How Russia's cyber crooks hack the net

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

How Russia's cyber crooks hack the net

In St Petersburg, modern villains don't use shotguns to rob banks. Their weapons are rebuilt computers and stolen internet accounts. Amelia Gentleman reports from the new capital of virtual crime

Sunday November 19, 2000

It takes just four minutes to steal computer software worth £300 from the internet, using code-cracking instructions developed by the legendary St Petersburg hacker, Ivanopulo. No expertise is necessary, just a relaxed attitude towards cyber ethics and a website address - which lists 10 idiot-proof steps on how to beat the system.

After filling in false credit card details - supplied by the website - and completing a simple series of tasks, an icon appears on the screen, declaring: 'Thank you. Payment has been received.' Flash, a sophisticated and expensive program devised by the American software giant Macromedia, has been installed for free.

The website's origin is no coincidence. Russia's Tsarist capital, known fondly by tour agencies as the Venice of the north, has a new image as a cybercrime centre - populated not only by talented computer programmers, but also by expert hackers.

At the heart of the Microsoft computer scam which so unsettled the computer world last month was an email address traced back to St Petersburg. According to information leaked from Microsoft's Redmond headquarters, hackers broke through the company's much-hyped defence system into its network, where they may have stolen blueprints to the latest version of Windows software. Security employees discovered that classified information and passwords were being sent from the company's network in America to an email account in St Petersburg.

Some experts have suggested that this was just the first in a chain of addresses routing the information around the world - a red herring, designed to confuse. But local computer programmers concede wearily that individuals in the city are very likely to have been involved.

As well-hidden and silent as the Soviet dissident culture, the city's underground hacking movement has the same sense of furtive anarchy but is guided by very different ideals. If there is any element of protest, it is against big business capitalism. For most, however, this is purely an obsessive, life-consuming game.

Young, male, unemployed and self-taught, Slava fits a stereotype model of a khakker (the Russified version of the word). For the past three years - since a snowboarding accident left him unable to walk - he has spent every night in front of his computer, devoting 15-hour stretches to perfecting advanced programming and exploring the remotest regions of the internet.

In his cramped bedroom in the city's northern tower block suburbs (papered with posters of pouting Celine Dion and dancing Spice Girls) an ageing computer stands on a shelf hammered to the wall. Bits of the machine have been unscrewed and put back together with different parts; the front panel of the disc drive is missing, exposing the inner workings. These changes have been made to refine its efficiency and, loaded with all the latest software (illicitly obtained), the computer works smoothly.

Slava, 24, who for the purposes of anonymity prefers to go by his email name Dr Lynux, cannot afford the $50 monthly internet account subscription fees; instead he knows how to get access for free.

To the uninitiated, the process is bemusing - although he insists he could teach anyone the basic principles of his trade in just a few hours. His system is based on an error written into a computer programme used by millions around the world. When individuals log on to the internet they are given the option to save their log-on name and password; those who accept this option become vulnerable to intrusion from people like Slava, who break into their system, note down their passwords and use their account as a free gateway to the internet. Recently he has been using an account belonging to a man called Asaf Danziger (log-in 'cybro', password 'szutgyi') who he thinks may be from France.

He has to find a new identity every few days to avoid detection. 'It's a sport. I hack to get on to the internet which otherwise I wouldn't be able to afford. I'd guess about 40 per cent of young Russian internet users are doing the same. If you are living on a student grant of around 80 roubles a month (£2), you can't afford to subscribe. And it's so easy to do.'

In 1997 America Online and Compuserve were driven out of Russia because widespread use of stolen passwords was making their operations unsustainable. The new police department opened to deal with hi-tech crime (known as Directorate R) says this remains the most widespread form of cyber-crime in Russia.

A strictly small-time hacker, Slava has developed a firm code of ethics. 'I think there is a moral line between stealing internet access and stealing anything else. I would never steal from a Russian computer user - who has paid hard-earned money to get access. I try to go through western companies with multi-user accounts.'

Given basic instruction by friends in the city, he has already trained several disciples - initially in his own room, and later through classes on the internet. The web has dozens of cyrillic script sites, giving tips for beginners. Many like hackzone.ru (which gets around 3,000 hits a day) claim euphemistically to be offering computer security advice - providing tips on how to protect systems from intruders - but the line between guidance on defence and attack is almost invisible.

Although he denies involvement, Slava admits that there are pirating teams based in St Petersburg, like the United Crackers League, which get together to orchestrate joint attacks on specific websites. 'It's easier with a team. If there are a lot of you then the server administrator will find it much harder to discover the source of the problem,' he said. St Petersburg teams took part in a Serbian-initiated attack on Nato and US government web sites during its bombardment of Belgrade - inundating the Nato web page with more junk emails than it could cope with.

There are no statistics on this silent brotherhood. Traditionally a scientific centre, excelling in mathematics and physics, over the past 20 years the city's scientists have flocked to computer programming, one of the few spheres where there is money to be made. Some 17 per cent of Russia's four million odd internet users are based in St Petersburg.

International companies like Motorola have based large programming operations in the city, attracted by the high intensity of expertise. Such a pocket of knowledge inevitably brings with it a greater number of people using their skills in unconventional ways.

Despite the new Directorate R, police are still struggling to deal with what they say is a growing crime; officials believe that up to 95 per cent of computer-related crimes in Russia go undetected.

St Petersburg's reputation for cybercrime was forged in 1994 when Vladimir Levin discovered a way of breaking into Citibank's computer database, noted down the passwords and codes of clients and stole $12 million from a variety of branches around the world - transferring his spoils to bank accounts in Germany, Finland, Switzerland, California, Israel and the Netherlands.

His cash-collecting accomplices had only managed to withdraw $400,000 before the scam was uncovered - but the heist, the first major bank raid over the internet, caused international anxiety and was dubbed 'the defining crime of the cyberspace age'. 'Forget about piling into banks with a stocking mask and shotgun, the big money is numbers in a database,' an American official commented.

After a major Interpol investigation, Levin was arrested and later extradited to America where he was tried and imprisoned; his sentence runs until 2001. Until his imprisonment, Levin, a slight, nerdish figure, who was 27 at the time of the crime, had never even set foot in America. He had conducted the entire operation from his St Petersburg flat.

St Petersburg's new image prompts outraged denials from its computing professionals and a certain quiet pride from its hackers.

Daniil Dougaev, editor of internet-ru, a news site based in the city, commented: 'This obsession with Russian hackers is a throwback to a cold war mentality and a time when the West was paranoid about everyone and everything in this country.'

Peter Zegzhda, director of the department of computer security at St Petersburg's highly-regarded Technical University, added: 'I categorically deny that this is a peculiarly Russian characteristic. It is an international phenomenon.'

Nevertheless he conceded that the education system created by the Soviet Union was still turning out computer specialists of a far higher quality than any other country, and admitted that the greater the number of experts, the greater the chance that a few criminals would be hidden among their numbers.

Training of the city's future computing geniuses begins at a tender age. In the beautifully restored 18th century Anichkov Palace, a former Tsarist residence overlooking the Fontanka river, about 1,200 children, some as young as six, spend their weekday evenings studying computer programming. This state-funded intensive teaching programme is one of the successes of the Soviet system. After the revolution the palace was transformed into an educational youth club for the Soviet Pioneers; roundabouts and climbing frames shaped like giant crocodiles were set up in the Tsarist ballrooms, classrooms appeared in the dining-rooms.

Renamed the House of Youthful Creation, the computing department is particularly strong. Year after year students from the St Petersburg Institute of Fine Mechanics and Optics and from the mathematics faculty of the rival St Petersburg State University - most of them graduates from the Anichkov Palace - make it to the top of international computer programming olympics.

'There is a concentration of talent here unlike anywhere else in the world,' said computing professor, Vladimir Parfenov. He argued that the city's hackers were not produced by this elite system. With high-paid employment almost guaranteed, the legitimate rewards waiting for those who make it to the end of the course are so great that there is no need to indulge in high-risk cybercrime.

One of Russia's most notorious hackers, a talented young music student, recently released after serving a year in prison - accused of stealing $97,000 over the internet - said he believed an atmosphere of moral relativism in the post-Soviet era might be contributing to the cybercrime explosion.

Reports of massive financial fraud at the highest level of government helped foster a relaxed attitude towards this kind of crime, he said. 'People who commit financial crime here are not always condemned by society. In any case hackers have their own values. This is a virtual world where morality and ethics are slightly different.'

A spokesman from Directorate R added: 'Cybercrime involves neither blood nor cruelty, but it provides people with an opportunity to earn money. A lot of people delude themselves that this is not a serious crime.'

The Federal Security Service (the FSB, a descendent of the KGB) is in the process of instituting legislation that will allow the government to monitor electronic mail, credit card transactions and web traffic live, without having to apply for a warrant. SORM (System of Ensuring Investigative Activity) requires internet service providers - at their own cost - to install a black box device in their system and also construct a communication link to funnel data from the providers to the FSB.Service providers complain that they are being asked by to pay for a system which allows the state to spy on their clients.

http://www.guardian.co.uk/internetnews/story/0,7369,399801,00.html

-- Martin Thompson (mthom1927@aol.com), November 18, 2000


Moderation questions? read the FAQ