Feeds

Russian trade body aims to fight cybercrime

Russia no safe haven for spammers and cybercriminals

The Power of One eBook: Top reasons to choose HP BladeSystem

Russia is not a safe haven for criminals or spammers, according to a Russian trade association campaigning to tighten up the admitted shortcomings of local cybercrime laws and build international cooperation.

The Russian Association of Electronic Communications was established in 2006 to speed Russia’s integration into the global internet economy. The association has more than 35 members, including leading Russian ISP Mail.Ru, social network outfits, news agencies ITAR-TASS and RIA Novosti, and net security firm Kaspersky Lab. RAEC has set out an ambitious programme to shape Russian internet regulations, provide mediation in copyright and e-commerce disputes, promote internet security and help support the development of legitimate IT businesses in Russia.

Dmitry Zakharov, director of comms at RAEC, told El Reg that the prevalence of cybercrime activities in Russia is hurting the country's image abroad.

"The problems at the moment is that we are not able to offer talented technology people jobs. so they get involved in illegal activity," Zakharov said. "Not many want to be gangsters but Russia is relatively young as a capitalist economy and there are not enough normal and civilised occupations."

Anywhere between 10,000 - 20,000 people are estimated to work in the underground economy in Russia, assisting illicit activities including selling scareware, bank fraud, pushing pharmacy spam and worse.

"The problem is economic," said Zakharov. "We have to offer jobs. Those that remain will be persued if they still want to act like criminals."

A carrot and a stick approach is needed. RAEC is backing the establishment of a Russian Silicon Valley (Technopark) project, near Moscow, that it's hoped will offer thousands of legitimate jobs in technology within five years. Those that stay in the black economy need to be prosecuted, and this requires new legislation.

"We have some laws that describe hacking actions, like taking commercial data, but they are not good enough," Zakharov said. "The law is not clear on definitions."

Copyright protection laws are also needed and codes of conduct for ISPs are also needed, Zakharov said, adding that RAEC is in discussion with internet firms about "lowering" copyright violations while laws in the area undergo development.

An example of internet law changes in Russia comes from recently applied regulations to tighten up domain registrations. From 1 April, copies of passports or legal registration papers for business are needed to register a .ru domain. Previously domains were set up without any checks, a shortcoming that played into the hands of spammers.

"Spamming domains don't live long," Zakharov explained. "The tighter regulations prevent cybercriminals from holding money in anonymous accounts, used to register many domains at once for spamming or other illegal activity. It [the tighter regulation] is an effective measure."

Rogue hosting organisations, most notoriously the Russian Business Network, have set up shop in Russia and reportedly suffered little or no interference for many months, at least according to many Western information security experts. RBN was eventually broken up in late 2007.

Another more recent example is neighbouring Ukraine is Innovative Marketing Ukraine, which built its wealth marketing scareware until it was shut down last year.

A RAEC analyst said that Western perceptions that RBN, for example, is a single cybercrime entity are all wrong. He described it as the most popular so-called bullet-proof hosting firm, used by many disparate organisations for various criminal purposes.

RAEC's line was it was only when complaints in more or less the right form were made to Russian authorities that RBN was shut down. The trade organisation argues that information is not been passed between Russian authorities and those in the West, who often have very different ideas of what's going on. Russian authorities, for example, know much about the identity of prolific spammer in Spamhaus' ROKSO list. The reason he is not in jail is because his crimes took place outside Russia and no victims have come forward to complain to local authorities.

The trade group, which has begun talking about its work to Western media for the first time over recent weeks, wants to help break down international barriers which allow cybercrime and possibly corruption to flourish unchecked.

Zakharov admitted the possibility that individual corrupt officials in St Petersburg might have been bribed by RBN, but argued repeatedly that "top level government people want cybercrime shut down".

"Politicians don't want to see Russia seen as a home for hackers and criminal country because this hurts the economy and Russia's reputation," Zakharov explained. "We want to go international and show Russia is not the safe haven for criminals or spammers.

"This is a governmental-backed project. The government are very aware of the cybercrime problem and trying to do many things to curtail it." ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.