Install

Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Hacking Away




From vandalizing web sites to online bank theft, russia's cybercriminals have proven talents.


Yura stares at the computer screen at the Chevignon Internet Cafe, biting his lower lip in concentration as his fingers fly across the keyboard. He types in the passwords and addresses of free software sites and downloads programs that will help him target weak spots in web pages. Every time the machine hums as it takes a few moments to process commands, Yura lights up a cigarette and inhales a few drags. Some 30 minutes later, his mission is accomplished. "Here we are," Yura says matter-of-factly. "Got through to their systems computer. Now we can do whatever we want with it."


The site, showing a collage of tiny scenic photographs and smiling Asian faces, appears to belong to a tour company and is located on a Taiwanese server. Without a hint of hesitation, Yura erases the homepage design and types in his message in multicolored letters on the black background: "You've been hacked by Hell_man from Russia."


Yura, 16, spends about six hours a day in front of his computer, destroying homepages and stealing Internet login passwords to surf the net for free. Yura and his cohorts, who call themselves Chaos Hackers Crew, are small-time heisters in Russia's growing and serious world of cybercrime. But the likes of their antics have already driven away two major American Internet providers. In 1997, America Online and CompuServe shut down their Russian operations after widespread usage of fake credit card numbers and stolen passwords ran up the bills of the online services.


Ranging from homepage vandalism to online bank robbery, computer-related fraud has spiralled out of control in Russia since 1996 when the number of computers hooked up to the Internet in the country reached 1 million. Today the country has about 1.5 million Internet users, according to the Russian magazine Internet. And more than half of those who are constantly online "practice computer hooliganism," estimates Alexei Isaikin, head of the Moscow police's computer crime unit. "Only about 20 percent use the global information resource for business purposes."


Russia offers fertile ground for cybercrime. For older computer jockeys, the hacker mentality comes from the poverty of oppression in Soviet days. "The state used to be one collective hacker. We heroically ripped off capitalists for the sake of strengthening the country's defense potential," says Sergei Gruzdev, director of the Russian branch of Aladdin Knowledge Systems, an Israeli computer security firm. "Pirate software was our window into Western civilization. Our salaries were worth about $10, and we couldn't afford to buy anything legally anyway," says Gruzdev, who was a student at a secret space engineering institute in Kaliningrad in Soviet times. "If we didn't hack, we would have still been in the Stone Age."


The hacker community was boosted recently by the August economic blowout that left many experienced computer programmers and systems administrators financially desperate. Unemployed computer whizzes in high tech cities such as Novosibirsk and Tomsk have turned from "sharpshooters into killers," says Alexander Povolotsky, an independent systems administrator. Many of them have crossed over into the sphere of cybercrime, stealing confidential information from firms and selling it to competitors, staging elaborate credit card fraud schemes, designing viruses and cooperating with software bootleggers.


In October, Sergei Pakhomov, an employee of Sberbank's Rostov branch, attempted to rob the country's largest savings bank with the use of Trojan-type software, a sophisticated program that can be hidden within other programs and carry out elaborate commands. Within an accounting program, Pakhomov hid software that would create an account and arrange for whoever opened the program to transfer 39,000 rubles ($1,592) there. Bank officials noticed the fraud during the software's installation, and Pakhomov was arrested and received a two-year, suspended sentence.


New forms of cybercrime, like those using Trojan software or monitoring pager messages on computers have quickly caught on in Russia. Trojan software can be disguised as junk mail that when opened, searches for passwords, databases and holes in the defense system, and then mails such information back to the sender. The information can then be sold to direct mail companies or used for blackmail. Aladdin's Gruzdev realized he was a victim of a Trojan bug when his personal mailbox started filling with "offers of vacuum cleaners from places like New Guinea." Gruzdev predicts "there will be a huge jump in such crime in the near future."


The oldest sort of computer-related crime, software piracy, still thrives in Russia. Along with China and Bulgaria, Russia is a world leader in pirate software manufacturing. Crackers f people who crash defense mechanisms of operating systems and commercial software f break the codes that protect programs by keeping them locked or that ensure that programs can only be run on a single computer.


While electronic theft, such as breaking into bank accounts and generating fake credit card numbers, is by far the most widespread type of cybercrime in Russia, there are concerns about hackers "disrupting computer defense systems and the weapons of mass destruction being released inadvertently or by an evil hand," says a U.S. government source in Moscow. Last month, the U.S. Defense Department acknowledged that ongoing, sophisticated and organized attacks on its computer systems were most likely coming from Russia. No classified networks have been breached, according to Pentagon officials, but the attacks differed from the average 60 attacks per week in that they were well planned and aimed at penetrating U.S. military research and technology systems, including nuclear weapons laboratories.


As Russia is still a largely cash-based society, the country's cyberthieves have mostly stolen from foreign consumers, online shops and banks. Until the Moscow cyberpolice unit began focusing on credit card fraud last year, such hackers operated nearly freely. Since then, however, the unit has uncovered 12 online theft groups operating in Moscow and 20 people among the groups are under criminal investigation.


In one of the most sensational cases, police arrested Ilya Hoffman, a viola student at the Moscow Conservatory, in September for allegedly stealing about $98,000 through an online credit card fraud scheme. His brilliance both as a suspected scam artist as well as a musician has attracted the attention of several prominent Russians who argue that Hoffman should be freed so that his talents don't waste away in prison. (See box.)


In November a Moscow court handed a five-year suspended sentence to Pavel Sheiko, then a 17-year-old student at Moscow's Russian University for the Humanities, for generating a fake Visa credit card number and then using it to order online $11,000 worth of computer software. The victimized shop turned to Visa International for help and the credit card company together with the Moscow cyberpolice tracked down Sheiko after studying his web traffic and arrested him at home.


Hunting down and convicting cybercriminals has been especially difficult in Russia due to outdated laws and poorly equipped police unfamiliar with high-tech crimes. "Ninety-five percent of computer-related crimes are undetected," says Dmitry Chepchugov, head of the Interior Ministry's computer crime unit. Only three articles in the 1997 criminal code refer specifically to computer-related crime: Article 272 bans unauthorized access to computer information, article 273 prohibits the use or distribution of harmful software and article 274 forbids deliberate disruption of systems. But antics like those allegedly carried out by Hoffman, theft using computer-generated credit card numbers, don't fall under any of these categories. Prosecutors are charging Hoffman with fraud.


Alarmed by the growth of sophisticated cybercrime, then Interior Minister Sergei Stepashin last year ordered the creation of 50 computer crime units within the police force across the country. The units are staffed with mostly young police officers f in Moscow their average age is 23 f who investigate complaints and monitor web sites for suspicious activities. Under a project with the FBI and the European Council, FBI agents have held training sessions to combat cybercrime for many of the units' members.


Police work is hampered by the reluctance of victims to come forward. Companies that have fallen prey to hackers often don't disclose the assault for fear of damaging their reputation. Internet providers, who can help trace the computer a hacker has operated from, are similarly reluctant to cooperate with authorities. "We rarely get any information from interested parties and stumble around in the dark instead," Moscow police's Isaikin says.


System specialists within companies end up conducting most of the pursuit of hackers. "Confrontation between a systems administrator and a hacker is like a battle between two submarines," says Povolotsky, the independent systems administrator. "You never know whether the hacker has already realized that he is being chased and is just making fun of you. The hacker, too, can't tell if he hasn't already been exposed and the next minute will be wrestled to the floor by police in ski masks."


When an intruder has been discovered, one threatening telephone call usually drives the hacker away. Sometimes, however, more brutal methods are used. Povolotsky says the hacker underworld was shaken two years ago by a story of a man found dead in his apartment after he allegedly broke into a Russian bank's computer system. Nothing was stolen from the apartment except for the man's computer and floppy discs.


Aladdin, which produces dongles f hardware security mechanisms that ensure software only runs on the computer it is loaded in f has helped law enforcers close down more than 15 web sites that were offering hacked software and cracking tools. In April, based on a tip from Aladdin, police in Moscow arrested Andrei Lishutin, a distributor of pirated software known by his nickname Leshy. Leshy was part of a large St. Petersburg pirates' group called UCL, or United Crackers League. After Leshy's arrest, the group claimed it was making protective measures against hackers a priority and renamed itself United Copyright Protection/Cryptography Labs.


Most hackers are like the 16-year-old cracker operating under the cybername V00d00 who disrupts servers and damages web sites "just for the hell of it." Both V00d00 and Hell_man took part in a week-long intensive attack in April on NATO and U.S.-government related web sites. Hackers in Serbia bombarded NATO's web page with more messages than the system could answer and inundated the mailboxes of subscribers with junk messages. Russian hackers claimed responsibility for bringing down the White House's official web site for several hours and vandalized dozens of sites with names that sounded remotely related to the U.S. government, military or NATO. Russia's premier hacking site, www.hackzone.ru, run by the computer magazine publishing house Compulog, displays the latest hacked sites. During the first week of NATO's airstrikes over Yugoslavia, a site for an aviation college that showed pictures of a plane and rocket was transformed to illustrations of a burning B-52 and "NATO SUCKS" repeated in vertical columns across the screen.


The police usually ignore petty cyberhooligans, concentrating their energies on the more harmful hacker activities such as credit card theft. Besides, political sympathies often play their role. "I'm glad we showed our teeth to the Americans," says Alexander Terekhov, head of St. Petersburg's cybercrime unit and a graduate of two FBI computer crime investigation courses.


Similar sentiment is extended by some to more serious cybercriminals. One visitor to the Moscow cybercrime unit's web site at www.cyberpolice.ru wrote, "If your own country robs you for your 50 honestly earned grand, there is nothing else left to do but to start robbing others." Vladimir Levin, who in 1995 pilfered $5 million from Citibank accounts worldwide from his home computer in St. Petersburg, remains a hero and role model to many Russian hackers. The first person in history to be convicted for online theft, Levin is now serving a 36-month sentence in a U.S. jail.


One self-proclaimed hero in the hacking community, alias Ivanopulo, has taken it upon himself to crack every product created by the U.S. software giant Macromedia, which specializes in multimedia-related programs. Each time Macromedia releases new software, Ivanopulo displays its areas vulnerable to hacking on his site at Ivanopulo-cracks.ru. Ivanopulo claims he is presenting the software's holes for educational purposes, but not everyone agrees. Steve Wozniak, Macromedia's piracy manager and a co-founder of Apple Computer, wrote in an e-mail to Ivanopulo in March, "Judging from your work, you are an intelligent man who can pursue much more fruitful and valuable ventures than this. ? These cracks are simply a well-advertised aid to theft." Ivanopulo shot back, "I just like to investigate different protection schemes and show people how weak they can be."


While cyberpolice and systems engineers conduct their battles with hackers, the government is considering a controversial measure that critics say is a violation of human rights. The Federal Security Service, or FSB, and the State Communications Agency have drafted a regulation that would allow the FSB to monitor electronic mail, credit card transactions and web traffic in real time and without having to apply for a warrant. If approved by the Justice Ministry, SORM, which stands for "System of Ensuring Investigative Activity," will require Internet service providers to install a "black box" or special snooping device in their main computers and build a high-speed communication link to channel data from the providers to the FSB. The cost of laying the fiber-optic cables will have to be covered by the providers f and inevitably passed to the individual subscribers, who, ironically, will end up paying for the luxury of being spied on.


"Big Brother has always found common language with small-time hooligans," wrote Anton Nosik, creator of the first Russian Internet newspaper Gazeta.ru, in a recent issue. "Those actually hurt will be servers that are ideologically objectionable to the Federal Security Service. ? And they'll pass it off as an anti-hacker measure."


Other critics say state efforts to prevent cybercrime won't work because they are up against too many individual systems each with their own unique holes. Internet analyst Anatoly Levenchuk likens the current endeavors to policing an open house with many police guarding it. The solution, he says, is for users to provide their own doors and locks, which in the cyberworld would be firewalls and cryptography. "The only solution is strong cryptography and this idea needs to be brought to the mind of every user," Levenchuk says. "If you've been hacked, it's your own fault."