The New York Times reported yesterday that a Russian crime ring had assembled a collection of more than a billion Internet passwords. While some are casting doubt on claims that this is the “biggest hack ever,” it does appear to be a significant milestone in the history of cybercrime as well as the latest in a string of high-profile cases involving Russian hackers.
Earlier this month, alleged hacker Roman Selezev, known online by the alias Track2, was arrested in Guam on suspicion of stealing data from hundreds of thousands of credit cards. He’s currently the subject of a diplomatic scuffle between Washington and Moscow. And in June, the U.S. unveiled charges against Evgeniy Bogacgev, who is accused of installing malware on computers around the world to access banking data, leading to more than $100 million in thefts. Does this all mean that Russia is the world capital of hacking?
In volume terms, it’s not at all. In a report last year, cloud services provider Akamai reported that Indonesia had overtaken China as the leading source of cyberattacks, accounting for 38 percent of the worldwide total. Russian hackers accounted for a measly 1.7 percent of attacks, putting them behind their counterparts in the United States, Taiwan, Turkey, and India.
What Russia does have is a fairly robust underground cybercrime market, reportedly valued at around $2 billion per year. Russian hackers are also blamed for about a third of all new viruses. The first widely reported bank hacking case—the transfer of $10 million from a Citibank account in 1994—involved a hacker in St. Petersburg. Services from password theft to spamming to denial of service attacks are relatively easy to acquire from Russian hackers.
And while the evidence here is more anecdotal, Russian hackers do seem to be behind plenty of particularly audacious hacks, such as, allegedly, the malware that captured data from 70 million Target customers.
Why would Russia have such a highly developed black market for hackers? It may be that enforcement is lax, although Russia has launched periodic crackdowns on cybercrime. Some have also suggested that the sluggish Russian economy has failed to provide employment for graduates of the country’s very strong technical universities.
Whatever the reason, it’s likely that ongoing geopolitical tensions will make it less likely that the U.S. and Russia will cooperate on getting to source of the problem, and that cybercrime will continue to be a source of diplomatic friction in the years to come.