St. Pete Breeding Ground for World Class Hackers

[InfoSec News <isn () C4I ORG>]

http://www.themoscowtimes.com/stories/2000/10/11/043.html

Wednesday, October 11, 2000
By John Varoli
Special to The Moscow Times

ST. PETERSBURG Dr. Linnux, a 22-year-old St. Petersburg computer whiz,
who prefers not to use his first name, switches on his Netscan Tools
program, a piece of hacking software he downloaded from the Internet
for free.

"It will take us about five minutes to start hacking into other
computers," he says with a smile. Then he goes to work.

He begins by entering a range of IP addresses he collected while
hacking into a major U.S. Internet system on which he pirates free
Internet hours, and which he wont name for fear it would close its
port to Russia. The object of the exercise is to find computers that
are currently online, allowing him full access to the contents of
their hard drives.

He smells blood. His mouse clicks and he quickly taps away at his
keyboard. His Pentium 166 PC zeroes in. He cracks the code and reveals
a student in Germany working on a term paper about neo-Nazi groups.

In a few deft keystrokes, Linnux has taken the file.

"Most people have no idea that once online they are wide open to
intrusion from others out there," he says proudly. "And the funny
thing is its not that difficult to protect yourself."

Two years ago, Linnux could hardly imagine hed soon join the ranks of
Russias growing number of computer hackers. An accomplished athlete,
with a love for snowboarding, skiing and windsurfing, Linnuxs life
changed forever in early 1998 when a snowboarding accident left him
paralyzed from the waist down. Scraping together a few hundred
dollars, he bought himself a computer and went online to pass the
time.

Linnux is just one part of an Internet revolution that is sweeping
Russia. The number of Russians with Internet access at home has
doubled over the past year, reaching 3 million, out of a population of
148 million. But analysts predict that number could double again over
the next two years.

Part and parcel of the progress, however, is mischief and computer
theft by the countrys growing number of hackers, who, armed with
primitive PCs and free hacking software, are earning a global
reputation for their skills.

Russian computer prowess is certainly no surprise. The United States
employs thousands of Russians both in the United States and in Russia
where company employees work with U.S. companies through the Internet.
Russian technical universities, primarily those in St. Petersburg, are
producing the worlds best computer programmers.

But surprisingly, the countrys hackers are not the crop of the
countrys educated elite. On the contrary, hackers mostly lack
structured computer training saying that formal education dulls your
virtual street smarts.

"As the web becomes more and more common in Russia, we can expect more
problems with Russian hackers," said Pavel Semyanov, a computer
security expert at the St. Petersburg Polytechnic Institute and author
of "Internet Attack."

"Not necessarily because they are malicious but because they have a
mischievous desire to understand thoroughly how these systems work."

In 1999, Russian hackers were credited with a number of high-profile
cyber crimes, such as disrupting NATO and U.S. government web sites.

Last year Pentagon sources told the media about a "coordinated,
organized" attack originating from hackers in Russia, insinuating
Russian intelligence services were behind the attack, a charge hotly
denied by Moscow.

And this year a hacker, claiming to be Russian, took credit for the
theft of 300,000 credit card numbers from CD Universe, an Internet
music retailer. A group of five other hackers in Moscow was uncovered
in April, also for cracking web stores and credit card numbers.

Gazprom, Russias giant natural gas monopoly, has been hit a number of
times by hackers in the past year, according to the Interior Ministry.

Despite the headlines about feats in hacking, most hacking is limited
to cyber-hooliganism. For this reason, Russian law enforcement often
assigns such crimes low priority.

Yet, hackers do speak about colleagues, known as "crackers," dangerous
criminals who offer their services to individuals, companies or
organizations who need to break into computers to steal information or
to commit sabotage.

Russian experts say that Russian law-enforcement agencies like the
FSB, however, are not as in the dark about computers as it may seem.
In one instance, the computer system of the vehemently anti-FSB
Russian newspaper Novaya Gazeta was hacked into earlier this year and
parts of its page layout deleted just as it was to print an
incriminating article about Vladimir Putins campaign financing.

"There are organized groups of hackers tied to the FSB, and
pro-Chechen sites have been hacked into by such groups," said Vladimir
Veinstein, 25, a computer security specialist in St. Petersburg who
works for the Internet company Red Net.

"One man I know, who was caught committing a cybercrime, was given the
choice of either prison or cooperation with the FSB, and he went
along."

But how dangerous is hacking?

During the war in Yugoslavia, while headlines screamed that Serbian
and Russian hackers had hacked into NATOs computer systems, the
hackers only got as far as a NATO web site. No vital or secret systems
were compromised.

"Its the Cold War mentality and Americans are now obsessed with
Russian hackers," said Danil Dougayev, chief editor of the popular
Russian web publication Internet.ru.

"The threat of Russian hackers is exaggerated by the Western media,"
said Semyanov. "It is impossible to break into secret computer
systems, such as the Pentagons, because these are separate computer
networks with no connection to the outside world."

Even Russian hackers admit their abilities are limited.

"There are very few people who can crack institutions such as banks,
and even then they often have inside help," said Linnux.

There has been one proven major Russian hack job the case of Vladimir
Levin, a St. Petersburg computer specialist who hacked through a
Sprint connection between Russia and the United States, and stole
about $10 million from Citibank in the summer of 1994.

Levin was arrested in London in early 1995, and sentenced by a U.S.
court in 1997 to three years in prison. To this day, investigators say
they are not exactly sure how he broke into the banks system.

"The vast majority of hackers are teenagers who get their hands on
some hacking software, and learn to do things such as send out Trojan
horses or hack web sites," said Dmitry Leonov, founder or Hackzone.ru
who also co-authored the book "Internet Attack."

Hacking software can be bought for less than $3 in Russia or
downloaded from the web.

Hackers are a threat not only because they have the brains, but
because there are few jobs in the struggling economy.

"For me, hacking is mostly sport," said Linnux. "But if someone
offered me big money to hack someone elses system, Id give it serious
consideration."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".