Russian Cybercrime: Not Just a Localized Threat

Wednesday, April 25, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

The several times I have written on cybercrime I was trying to analyze a phenomenon that grows at an impressive pace. The trend is uniform all over the word, and cybercrime as a business is increasing its profits despite the economic crisis.

The impact of cybercrime is transversal: Industry, private businesses and governments are all victims that suffer the onslaught of cyber threats.

I found some really interesting a research by the Russian security firm Group-IB that analyzes the cybercrime activities conduced by the Russian mafia and other criminal organizations. The numbers are impressive, as the figures doubled in 2011.

The official estimates say that the global cyber crime market was worth $12.5 billion in 2011, and $4,5 billion of the market share is related to the Russian cybercrime market with $2.3 billion taking place in Russia alone. Compared to last year, the problem has doubled.

(click image to enlarge)

The report provides a clear picture of the cybercrime market by providing an interesting perspective on analysis, with cybercrime studied as part of the local economy of a region. We are speaking of crime of course, but it does have an economic impact on local economies, especially for those regions that live in evident discomfort.

The study highlights key aspects of the cybercrime market:

  • on line fraud  (e.g. online banking fraud, phishing attacks). It should be noted that this aspect includes cashing services for stolen funds, making up around 40% of this entire aspect.
  • spam, including services for the sale of drugs and counterfeit products.
  • Internal market (cybercrime to cybercrime), including services for anonymization and sales of traffic, exploits, malware, and loaders.

(click image to enlarge)

Really interesting is the diagram proposed in the report related to the economic profit of the activities and the damages to the end users,

On-line Spam campaigns and banking fraud are the most profitable activities. Due to the large profits related these crimes, the security sector is observing a rapid growth in number of incidents.

(click image to enlarge)

What is really worrying is that the growth of cybercrime activities is that it indicates that the crime is becoming more organized, and on more than one occasion I have compared criminal organizations to structured companies that operate with clear objectives to sustain their affairs. 

In particular, this aspect shows signs of a substantial difference with the past, as Russian cybercriminal operations were previously unorganized and managed by different groups and not coordinate.

In 2011, the following general trends in the cybercrime market development can be highlighted:

  • Consolidation of the cybercrime market share, assisting in the formation of several major cybercrime groups that are setting up in structured organizations.
  • Increase in the activities of collaboration between cybercrime organizations defined cybercrime to cybercrime business (C2C). The cybercrime is arranging its business in main groups that mutually support criminal activities such as botnet creation and management and fraud development.
  • Infiltration of cybercrime in the social context, reinvesting the profits of the operations from cyber criminals activities also also in legal businesses. Cybercrime is changing, it is merging its structures with traditional ones, with the subsequent resource allocation from the mafia’s areas of control (prostitution, drug and arms trafficking, and so on) in favor of cybercrime. Let's also consider that cybercrime presents the advantages of high profits with relative low risks... usually it goes unpunished.
  • Penetration of the cybercrime market by individuals with little technical education. The cybercrime activities mainly require capital investments, not specialized knowledge. The emergence of this trend has led to the expansion of the internal cybercrime market (C2C) and the outsourcing of services (administration, training, consulting, etc.).
  • Growth of the Cybercrime to Cybercrime (C2C) services provided on a paid basis by specialized teams of hackers.

Actually, cybercrime is widespread throughout Russia, and many expert have defined the Russia as a cybercrime haven, and the main reason of the growth of this type of crime in the countries of the former Soviet Union is the absence of efficient Russian laws that combat the phenomenon.  

Russian laws require significant improvement, and in my opinion it is not possible to fight agaist cybercrime without international cooperation, a critical aspect because the policies of the Moscow Government is closed to external support. 

The report address another problem, Russia doesn't devote attention to training law enforcement officers and court officials regarding the main issues of IT security, allowing them to make independent judgments on various aspects of cybercrime.

Thus, because of imperfections in Russian laws, the lack of severe penalties, stable law enforcement practice, and regular training regarding counter cybercrime measures, cybercriminals are disproportionately liable for the crimes they commit.

Cybercrime is an international threat and the only way to fight it is the establishment of international laws and through the collaboration of every country... cybercrime has no borders... the same must be for the measures to prevent it.

 ReferencesreferencesCross-posted from Security Affairs

Possibly Related Articles:
14910
Network->General
Information Security
Economy Botnets Research Cyber Crime hackers Black Market Russia Transnational Organized Crime International Law
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.