Feeds

Russian cops lack kit to fight cybercrooks, says Brit security buff

Web bods snub state enforcers, turn to private sector instead

Security for virtualized datacentres

CyCon 2013 A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime.

Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers.

However, the perception remained that crooks in Russia and the Ukraine were free to target victims with Trojan-based scams, fake anti-virus, ransomware and other swindles – providing the victims were non-Russians.

Back in 2007, outfits such as the so-called Russian Business Network were rumoured to be handing kickbacks to corrupt politicians in St Petersburg whilst operating botnets, carrying out wholesale ID theft and running spam networks; all activities targeted against non-Russians.

Later, principal actors from the RBN were linked to DDoS attacks against Estonia and Georgia, and security researchers believe these were carried out on behalf of Russia's FSB – the modern successor to the Soviet KGB spy agency.

As net use in latter-day Russia has increased, cybercrime has become a domestic problem as crooks set their sights on "soft targets" within Russia. The FSB, along with Russia's internal security and policing services, lack the technological expertise, computer forensics and legal expertise to tackle cybercrime – so private sector organisations are having to pick up the slack, according to Keir Giles, a director at the UK's Conflict Studies Research Centre.

"When top-level domain managers gave a presentation about the fight against cybercrime in Russia they didn't mention the police," Giles told El Reg. "This was an oversight, but a telling one nonetheless."

Cyber response teams, ISPs, Russian security consultancies (such as Group-IB) and big Western software firms like Microsoft are the main agents behind bonnet busts and other activity in Russia that would be tied to law enforcement in the West.

Russian computer crime laws are outdated, or "imperfect" as Giles more diplomatically described them. Outdated technology and a lack of expertise in key areas, such as computer forensics, have meant that police agencies have turned to commercial providers.

Giles is due to present a session entitled Divided by a Common Language: Cyber Definitions in Chinese, Russian and English at CyCon in Tallinn, Estonia on Friday. Giles, an expert in Russian security policy and international relations of many years standing, explained that the Russian government's attitude to the internet is markedly different from those in Europe and the US.

He explained that elements of the Russian security services, such as the FSB, want control of content and have a long-standing suspicion of social media, which they view as a forum for whipping up dissent – and, consequently, presents a threat to the state.

These suspicions were reinforced by protestors using social media to communicate and broadcast propaganda during the Arab Spring. But there's a recognition by other sectors of the government that free connections with the outside world, and technologies such as encryption, are needed to allow e-commerce to take off.

Several Western politicians and governments are concerned about sourcing key components of internet infrastructure from the likes of Huawei, citing fears about hidden backdoors and similar concerns. Politicians in Russia have similar concerns about sourcing internet routing kit from firms like Cisco, Giles explained.

Further insights into Russian attitudes towards the internet can be gleaned from the English-language version of the draft convention on International Information Security, put forward by the Russians here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.