A Look at Russian Hacking

M O S C O W, Nov. 20, 2000 -- While the international space station brings new renown to Russia, the nation is gaining a darker sort of notice from other explorers — hackers who launch into cyberspace.

Russia’s reputation as home to some of the world’s most gifted and devious hackers was underscored last month when Microsoft Corp. disclosed that passwords used to access its coveted source code had been sent from the company network to an e-mail address in St. Petersburg.

It is by no means clear whether a Russian was behind the break-in — that e-mail account could have been managed remotely. But that doesn’t stop Russian hackers — “khakeri,” or “vzlomshchiki (house-breakers)” — from puffing out their chests at such exploits.

Bragging Rights?

In a recent poll on a hacker-oriented Web site, 82 percent said Russia had the world’s best hackers; only 5 percent said Americans were better.

But the bravado is laced with frustration.

Hackers are motivated as much by a lack of opportunity in economically struggling Russia as by criminal leanings, people inside and outside the hacker community say.

Sergei Pokrovsky, editor of the magazine Khaker, said that hackers in his circle have skills that could bring them rich salaries in the West, but they expect to earn only about $300 a month working for Russian companies.

Russian higher education traditionally has been strong in mathematics, a skill at the core of hacking, but the Russian market offers few employment opportunities to such knowledgeable people, said Mikko Hypponen, manager of anti-virus research at the Finnish company F-Secure.

“They have too much time on their hands,” said Hypponen, whose company highly values the Russian computer experts it employs.

Russians have been behind several high-profile — and sometimes highly lucrative — hacking cases. There was the cyberthief known as ‘Maxus’ who stole credit-card numbers from Internet retailer CD Universe earlier this year and demanded a $100,000 ransom. When denied the money, he posted 25,000 of the numbers on a Web site. Maxus was never caught.

Mathematician Vladimir Levin was caught and in 1998 was sentenced to three years in prison in Florida for a stunning invasion of the Citibank system in which he pilfered $12 million by transferring digital dollars out of the bank’s accounts.

Russians are also believed to be behind the 1998 theft of Global Positioning System software, used for missile-targeting, from U.S. military computers.

Victims as Well as Perps

Russian companies occasionally fall victim to hackers, too. Last year, hackers got into the computers of Gazprom, the Russian natural gas monopoly that also supplies much of Europe and took brief control of the central supply switchboard; officials wouldn’t say whether there were service disruptions.

Incidents of avarice and meddling in critical computer systems have raised concern that some hackers who hail from Russia are affiliated with its extensive organized-crime groups.

Pokrovsky, for one, rejects such speculation.

“Nonsense, complete nonsense,” he said. “For example, I personally know Maxus and he isn’t in any crime group. He’s a very good specialist who understands systems very well.”

The psychology of hackers can be as elusive as their identities, however. Of course some say their actions are just an offshoot of exuberance, that they are chiefly benign interlopers.

Take the hacker known online as NcRoot. He says his first name is Alexander and that he’s a 17-year-old student interested in Web site design.

“Sure, there may be people who do this for the sake of money and who have small salaries,” he wrote in response to e-mailed questions, saying he believed most Russian hackers do it for the challenge of exposing security flaws.

“Fix in your mind, we just want to help you,” a hacker group wrote to the Webmaster of an online music site they hacked into this year. NcRoot was among the hackers.

Trying to Assess Economic Damage

While it’s impossible to estimate the economic damage Russian hackers may inflict through theft and mischief, indicators suggest the sums are enormous. Many of the Internet’s so-called “warez” sites, in which pirated computer software is made available, are set up by Russians.

A study by the Business Software Alliance, an international industry trade group, said that in 1999, pirates cost software makers $165 million in legitimate revenues. The study said 89 percent of business software distributed in Russia that year was pirated.

Law enforcement efforts have been weak.

The Interior Ministry division specializing in computer crimes said this year that 200 arrests were made in the first three months of the year, up from just 80 in all of 1998. But that rise could reflect increased police effectiveness rather than a growth in crimes.

“It means we are getting better and better,” said Anatoly Platonov, spokesman for the Interior Ministry’s “Division R,” which handles computer crimes.

Platonov did not provide many specifics, however, such as how many people work for the computer-crimes division.

Cyber Cops Lacking Resources?

There is a wide belief that Russian law-enforcement is being left in the dust by hackers.

“This is first of all because of a lack of resources. There aren’t enough qualified police,” said Denis Zenkin of the Russian computer security company Kaspersky Labs.

Those police who are active nonetheless get some grudging recognition from the hacker community.

“These are professional guys,” Pokrovsky wrote in Khaker last year. “I fundamentally changed my opinion of them after I knocked into them face to face.”

Computer experts generally agree that weak laws are to a large degree to blame as well.

Pokrovsky, meanwhile, worries not so about hackers committing crimes as being co-opted by institutions that can impede individual liberties. He is convinced that some hackers work with Russian intelligence agencies.

Hypponen said Russian hackers need to be concerned about negative stereotypes.

Although his company has recruited workers from the Russian talent pool, “some customers are uneasy about having development done by Russians,” he said.