Monday, August 16, 2010

Understanding the Russian Hacker Underground

Via -

Viruses, worms, fake AV programs - they are the bane of every network administrator's life, and they can cost companies dearly in terms of network downtime, reduced productivity, wasted IT staff hours and even lost data.

But where does all this malware come from, who is responsible for it, and what is the motivation for creating this malicious code in the first place? These are questions that two Russian security experts have spent six months trying to answer. Fyodor Yarochkin and "The Grugq" spent six months monitoring dozens of underground Russian language hacker Web forums where malware, scams and other criminal activities are openly discussed. The sites in question are protected by nothing more than the language barrier and the use of fenya -- Russian prison slang; anglonims -- English words that have been Russianized , like "partnerka ;" and other obscure jargon. They presented their findings at the Hack In The Box security conference in Amsterdam last month.


Perhaps the most striking thing the two Russian researchers discovered is that there appears to be a whole underground economy based around getting money from Western victims. Not only is malware available for purchase or rent, but a whole range of supporting services are available to hackers to help them do so more efficiently. eBay-style feedback systems are even used to help the suppliers of these services establish good business reputations.


The picture that Yarochkin and The Grugq have built up during their research is of a hacker scene which is 100 percent money driven, targeting unsophisticated home PC users rather than corporate users in larger enterprises. Essentially the message is this: Russian hackers are after money, and to get it they'll exploit the easiest potential victims. That's good news for those responsible for securing enterprise networks to the extent that they should have the resources to ensure that the machines under their control are patched in a timely fashion and to provide users with security awareness training.

The bad news is that careless enterprise users who let their guards down can easily end up compromising countless machines on your network. While this might not result in the loss of confidential corporate information - as this is not what most Russian hackers are after - it could result in some unexpected credit card charges at the very least.

No comments:

Post a Comment