Russian cybercrime, not only a localized threat

Several times I wrote on cybercrime trying to analyze a phenomenon that grows with an impressive rhythm. The trend is uniform all over the word, cybercrime business is increasing its profits despite the economic crisis. The impact of cybercrime is transversal, industry, private businesses and governments, are all players that suffers the incoming cyber threats.

I’ve found really interesting a research made realized by the Russian security firm Group-IB that analyze the cybercrime activities conduced by the Russian mafia and other criminal organizations. The numbers are impressive, the figures are doubled in 2011.

The official estimates says that the global cyber crime market was worth $12.5 billion in 2011, $4,5 billion of the market are related to Russian speaking cybercrime market and $2.3 billion took place in Russia alone. Related to last years the grow is doubled.

The report provides a clear picture of the cybercrime market providing an interesting perspective on analysis, cybercrime studied as part of a local economies of a region. We are speaking of crime of course but also the crime could have an economic impact on local economies especially for those regions that lives in evident discomfort.

The study highlights key aspects of cybercrime market:

• on line fraud  (e.g. online banking fraud, phishingattacks) It should be noted that this aspect includes cashing services for stolen funds, taking up around 40% of this entire aspect.
• spam, including services for sale of drugs and counterfeit products.
• Internal market (cybercrime to cybercrime), including services for anonymization and sale of traffic, exploits, malware, and loaders.
• DDoS attacks

Really interesting the diagram proposed in the report related the economic profit of the activities and the damages to the end users, On-line Spam campaign and banking fraud are the most profitable activities. Due large profits related this crimes security sector is observing a rapid grown of number of incidents.

What is really worrying is that the growth of cybercrime activities indicates that the crime is becoming organized, in more than one occasion I have compared crime organization to structured companies that operate with clear objectives and that sustain their affairs. In particular this aspect signs a substantial difference with the past, Russian cybercriminal operations were unorganized and managed by different and not coordinate groups of criminals.

In 2011, the following general trends of cybercrime market development can be highlighted:

• Consolidation of the cybercrime market share, we are assisting to the formation of several major cybercrime groups that differently from the past are setting up in structured organizations.
• Increasing of the activities of collaboration between cybercrime organizations, what we have defined cybercrime to cybercrime business (C2C). The cybercrime is arranging its business in main groups that mutual supports criminal activities such as botnets creation and management and fraud development.
• Infiltration of cybercrime in the social contest, reinvesting the profit of the operations in cyber criminals activities but also in legal business. The cybercrime is changing, it is merging its structures with the traditional ones, with the subsequent resource allocation from the mafia’s areas of control (prostitution, drug and arms trafficking, and so on) in favor of cybercrime. Let’s also consider that cybercrime presents the advantages of high profits with relative low risks … usually it goes unpunished.
• Penetration of the cybercrime market by individuals with little technical education. The cybercrime activities mainly require capital investments, not specialized knowledge. The emergence of this trend has led to the expansion of the internal cybercrime market (C2C) and the appearance there of outsourcing services (administration, training, consulting, etc.);
• Growth of the Cybercrime to Cybercrime (C2C) services, provided on a paid basis by specialized teams of hackers.

Actually cybercrime is widespread throughout Russia, many expert have defined the Russian areas the cybercrime heaven, the main reason of the growth of thi type of crime in the countries of the former Soviet Union is the absence of an efficient Russian laws that contrast the phenomenon.  Russian laws require significant improvements and in my opinion its not possible to fight agaist cybercrime without an international cooperation, that is a critical aspects because the policy of Moscow Government is closed to external support. The report address another problem, Russia doesn’t devote attention to training law enforcement officers and court officials regarding the main issues of IT security, allowing them to make independent
judgments on various aspects of cybercrime.

Thus, because of imperfections in Russian laws and the lack of severe penalties, stable law enforcement practice, and regular training regarding counter cybercrime measures, cybercriminals are disproportionately liable for the crimes they commit.

The cybercrime is a cross nations threat and the only way to fight it is the establishment of international laws and throught the collaboration of every countries … cybercrime has no borders … the same must be for the measures to prevent it.

Pierluigi Paganini