Skilled, Cheap Russian Hackers Power American Cybercrime
Moscow — When it comes to finding original ways of virtually stealing real money, Russian criminals are in a class of their own. With an estimated annual turnover of more than $2 billion a year, the Russian cybercrime industry is the source of at least a third of all viruses, Trojans and other malicious software, or malware, sent around the world.
“In terms of sophisticated types of malware, Russia leads the way,” according to Kyle Wilhoit, an American cyber-security expert.
Take, for example, the recent data breach at Target. Investigators have traced the software that was used to steal millions of shoppers’ credit-card details back to a 17-year-old hacker from St. Petersburg named Sergey Taraspov. He allegedly wrote the program and then sold it for $2,000 on a Russian-language website. At least 40 different criminals, most from the former Soviet Union, used the code to attack American retailers. So far, at least 110 million American shoppers had their credit card numbers stolen with his software.
Wilhoit says this type of hit, known as a point-of-sale attack, shows serious skill.
“Russia is where they develop most of these types of attacks,” he said. “It’s a technology that not many other virus writers would understand. They go to the trouble of figuring it out because they know that’s where the money is.”
There are a number of reasons why Russia is the leading producer of malicious software. While universities here still produce highly trained engineers and mathematicians, the legitimate economy is offering them jobs that pay very little by western standards. An average Russian computer engineer earns about $24,000 a year, which doesn’t buy much in Moscow, the world’s most expensive city. The other resource Russia seems to have in unlimited supply is organized crime with strong ties to the government, which tends to look the other way when it comes to cybercrime.
Wilhoit, a senior researcher at Trend Micro, an internet security company, tries to figure out where hackers might strike next and close the loopholes in customers’ systems before they do. The attackers are always developing things and we’re trying to develop things that will cut them off at the pass,” he said. The stakes are enormous. The global computer-security market is worth $60 billion and is expected to grow tenfold by the end of the decade. It’s surprising, perhaps more than it should be, to discover that both sides in this global game of cat-and-mouse are prominently represented in Moscow.