How Communism Gave Birth to the Russian Hacker Scene
A busty brunette dubbed "the world's sexiest hacker," half a dozen slots on the FBI's cybercrime most wanted list, now — allegedly — a lawmaker's son: Russian hackers are certainly making a splash in the international media.
But a handful of high-profile incidents are not necessarily enough to constitute a trend, especially in the underworld, where the best criminals are those that do not get caught.
The urban legend about crafty Russian hackers draining Western bank accounts while slurping their cola is certainly overblown, domestic IT experts polled by The Moscow Times said Thursday.
But Russia does have a resilient hacker community, an unplanned legacy of the Soviet education system, experts agreed.
"'Russian hackers are certainly mythologized, but the myth is rooted in reality," said German Klimenko, the owner of Liveinternet.ru, a blogging platform and web analytics portal.
While it is the flashy phishing stories and mass data theft that put hackers from the former Soviet Union in the public spotlight, they actually tend to focus on state-of-the-art cybercrime methods that are hardly noticeable to the average Internet user, experts said.
Some even find jobs in security services, said Stanislav Shakirov of the Internet freedom watchdog RuBlackList.net.
The Stuff of Cyberthrillers
Last week, Russian national Roman Seleznev was accused by U.S. law enforcement of making about $2 million by stealing and reselling data from 140,000 credit cards, mostly through small stores in the U.S.
The story has a cyberthriller ring to it: Seleznev, 30, who has a metal plate in his head after surviving a bomb attack in a cafe in Morocco, was busted in the Maldives and flown to the U.S. territory of Guam. His father, an ultraconservative lawmaker in Russia, has already called for retribution against the tropical islands.
Seleznev Jr's guilt has yet to be proven, but Russia and its neighbors have impressed the world with their hackers before. Eight Russians and one Estonian are featured among the 17 entries on the FBI Cyber's Most Wanted list, not counting half a dozen low-ranking "money mules," with damages from malware credited to them exceeding $156 million.
The first Russian hacker to make headlines, Vladimir Levin, did so back in 1995 — the year after Russia registered its first Internet domain. He did not even speak English when he landed in a U.S. penitentiary.
The list of Russian star hackers would be incomplete without Kristina Svechinskaya, a Stavropol-born New York University student convicted in 2013 of hacking banking accounts in the U.S. Photos on her pages on social networks prompted the media to dub her "the world's sexiest hacker."
Too Good at Math
Russian hackers owe their skills to the Communist Party: The Soviet education machine, tailored to produce specialists for the military-industrial complex, was heavy on mathematics.
In the 1990s, all those math buffs were left unemployed as the Soviet economy came undone and the industrial sector collapsed, said Alexander Lyamin of Qrator Labs, an Internet security company.
"Jobs were hard to find, and the less morally sound ones took up hacking," Lyamin said by telephone.
The situation has changed since: Russia has an acute shortage of IT specialists, estimated at 200,000 last year by Communications and Mass Media Minister Nikolai Nikiforov.
The educational system, meanwhile, has been deteriorating amid hectic reforming and budget cuts.
But elite math schools, such as Moscow State University, still crank out highly qualified specialists, Shakirov said.
Russians shine in global coding competitions, winning the two latest ACM International Collegiate Programming Contests and scoring in the top three in last year's International Olympiad in Informatics.
And the very myth around the Russian hacker community makes it self-sustainable, with the romantic allure and the promise of easy money attracting fresh blood, Klimenko said.
A print magazine called "The Hacker" has been published in Russia since 1999. While more careful these days, it used to publish actual hacking instructions in the early 2000s, Klimenko said.
The magazine's representatives could not be reached for comment Thursday.
Malware & Politics
The family itself is not that big: The cream of the crop of the Russian hacker community is limited to a couple dozen people, with another 2,000 wannabes, amateurs and hangers-on, Klimenko said.
Analysts differed on the prime strengths of post-Soviet hackers. Shakirov said carding — the theft of credit card data like the scheme attributed to lawmaker's son Seleznev — was one of them, while Klimenko pointed to malware and viruses.
The latest fashion in cybercrime is not even an issue for users: The new malware simply replaces ads in a browser, Klimenko said. The technology, which drains legal ad sellers of revenue, may only bring some $10 per computer a year, but is less obtrusive and hence increasingly popular, he said.
There are also DDoS attacks, the combat of which is the specialty of Lyamin's Qrator Labs. Attacks decreased in number year-on-year in the first half of this year, but their intensity and duration spiked, according to a report issued by the company earlier this week.
More importantly, the DDoS attacks — previously mounted on payment systems and Forex websites — are now increasingly targeting the media and are tied to political events, the report said.
The Russian government has frequently been accused in recent years of waging cyberwarfare against the Kremlin's enemies, including both the domestic opposition and geopolitical foes such as Georgia and the Baltic states.
The government has denied the allegations. But hackers, once busted by The Man, are likely to begin working for him, said Shakirov of RuBlackList.net.
"Hackers who have done time are routinely recruited by the secret services," he said. "It is a perfectly normal practice."