[ISN] Russian hackers forced into trade by poor economy

From: InfoSec News (isnat_private)
Date: Sun Apr 22 2001 - 23:35:16 PDT

  • Next message: ethan preston: "[ISN] Law review article on computer security and liability"

    Cox News Service
    Monday, April 23, 2001
    MOSCOW -- Height: unknown. Weight: unknown. M.O.: has ability to move
    invisibly over great distances, speak multiple languages and destroy
    the civilized world as we know it.
    Vasyl Kondrashov matches the FBI's definition of the 21st century's
    Public Enemy No. 1 -- except for one thing. This 28-year-old who feeds
    his wife and toddler by teaching people how to break into other
    people's computers doesn't think what he does for a living is a crime.
    "Hacking isn't necessarily a crime, just like a knife isn't
    necessarily dangerous. It all depends on the person behind it," said
    Kondrashov, who heads what he calls a civilian hackers' school in
    Odessa, Ukraine.
    "I see my task as giving knowledge as well as the responsibility to
    use it for good and not evil," he said.
    Long known for producing science and math virtuosos, Russia and other
    former Soviet republics in recent years have garnered a reputation as
    the source for some of the world's most devious hackers.
    The mastermind behind the Microsoft network break-in last October was
    traced to a Russian e-mail address. The highest profile prosecution of
    a cyber-crime to date was Russian Vladimir Levin's conviction in 1999
    by a Florida court for stealing $12 million from Citibank accounts.
    The post-Soviet region is an incubator for talented, and often
    jobless, prodigies able to imperil e-commerce and computer systems
    everywhere, say law enforcement officials in Moscow and Washington,
    D.C. Indeed, the elements are a dangerous mix: advanced technical
    knowledge common among university graduates, an uneven legal system
    that often lacks the means and the sophistication to pursue hackers
    and a population too poor to buy anything but pirated computer
    "Cyber-crime is bloodless, so some people delude themselves that this
    is not a serious crime. These guys are a menace to society," said Col.
    Anatoly Platonov, the deputy head of the Russian Interior Ministry's
    unit for high-tech crimes.
    Series of online chats
    The view of Kondrashov and many of his computer colleagues, who spoke
    to Cox Newspapers in a series of online chats about their work, is
    more morally ambivalent.
    A graduate of the prestigious Odessa State University, on the Black
    Sea some 1,000 miles south of Moscow, Kondrashov said he learned much
    of his computer security skills on the job. He worked as the network
    administrator for another Ukrainian university, then as a computer
    network security expert for the Ukrainian armed forces.
    Now he is employed as the network administrator for the local office
    of an international charity. It is a plum position, but one that
    doesn't pay him enough money to support his family. His wife, a
    schoolteacher, earns only $250 per year, while his parents, both
    retired, each receive $10 per month on their government pensions.
    The skills Kondrashov had to offer in Ukraine's shattered economy were
    his hacking abilities.
    "Nothing works in my country, and the government is corrupt. Morally,
    I do not support my government. I support my family. My little girl
    wants to visit her grandparents in the summer, but how am I supposed
    to pay, if not with my skills?" Kondrashov asked.
    "We have a proverb: To live with wolves is to howl like a wolf," he
    Two years ago the computer whiz began teaching after-school
    programming classes to high school students in town. About 300
    students came to his classes last year to learn PC troubleshooting and
    common yet sophisticated programming languages such as C and Perl, he
    As his professional reputation spread, he began receiving e-mails from
    what he terms "more advanced" students looking to "gain knowledge for
    knowledge's sake." Together, they navigate silently through
    cyberspace, opening and closing files in private companies' networks
    -- not to steal or destroy, Kondrashov insists, but to stretch their
    mental muscles.
    "I don't teach offensive maneuvers to my students, just skills you
    need to know to defend your system from intruders," Kondrashov said.
    "My rule is never say goodbye by destroying something."
    Russia gets tough
    In Russia, the Interior Ministry is deaf to this gospel of ethical
    hacking. The agency's high-tech unit, called Department R, has
    launched a get-tough campaign against computer criminals. Last year,
    it arrested 1,375 people and prosecuted 468 different cases involving
    computer-related fraud and property damage.
    The extent of the problem is difficult to gauge and the Interior
    Ministry would not divulge its estimates of the proportion of active
    hackers it has not nabbed. However, industry estimates say only about
    25 percent of computer-related criminals are caught.
    Among the department's biggest cases is the cyber-thief known as
    Maxus, who last fall posted on the Internet 25,000 credit card numbers
    he had stolen from online retailer CD Universe. Maxus is still at
    Mostly, the department's daily activity focuses on the flourishing
    pirated software market and the common practice among hackers of
    stealing user-names and passwords for Internet access, a major reason
    cited by America Online when it shut its Moscow office in 1998.
    Two weeks ago, the daily grind at the department turned exciting when
    the detectives received a tip about an underground club in
    northeastern Moscow called Club Shaitan.
    Typical of Internet clubs around the Russian capital, no coffee is
    served at Club Shaitan. It's a regular hangout for neighborhood
    teenagers. The only problem, Platonov says, is the computer games they
    play come from pirated CDs and the e-mail they send goes through a
    jury-rigged system that allows the owner to avoid paying for online
    "This may seem like a small fry," he said. "But places like this are
    where the hackers of tomorrow start out. We want to tell kids we are
    out here and we are serious."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 01:05:16 PDT