How Russia's cyber crooks hack the net

[William Knowles <wk () C4I ORG>]

http://www.guardian.co.uk/internetnews/story/0,7369,399801,00.html

Sunday November 19, 2000

In St Petersburg, modern villains don't use shotguns to rob
banks. Their weapons are rebuilt computers and stolen internet
accounts. Amelia Gentleman reports from the new capital of virtual
crime.

It takes just four minutes to steal computer software worth 300 from
the internet, using code-cracking instructions developed by the
legendary St Petersburg hacker, Ivanopulo.

No expertise is necessary, just a relaxed attitude towards cyber
ethics and a website address - which lists 10 idiot-proof steps on how
to beat the system.

After filling in false credit card details - supplied by the website -
and completing a simple series of tasks, an icon appears on the
screen, declaring: 'Thank you. Payment has been received.' Flash, a
sophisticated and expensive program devised by the American software
giant Macromedia, has been installed for free.

The website's origin is no coincidence. Russia's Tsarist capital,
known fondly by tour agencies as the Venice of the north, has a new
image as a cybercrime centre - populated not only by talented computer
programmers, but also by expert hackers.

At the heart of the Microsoft computer scam which so unsettled the
computer world last month was an email address traced back to St
Petersburg. According to information leaked from Microsoft's Redmond
headquarters, hackers broke through the company's much-hyped defence
system into its network, where they may have stolen blueprints to the
latest version of Windows software. Security employees discovered that
classified information and passwords were being sent from the
company's network in America to an email account in St Petersburg.

Some experts have suggested that this was just the first in a chain of
addresses routing the information around the world - a red herring,
designed to confuse. But local computer programmers concede wearily
that individuals in the city are very likely to have been involved.

As well-hidden and silent as the Soviet dissident culture, the city's
underground hacking movement has the same sense of furtive anarchy but
is guided by very different ideals. If there is any element of
protest, it is against big business capitalism. For most, however,
this is purely an obsessive, life-consuming game.

Young, male, unemployed and self-taught, Slava fits a stereotype model
of a khakker (the Russified version of the word). For the past three
years - since a snowboarding accident left him unable to walk - he has
spent every night in front of his computer, devoting 15-hour stretches
to perfecting advanced programming and exploring the remotest regions
of the internet.

In his cramped bedroom in the city's northern tower block suburbs
(papered with posters of pouting Celine Dion and dancing Spice Girls)
an ageing computer stands on a shelf hammered to the wall. Bits of the
machine have been unscrewed and put back together with different
parts; the front panel of the disc drive is missing, exposing the
inner workings. These changes have been made to refine its efficiency
and, loaded with all the latest software (illicitly obtained), the
computer works smoothly.

Slava, 24, who for the purposes of anonymity prefers to go by his
email name Dr Lynux, cannot afford the $50 monthly internet account
subscription fees; instead he knows how to get access for free.

To the uninitiated, the process is bemusing - although he insists he
could teach anyone the basic principles of his trade in just a few
hours. His system is based on an error written into a computer
programme used by millions around the world. When individuals log on
to the internet they are given the option to save their log-on name
and password; those who accept this option become vulnerable to
intrusion from people like Slava, who break into their system, note
down their passwords and use their account as a free gateway to the
internet. Recently he has been using an account belonging to a man
called Asaf Danziger (log-in 'cybro', password 'szutgyi') who he
thinks may be from France.

He has to find a new identity every few days to avoid detection. 'It's
a sport. I hack to get on to the internet which otherwise I wouldn't
be able to afford. I'd guess about 40 per cent of young Russian
internet users are doing the same. If you are living on a student
grant of around 80 roubles a month (2), you can't afford to subscribe.
And it's so easy to do.'

In 1997 America Online and Compuserve were driven out of Russia
because widespread use of stolen passwords was making their operations
unsustainable. The new police department opened to deal with hi-tech
crime (known as Directorate R) says this remains the most widespread
form of cyber-crime in Russia.

A strictly small-time hacker, Slava has developed a firm code of
ethics. 'I think there is a moral line between stealing internet
access and stealing anything else. I would never steal from a Russian
computer user - who has paid hard-earned money to get access. I try to
go through western companies with multi-user accounts.'

Given basic instruction by friends in the city, he has already trained
several disciples - initially in his own room, and later through
classes on the internet. The web has dozens of cyrillic script sites,
giving tips for beginners. Many like hackzone.ru (which gets around
3,000 hits a day) claim euphemistically to be offering computer
security advice - providing tips on how to protect systems from
intruders - but the line between guidance on defence and attack is
almost invisible.

Although he denies involvement, Slava admits that there are pirating
teams based in St Petersburg, like the United Crackers League, which
get together to orchestrate joint attacks on specific websites. 'It's
easier with a team. If there are a lot of you then the server
administrator will find it much harder to discover the source of the
problem,' he said. St Petersburg teams took part in a
Serbian-initiated attack on Nato and US government web sites during
its bombardment of Belgrade - inundating the Nato web page with more
junk emails than it could cope with.

There are no statistics on this silent brotherhood. Traditionally a
scientific centre, excelling in mathematics and physics, over the past
20 years the city's scientists have flocked to computer programming,
one of the few spheres where there is money to be made. Some 17 per
cent of Russia's four million odd internet users are based in St
Petersburg.

International companies like Motorola have based large programming
operations in the city, attracted by the high intensity of expertise.
Such a pocket of knowledge inevitably brings with it a greater number
of people using their skills in unconventional ways.

Despite the new Directorate R, police are still struggling to deal
with what they say is a growing crime; officials believe that up to 95
per cent of computer-related crimes in Russia go undetected.

St Petersburg's reputation for cybercrime was forged in 1994 when
Vladimir Levin discovered a way of breaking into Citibank's computer
database, noted down the passwords and codes of clients and stole $12
million from a variety of branches around the world - transferring his
spoils to bank accounts in Germany, Finland, Switzerland, California,
Israel and the Netherlands.

His cash-collecting accomplices had only managed to withdraw $400,000
before the scam was uncovered - but the heist, the first major bank
raid over the internet, caused international anxiety and was dubbed
'the defining crime of the cyberspace age'. 'Forget about piling into
banks with a stocking mask and shotgun, the big money is numbers in a
database,' an American official commented.

After a major Interpol investigation, Levin was arrested and later
extradited to America where he was tried and imprisoned; his sentence
runs until 2001. Until his imprisonment, Levin, a slight, nerdish
figure, who was 27 at the time of the crime, had never even set foot
in America. He had conducted the entire operation from his St
Petersburg flat.

St Petersburg's new image prompts outraged denials from its computing
professionals and a certain quiet pride from its hackers.

Daniil Dougaev, editor of internet-ru, a news site based in the city,
commented: 'This obsession with Russian hackers is a throwback to a
cold war mentality and a time when the West was paranoid about
everyone and everything in this country.'

Peter Zegzhda, director of the department of computer security at St
Petersburg's highly-regarded Technical University, added: 'I
categorically deny that this is a peculiarly Russian characteristic.
It is an international phenomenon.'

Nevertheless he conceded that the education system created by the
Soviet Union was still turning out computer specialists of a far
higher quality than any other country, and admitted that the greater
the number of experts, the greater the chance that a few criminals
would be hidden among their numbers.

Training of the city's future computing geniuses begins at a tender
age. In the beautifully restored 18th century Anichkov Palace, a
former Tsarist residence overlooking the Fontanka river, about 1,200
children, some as young as six, spend their weekday evenings studying
computer programming. This state-funded intensive teaching programme
is one of the successes of the Soviet system. After the revolution the
palace was transformed into an educational youth club for the Soviet
Pioneers; roundabouts and climbing frames shaped like giant crocodiles
were set up in the Tsarist ballrooms, classrooms appeared in the
dining-rooms.

Renamed the House of Youthful Creation, the computing department is
particularly strong. Year after year students from the St Petersburg
Institute of Fine Mechanics and Optics and from the mathematics
faculty of the rival St Petersburg State University - most of them
graduates from the Anichkov Palace - make it to the top of
international computer programming olympics.

'There is a concentration of talent here unlike anywhere else in the
world,' said computing professor, Vladimir Parfenov. He argued that
the city's hackers were not produced by this elite system. With
high-paid employment almost guaranteed, the legitimate rewards waiting
for those who make it to the end of the course are so great that there
is no need to indulge in high-risk cybercrime.

One of Russia's most notorious hackers, a talented young music
student, recently released after serving a year in prison - accused of
stealing $97,000 over the internet - said he believed an atmosphere of
moral relativism in the post-Soviet era might be contributing to the
cybercrime explosion.

Reports of massive financial fraud at the highest level of government
helped foster a relaxed attitude towards this kind of crime, he said.
'People who commit financial crime here are not always condemned by
society. In any case hackers have their own values. This is a virtual
world where morality and ethics are slightly different.'

A spokesman from Directorate R added: 'Cybercrime involves neither
blood nor cruelty, but it provides people with an opportunity to earn
money. A lot of people delude themselves that this is not a serious
crime.'

The Federal Security Service (the FSB, a descendent of the KGB) is in
the process of instituting legislation that will allow the government
to monitor electronic mail, credit card transactions and web traffic
live, without having to apply for a warrant. SORM (System of Ensuring
Investigative Activity) requires internet service providers - at their
own cost - to install a black box device in their system and also
construct a communication link to funnel data from the providers to
the FSB.Service providers complain that they are being asked by to pay
for a system which allows the state to spy on their clients.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".