enough to "fix" it with a Windows install. Though, they may start to get a little suspicious when they don't have to re-install every 3 months because, "it's going slow".
I don't know anything about your background or travels, but I find the picture that you paint of russia contrasts strongly with that of what I've seen.
Bear in mind that Moscow has been the world's most expensive city to live in for multiple consecutive years now [ 1 2 ]
What you seem to be regurgitating in your post is rhetoric, which you've taken it upon yourself to extrapolate wildly.
There are multiple vectors for disassembling your post, but the most obvious ones are:
The last check of google reports over 194,000 hits for WGA cracks [3].
I'd love to see the data behind your bold claim, in which you plead ignorance, but continue to fabricate 'statistics'.
On a closing note, I'm amazed noone else has yet flamed you for posting:
Maybe you should do some research in general, and pay a visit to distrowatch...
Gary McKinnon isn't really a hacker. Most of his transgressions are accounted for by pinging certain US govt IPs looking for open RDP ports, and he got in because they weren't passworded. Apparently this accounts for in excess of $800,000 in damage to their systems. He also related how he used to regularly "bump into" other "hackers" while cruising those systems. He only got caught because he was using a system one day, and the real user saw his mouse moving. McKinnon pretended to be doing a security audit and left quickly. That $800,000 is to cover red faces more than anything. Shame on the UK for turning him over. Up to 70 years in jail for that ? "The US military alleges that Mr McKinnon caused $800,000 of damage and left 300 computers at a US Navy weapons station unusable immediately after the September 11, 2001, terror attacks." I mean, puhlease. Can you make that any more emotionally convicting ?
And we wonder why people are being sued for url traversal. (if you leave it accessible, don't bitch when people access it)
If China tried to call in its credit, it would get lots of nice green paper, and a polite invitation not to do business in the U.S. anymore.
It would be tough for the U.S. to deal with (anything that China produces a lot of would suddenly get more expensive; good thing they don't provide all that much food, energy or basic material...), but it would be disastrous for China (the stability of the country depends on the government providing economic growth and opportunity).
Nerd rage is the funniest rage.
US authorities simply aren't getting the cooperation they need
"US authorities" are not authority and suck.
Did "US authorities" ever wonder what the rest of the world needs?
In general, yes. Better economical situation makes law system stronger. Poor economical conditions are likely to result in mafia and other informal structures with their own (usually more complicated and brutal) laws.
That's not something specific to Russia.
Coding etudes
Unless you feel like living in the Untied Snakes of Aremica
mark
And why should Russia waste its own law enforcement resources to please American corporations? Rather it tries to make Russia independent from foreign extortion such as dependency on proprietary software. You don't have to become a Stallmanist to understand that the current copyright system benefits US media corporations and works against the interests of artists.