Feeds

Russian trade body aims to fight cybercrime

Russia no safe haven for spammers and cybercriminals

The essential guide to IT transformation

Russia is not a safe haven for criminals or spammers, according to a Russian trade association campaigning to tighten up the admitted shortcomings of local cybercrime laws and build international cooperation.

The Russian Association of Electronic Communications was established in 2006 to speed Russia’s integration into the global internet economy. The association has more than 35 members, including leading Russian ISP Mail.Ru, social network outfits, news agencies ITAR-TASS and RIA Novosti, and net security firm Kaspersky Lab. RAEC has set out an ambitious programme to shape Russian internet regulations, provide mediation in copyright and e-commerce disputes, promote internet security and help support the development of legitimate IT businesses in Russia.

Dmitry Zakharov, director of comms at RAEC, told El Reg that the prevalence of cybercrime activities in Russia is hurting the country's image abroad.

"The problems at the moment is that we are not able to offer talented technology people jobs. so they get involved in illegal activity," Zakharov said. "Not many want to be gangsters but Russia is relatively young as a capitalist economy and there are not enough normal and civilised occupations."

Anywhere between 10,000 - 20,000 people are estimated to work in the underground economy in Russia, assisting illicit activities including selling scareware, bank fraud, pushing pharmacy spam and worse.

"The problem is economic," said Zakharov. "We have to offer jobs. Those that remain will be persued if they still want to act like criminals."

A carrot and a stick approach is needed. RAEC is backing the establishment of a Russian Silicon Valley (Technopark) project, near Moscow, that it's hoped will offer thousands of legitimate jobs in technology within five years. Those that stay in the black economy need to be prosecuted, and this requires new legislation.

"We have some laws that describe hacking actions, like taking commercial data, but they are not good enough," Zakharov said. "The law is not clear on definitions."

Copyright protection laws are also needed and codes of conduct for ISPs are also needed, Zakharov said, adding that RAEC is in discussion with internet firms about "lowering" copyright violations while laws in the area undergo development.

An example of internet law changes in Russia comes from recently applied regulations to tighten up domain registrations. From 1 April, copies of passports or legal registration papers for business are needed to register a .ru domain. Previously domains were set up without any checks, a shortcoming that played into the hands of spammers.

"Spamming domains don't live long," Zakharov explained. "The tighter regulations prevent cybercriminals from holding money in anonymous accounts, used to register many domains at once for spamming or other illegal activity. It [the tighter regulation] is an effective measure."

Rogue hosting organisations, most notoriously the Russian Business Network, have set up shop in Russia and reportedly suffered little or no interference for many months, at least according to many Western information security experts. RBN was eventually broken up in late 2007.

Another more recent example is neighbouring Ukraine is Innovative Marketing Ukraine, which built its wealth marketing scareware until it was shut down last year.

A RAEC analyst said that Western perceptions that RBN, for example, is a single cybercrime entity are all wrong. He described it as the most popular so-called bullet-proof hosting firm, used by many disparate organisations for various criminal purposes.

RAEC's line was it was only when complaints in more or less the right form were made to Russian authorities that RBN was shut down. The trade organisation argues that information is not been passed between Russian authorities and those in the West, who often have very different ideas of what's going on. Russian authorities, for example, know much about the identity of prolific spammer in Spamhaus' ROKSO list. The reason he is not in jail is because his crimes took place outside Russia and no victims have come forward to complain to local authorities.

The trade group, which has begun talking about its work to Western media for the first time over recent weeks, wants to help break down international barriers which allow cybercrime and possibly corruption to flourish unchecked.

Zakharov admitted the possibility that individual corrupt officials in St Petersburg might have been bribed by RBN, but argued repeatedly that "top level government people want cybercrime shut down".

"Politicians don't want to see Russia seen as a home for hackers and criminal country because this hurts the economy and Russia's reputation," Zakharov explained. "We want to go international and show Russia is not the safe haven for criminals or spammers.

"This is a governmental-backed project. The government are very aware of the cybercrime problem and trying to do many things to curtail it." ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?