Russian hackers are harsh and ruthless. They drink vodka, snort it with a bear, heartily play the balalaika, warm themselves by a nuclear reactor core, and hack into NSA computers on a dare. Thanks to the American news media, loud statements by American politicians, and Hollywood movies, the whole world knows that Russian hackers are real, dangerous, and capable of hacking into anything, whether it’s the Pentagon, a military satellite, or an international bank. They can even influence the results of presidential elections in individual states. But is the Russian cybercracker as bad as it looks? How serious is the Russian digital threat? Let’s recall the most high-profile attacks and leaks behind which the Russians were behind.
The first hacker in the USSR
Let’s go back to 1983 and recall the first cyber attack in the history of the USSR. Murat Urtembayev, a graduate of Moscow State University, whom the management of the AvtoVAZ plant denied an honorary diploma, decided to take revenge on his employer and made changes in the code of the program that controls the feeding of parts to the conveyor. As a result, the auto plant stood idle for three days, resulting in multimillion losses. Urtembayev could not stand the qualms of conscience and came to his superiors to confess. There was no punishment for such crimes in the Soviet Union, so Murat was sentenced to a year and a half of probation under the article “hooliganism” and fined the cost of two Zhigulis. This man went down in history as the first Russian hacker. At least, the first to be caught.
The most famous attack on industrial equipment to date is considered to have taken out the Iranian uranium enrichment plant with the Stuxnet virus in 2010. The virus is considered a work of art. Supposedly created by a joint effort by Israeli and U.S. intelligence agencies, it was the first malicious program to physically damage expensive equipment. Stuxnet was invisible to anti-viruses, searched for the right equipment, changed its settings, and falsified instrument readings, thus gradually rendering 1,368 nuclear centrifuges unusable. This cyber attack set Iran’s nuclear program back several years.
Stole, drank, imprisoned
In 2006, Russian hackers Denis Stepanov, Alexander Petrov, and Ivan Maksakov received their first real prison sentences. The youngest of them was only 20 years old. The trio extorted money from British betting companies by threatening them with large-scale DDoS attacks. If the victim did not comply, the blackmailers would crash their website, making it impossible to accept bets and causing serious money losses. The bookies were left poorer by 2 million pounds sterling and the hackers were made rich by 40 thousand dollars but in the end they were sentenced to 8 years in prison each. It was the first cyber crime trial in Russian history.
In the United States, one of the first hackers convicted of his crimes was Kevin Mitnick. At the age of 12, Kevin was already making full use of the loopholes in the telephone networks: he could call anywhere for free and switch numbers. In 1981 he and his friends hacked into Pacific Bell network and stole $170,000 worth of information, for which he received three months in prison and one year of probation. In 1983, he received another 6 months in prison for hacking into the Pentagon network. In 1987, he got three years probation for credit card fraud. A year later, the FBI came after him, and Mitnick received a year and a half in prison for another crime. Today Mitnick works as a computer security consultant, writes books, and is still considered one of the most famous cyber criminals in the world.
Robbing a Citibank
Vladimir Levin, an unremarkable St. Petersburg intellectual, is still considered one of the founders of modern hacking. A microbiologist by training, for whom computers were just a hobby, in 1994 he stole more than $10 million from the corporate accounts of the international bank Citibank. When the theft was discovered, bank executives and the FBI were in a panic. Fortunately, most of the stolen money was recovered, but the fate of $400,000 is unknown to this day. Levin served three years in prison for his crime. It was later claimed that the criminal had not hacked the bank himself, but had purchased ready-made software from an unknown group of Russian hackers for a mere ridiculous $100. What actually happened at the time is unlikely to be known.
Banks, for the most part, are clumsy mastodons. They use legacy software that was written 20-25 years ago and is now considered technologically obsolete. But they cannot simply rewrite it. The cost of error is too high. Very rare banks get rid of the old one and switch to the new one. Banks have to do a lot at the stage of data processing to ensure security: buy network filters, use omnichannel, etc. Banks do not like technological revolutions in the banking environment. In this respect, retail and fintech are much more flexible
Enemy number one of the USA
One of the most elusive hackers to this day is the Russian Yevgeny “lucky12345” Bogachev. He created a group of cybercriminals, which included citizens of Russia, Ukraine, and Great Britain. All told, the cybercriminals managed to steal over $100 million from American citizens and companies (the real amount was probably much higher). Yevgeny and his henchmen used Zeus virus, which infected thousands of computers, to commit their crimes. Bogachev is also accused of interfering in the 2016 U.S. election. Despite the fact that the FBI announced a reward of $3 million for any information on the hacker’s whereabouts, to this day Bogachev continues to successfully evade justice.
Another famous hacker group from Russia is Anonymous International, or Humpty Dumpty. Its leader, the journalist Vladimir “Lewis” Anikeev, hacked into the e-mail accounts of high-ranking government officials and sold their correspondence on the black market. When he was arrested, it turned out that the story also involved Sergei Mikhailov, one of the heads of the FSB Information Security Center, his deputy Dmitry Dokuchaev, and Ruslan Stoyanov, former head of Kaspersky Lab’s Computer Incident Investigation Department. The latter passed secret information to U.S. intelligence agencies, for which they were charged with high treason and are now serving time in prisons. The case turned into an international scandal, as a result of which Russia and the US stopped cooperating on cybercrime issues.
What do you think of that, Elon Musk?
In 2000, when the famous engineer and inventor Elon Reeve Musk was still at the helm of PayPal, the company was subjected to a cyberattack. In addition to PayPal, hackers from Chelyabinsk, Vasily Gorshkov and Alexei Ivanov broke into more than 40 other payment systems, Internet providers and banks. As a result, about $25 million was stolen from 16,000 credit cards. Russian intelligence agencies refused to arrest the hackers at the request of the FBI, so the Americans got crafty. They set up a shell company in the United States, inviting Gorshkov and Ivanov to work as computer security consultants. The criminals bought the tempting offer and flew to America, where they were immediately arrested.
When you are a hacker or even just a computer security specialist, it is extremely dangerous to travel abroad. A huge scandal erupted in the United States in 2001. A Russian programmer, Dmitry Sklyarov, came to the DEFCON computer security conference in Las Vegas. He demonstrated on stage that PDF format books are almost completely unprotected, cracking one of the documents using his Advanced eBook Processor algorithm. Right after the conference Dmitriy was arrested by the FBI agents on a tip from Adobe security. He spent several months in jail before a judge agreed to release him on $50,000 bail. A year later the charges against Sklyarov were dropped.
Kings of credit cards
From 2005 to 2012, Russians Vladimir Drinkman, Dmitry Smilyanets, Alexander Kalinin, Roman Kotov and Ukrainian Mikhail Rytikov stole and resold 160 million credit card details on the black market. They hacked into the databases of NASDAQ, Dow Jones, Heartland, Visa, 7-Eleven, Carrefour, JetBlue, Dexia Bank and other major companies, retail chains and financial institutions. For seven years the attackers have managed to withdraw over $300 million from 800 thousand bank accounts. U.S. intelligence agencies managed to figure out the criminals, who on such a solemn occasion extradited from the Netherlands to the United States. Drinkman, as the head of the organization, received 12 years in prison, Smiljanets – 4 years and 3 months. The other members of the gang are still wanted.
You never know where carders or skimmers (skimming is the invisible reading of plastic card data with special devices installed on ATMs, author’s note) can get to you. To protect yourself from theft, you can advise to keep a plastic card no more than 100-200 dollars. The rest of the money is better to keep in a separate savings account and deposit it on the card account if necessary. Today, you can do this easily with any bank mobile app. Be sure to turn on all notifications, the more of them – the less chance that you will not notice that someone has stolen money from your card. It is also possible to limit the validity of your card regionally. So that hackers from other countries can’t steal money from it.
The talented son of a politician
In 2016, the information space was stirred by the case of Russian hacker Roman Seleznyov. He was sentenced by an American court to a record sentence of 27 years in prison for cybercriminals. It is noteworthy that Roman is the son of a famous Russian politician Valery Seleznev, but for many years he did not communicate with his father after the latter abandoned him and his mother when Roman was only 2 years old. The hacker, along with his accomplices, stole information on more than 1.7 million plastic cards and then created an online store where he sold them. The average estimate of damage from the criminal’s actions was about $170 million.
Another famous Russian “carder” is Vladislav “BadB” Khorokhorin. He founded Carder.ru and CarderPlanet.com, some of the largest carding portals in the world. Thousands of hackers used these sites to sell and buy stolen credit card data, stolen Ebay and PayPal accounts, and forged documents. Damage from the sites was estimated at $1.2 billion. Khorokhorin was swimming in money, buying expensive cars, traveling a lot and enjoying life. His happiness could not last long, the hacker was interested in the U.S. intelligence agencies, and in 2010 he was arrested in France, after which he was sentenced to seven and a half years in an American prison. Khorokhorin was asked to testify against Roman Seleznyov, but he refused to cooperate with American justice.
The ingenious hacker duo
The Silence duo can safely be considered the most calculating and accurate Russian hackers. The criminals are not trying to make history and steal hundreds of millions of dollars at once. They act with extreme caution, but are constantly improving their methods and software to leave behind as little evidence as possible. Since 2017, hackers have carried out several successful attacks on banking systems, as a result of which they managed to cash out more than 50 million rubles through ATMs. Silence approached the case with such perfectionism that, to this day, the intelligence services have no clues that could help catch the criminals.
One of the most elusive and hacker groups is considered Anonymous, which was formed by members of the American forum 4chan. The Guy Fawkes mask, which became an Internet meme after the movie “V for Vendetta,” is considered the symbol of this hacker movement. Due to its decentralized structure and weak interconnection between the group’s nodes, it is virtually impossible to track members of “Anonymous”. There are no primary or secondary roles in this online community. Hackers hack into government websites, oppose government censorship, organize protests, and fight for freedom in all its forms.
The biggest leak of bank data
In October 2019 on a specialized forum for carders there were offered for sale data of 60 million plastic cards of “Sberbank”, including personal data of owners and information on financial transactions. The seller offered the database at a price of 5 rubles per card, i.e., 300 million rubles for everything. “Sberbank officially admitted that only the data of 200 plastic cards had been stolen. Which, in general, is not surprising. In the end, the culprit for the leak turned out to be an employee of one of the bank’s business units. For the sake of the investigation, the name of the perpetrator has not been disclosed, but he will definitely face a real prison term for stealing the data.
In early June 2019 it also became known that the data of more than 900,000 clients of Alfa-Bank, OTP Bank and HCF Bank leaked into the Net. Names, phone numbers, residence addresses, passport data, places of work, and savings of hundreds of thousands of people suddenly became public. Fortunately, not all of the data turned out to be up-to-date. This led security experts to believe that the information had been collected by someone for several years. Most likely, the person responsible for the data theft is a banking sector insider and worked in the IT departments of one or more banks. The data could also have been stolen through hacking into the internal network of financial institutions.
- ChatGPT Prompting: A Guide to Creating Clear and Successful Effective Prompts – Part 2Common mistakes to avoid when crafting ChatGPT prompts Crafting...
- ChatGPT Prompting: A Guide to Creating Clear and Successful Effective Prompts – Part 1When ChatGPT first launched last month, I was immediately...
- The best prompts for ChatGPT – Part 2ChatGPT queries and prompts: how to formulate them intelligently...
Break the Internet
When in 2007 the Estonian authorities decided to dismantle several Soviet monuments, 20-year-old Russian hacker Dmitry Galushkevich expressed his civic position in a very original way. He literally left the entire country without an Internet connection. For a time, government websites, important public and private systems, major banks, and virtually all ATMs stopped working. The cyberterror provoked a wave of unrest and panic. When the authorities identified and arrested the culprit, he did not deny his guilt. They didn’t lock him up, but just in case, they made him pay a fine of 17,500 kronor ($1,500).
A similar situation was repeated 10 years later with the Petya ransomware virus. The malware used a fake Microsoft electronic signature, which allowed it to infect the computers of hundreds of major companies in Ukraine, Russia, and other countries, including Rosneft, Bashneft, Mars, Nivea, Ukrenergo, Kiev Metro, and many others. Even the Ukrainian Cabinet of Ministers took a beating. Ukraine, of course, blamed everything on the Russian secret services. But why would Russia attack its own companies with a virus? We will probably never know the answer to this question.
Well, it seems that Russian hackers are really dangerous. But American hackers have been receding into the background in recent years. What other countries do you think have excelled in terms of cybercrime professionalism? Alexander Gostev, Chief Anti-Virus Expert at Kaspersky Lab, is sure that three hacker syndicates are leading in this area: the Chinese, Russian and Latin American ones. In recent years, cybercrime in Muslim countries has also rapidly developed, especially among them are Turkish hackers.