Feeds

Russian cops lack kit to fight cybercrooks, says Brit security buff

Web bods snub state enforcers, turn to private sector instead

Using blade systems to cut costs and sharpen efficiencies

CyCon 2013 A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime.

Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers.

However, the perception remained that crooks in Russia and the Ukraine were free to target victims with Trojan-based scams, fake anti-virus, ransomware and other swindles – providing the victims were non-Russians.

Back in 2007, outfits such as the so-called Russian Business Network were rumoured to be handing kickbacks to corrupt politicians in St Petersburg whilst operating botnets, carrying out wholesale ID theft and running spam networks; all activities targeted against non-Russians.

Later, principal actors from the RBN were linked to DDoS attacks against Estonia and Georgia, and security researchers believe these were carried out on behalf of Russia's FSB – the modern successor to the Soviet KGB spy agency.

As net use in latter-day Russia has increased, cybercrime has become a domestic problem as crooks set their sights on "soft targets" within Russia. The FSB, along with Russia's internal security and policing services, lack the technological expertise, computer forensics and legal expertise to tackle cybercrime – so private sector organisations are having to pick up the slack, according to Keir Giles, a director at the UK's Conflict Studies Research Centre.

"When top-level domain managers gave a presentation about the fight against cybercrime in Russia they didn't mention the police," Giles told El Reg. "This was an oversight, but a telling one nonetheless."

Cyber response teams, ISPs, Russian security consultancies (such as Group-IB) and big Western software firms like Microsoft are the main agents behind bonnet busts and other activity in Russia that would be tied to law enforcement in the West.

Russian computer crime laws are outdated, or "imperfect" as Giles more diplomatically described them. Outdated technology and a lack of expertise in key areas, such as computer forensics, have meant that police agencies have turned to commercial providers.

Giles is due to present a session entitled Divided by a Common Language: Cyber Definitions in Chinese, Russian and English at CyCon in Tallinn, Estonia on Friday. Giles, an expert in Russian security policy and international relations of many years standing, explained that the Russian government's attitude to the internet is markedly different from those in Europe and the US.

He explained that elements of the Russian security services, such as the FSB, want control of content and have a long-standing suspicion of social media, which they view as a forum for whipping up dissent – and, consequently, presents a threat to the state.

These suspicions were reinforced by protestors using social media to communicate and broadcast propaganda during the Arab Spring. But there's a recognition by other sectors of the government that free connections with the outside world, and technologies such as encryption, are needed to allow e-commerce to take off.

Several Western politicians and governments are concerned about sourcing key components of internet infrastructure from the likes of Huawei, citing fears about hidden backdoors and similar concerns. Politicians in Russia have similar concerns about sourcing internet routing kit from firms like Cisco, Giles explained.

Further insights into Russian attitudes towards the internet can be gleaned from the English-language version of the draft convention on International Information Security, put forward by the Russians here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.