Feeds

Russian cops lack kit to fight cybercrooks, says Brit security buff

Web bods snub state enforcers, turn to private sector instead

Secure remote control for conventional and virtual desktops

CyCon 2013 A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime.

Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers.

However, the perception remained that crooks in Russia and the Ukraine were free to target victims with Trojan-based scams, fake anti-virus, ransomware and other swindles – providing the victims were non-Russians.

Back in 2007, outfits such as the so-called Russian Business Network were rumoured to be handing kickbacks to corrupt politicians in St Petersburg whilst operating botnets, carrying out wholesale ID theft and running spam networks; all activities targeted against non-Russians.

Later, principal actors from the RBN were linked to DDoS attacks against Estonia and Georgia, and security researchers believe these were carried out on behalf of Russia's FSB – the modern successor to the Soviet KGB spy agency.

As net use in latter-day Russia has increased, cybercrime has become a domestic problem as crooks set their sights on "soft targets" within Russia. The FSB, along with Russia's internal security and policing services, lack the technological expertise, computer forensics and legal expertise to tackle cybercrime – so private sector organisations are having to pick up the slack, according to Keir Giles, a director at the UK's Conflict Studies Research Centre.

"When top-level domain managers gave a presentation about the fight against cybercrime in Russia they didn't mention the police," Giles told El Reg. "This was an oversight, but a telling one nonetheless."

Cyber response teams, ISPs, Russian security consultancies (such as Group-IB) and big Western software firms like Microsoft are the main agents behind bonnet busts and other activity in Russia that would be tied to law enforcement in the West.

Russian computer crime laws are outdated, or "imperfect" as Giles more diplomatically described them. Outdated technology and a lack of expertise in key areas, such as computer forensics, have meant that police agencies have turned to commercial providers.

Giles is due to present a session entitled Divided by a Common Language: Cyber Definitions in Chinese, Russian and English at CyCon in Tallinn, Estonia on Friday. Giles, an expert in Russian security policy and international relations of many years standing, explained that the Russian government's attitude to the internet is markedly different from those in Europe and the US.

He explained that elements of the Russian security services, such as the FSB, want control of content and have a long-standing suspicion of social media, which they view as a forum for whipping up dissent – and, consequently, presents a threat to the state.

These suspicions were reinforced by protestors using social media to communicate and broadcast propaganda during the Arab Spring. But there's a recognition by other sectors of the government that free connections with the outside world, and technologies such as encryption, are needed to allow e-commerce to take off.

Several Western politicians and governments are concerned about sourcing key components of internet infrastructure from the likes of Huawei, citing fears about hidden backdoors and similar concerns. Politicians in Russia have similar concerns about sourcing internet routing kit from firms like Cisco, Giles explained.

Further insights into Russian attitudes towards the internet can be gleaned from the English-language version of the draft convention on International Information Security, put forward by the Russians here. ®

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.