A computer security firm uncovered the exploits of a Russian cybergang, which included using malware to steal money from private bank accounts.
Shortly after he became Russia’s president in May, Dmitry Medvedev vowed to battle what he called “legal nihilism.” Corruption, a weak judicial system, and impunity were all features of life under his predecessor, Vladimir Putin. Russia also became a paradise for some of the world’s most creative and best protected hackers. But it doesn’t look as if they—or other well-connected crooks—have too much to fear from Medvedev for the time being.
In August, researchers at Atlanta-based computer security firm SecureWorks uncovered yet another major threat from a Russian cybergang. Joe Stewart, SecureWorks director of malware research, says that the gang’s program was able to infiltrate corporate and government systems undetected for years.
Nobody knows how much these criminals have stolen, although Stewart knows of at least one case in which the Russian group moved $90,348 from an account Miami businessman Joe Lopez had with Bank of America. The gang avoided detection by selecting its targets carefully and by stealing data piecemeal over several years. Investigators traced the funds to a bank in Latvia, which froze the money after $20,000 had been taken. Lopez’s computer was infected with the Russian gang’s malware.
The gang used a program known as Coreflood to attack software that is normally used only by network administrators. They infected the PCs in corporate and government networks with malware to read usernames and passwords. The gang also yoked computers into remotely controlled networks called botnets.
Stewart believes the gang’s central program controlled up to 100,000 computers and was managed out of a hosting computer center in Wisconsin. When that was discovered, the gang quickly shifted to the Ukraine, well beyond the reach of U.S. law enforcement.
Stewart tracked the gang to Russia using cybersleuthing methods. “We got an e-mail of domain registration from 2004, and this e-mail address was unusual. We found this person had posted an ad for an anonymity service [identical to] Coreflood. In that spam, they included an ICQ number and that led us to a username, [then] a LiveJournal entry in Russia,” he says. “We started learning more about this person’s day-to-day life. He had put in where they lived, who his friends were.”
Western law enforcement and computer security researchers report little interest in combating cybercrime by Russia’s police and courts. Law enforcement have ignored hackers unless they attack local targets.
A mid-year report from IBM Internet Security Systems confirmed that Russia remains the world center for spamming. It found that Russia has 11.6 percent of world spam senders; the United States came in second with 8 percent.
Stewart says the Coreflood gang’s freedom to operate in Russia indicates that despite the rhetoric, law enforcement still does not view cybercrime as a priority. “I haven’t perceived any change in Russia with Medvedev. It’s a country we have the least insight into.”