Financial Times: Moscow gets tough on cybercrime as ID theft escalates
http://www.ft.com/cms/s/0/04e59450-3552-11df-9cfb-00144feabdc0.html
By Joseph Menn in San Francisco
Published: March 22 2010 02:00 | Last updated: March 22 2010 02:00
Russia has quietly arrested several suspects in one of the world's biggest cyberbank thefts, raising hopes of a previously unseen level of official co-operation in a country that has been a haven for criminals.
The Russian Federal Security Service (FSB)has detained suspects including Viktor Pleshchuk, an alleged mastermind behind a £6m (€6.6m, $9m) attack on the payment processing unit of Royal Bank of Scotland, said people familiar with the inquiry.
The FSB asked the Federal Bureau of Investigation in the US, which has made the inquiry an international priority, to avoid scaring other targets in Russia into covering their tracks.
The FSB, FBI and the US justice department declined interview requests, while the bank said only that it was continuing to work with authorities.
"I believe we are embarking on an era of genuine co-operation with Russian authorities," said Don Jackson, a cybersecurity expert with SecureWorks, in Atlanta, who has documented shortcomings of Russian law enforcement.
RBS WorldPay is also based in Atlanta. A US grand jury there indic-ted Mr Pleshchuk in Novem-ber, along with Sergei Tsurikov, an Estonian, and Oleg Covelin of Moldova. At the time, a federal prosecutor said the probe had "broken the back of one of the most sophisticated computer hacking rings in the world".
Allegedly led by Mr Pleshchuk and Mr Tsurikov, the group broke RBS encryption protecting the data associated with payroll debit cards distributed to employees of customer companies and used to draw down salaries. Counterfeit versions of the cards were used in a 12-hour period in late 2008 to withdraw cash from 2,100 ATMs in 280 cities, the indictment said.
US authorities last year said they had received crucial co-operation from other countries, including Estonia, which noticed suspicious withdrawals from ATMs in Tallinn, then arrested Mr Tsurikov and arranged his extradition.
Russian law forbids extradition of the country's citizens, and it is unclear how severe the penalties will be for Mr Pleshchuk should he be convicted there. It is also unknown whether the St Petersburg hacker was part of an established gang protected by -officials.
Some Russian individuals and groups have used political connections to deflect investigations while allowing their equipment to be used against opponents of the Kremlin. US and UK officials have long been frustrated by their inability to make progress in Russia.
Two of the biggest US identity theft indictments in the past decade - against "carding" group Shadow-Crew and Albert Gonzalez, a hacker accused of stealing data for 40m credit and debit cards - alleged Russian involvement. No one has been arrested.
The few Russians to have been apprehended were caught overseas. But that has not always furthered official co-operation.
Michael Schuler of the FBI lured two Russians to Seattle in 2000, where they were arrested. But Russian auth-orities then said they were investigating Mr Schuler for unauthorised remote searches of the suspects' computers in Russia.
Western authorities had been loath to fault Russia publicly as they continued to seek better relations. People familiar with the matter said the FBI believed it had improved relations in the past year by putting less emphasis on ties to the MVD, Russia's main national law enforcement body, and going directly to the FSB, the most powerful bureaucracy in the country.
Even the FBI is unsure what broke the logjam and produced the first significant arrests in what the US agency hopes will be the start of co-operative efforts.
But Mr Jackson and other private researchers noted that Russian cybergangs, facing rising competition, had rel-eased programs designed to steal from Russian bank accounts as well as those abroad. "Russian cybercriminals no longer follow hands-off rules when it comes to motherland targets, and Russian authorities are beginning to drop the laisser faire policy," Mr Jackson said.
Additional reporting by Charles Clover in Moscow
March 22, 2010
PC Advisor: Russia cracks down on .ru malware 'safe haven'
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3217925
Robert McMillan
The organisation responsible for administering Russia's .ru top-level domain names is tightening its procedures in a bid to cut down on fraud and inappropriate content.
Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers. Right now, domains can be set up with no verification - a practice that has allowed scammers to quickly set up .ru domains under bogus names.
The changes will help Russia align its rules with international best practices, said Olga Ermakova, informational projects manager with the Coordination Center for the .ru top-level domain. The .ru administrators care about the 'cleanness' of the domain, she added. "We don't need negative content, and such content is often [created] by unknown users."
Loopholes in the domain name system help spammers, scammers and operators of pornographic websites to avoid detection on the internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified.
Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.
With the new domain registration requirements, it will be more difficult for criminals to continue with business as usual. At the very least, the requirement that registrants must submit paper documents will make setting up domains a more costly and time-consuming process.
"It's pushing the malicious activity elsewhere," said Rodney Joffe, chief technologist with Neustar, a DNS service provider. "If it's so much of a hassle, they'll say, 'Screw it. I'm going to register another top-level domain.'"
Russia has been under pressure to clean up the .ru system, which is widely perceived as a safe haven for scammers. China made similar changes last month to the way that its .cn space is administered.
Joffe said it's too early to say how effective the .cn changes have been.
The .ru domain has been a top source of fraud of late, agreed Robert Birkner, chief strategy officer with Hexonet, a domain name service company. But even if it is cleaned up, criminals will have other places to go. Vietnam's .vn domain and Indonesia's .id have also been a problem lately, he said.
Last week, representatives from the US Federal Bureau of Investigation and the UK's Serious Organised Crime Agency (SOCA) lobbied the group responsible for coordinating the internet's domain name system to enforce tighter name recognition policies. Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations with SOCA.
Last month, a study of Internet domain name databases found that only 23 percent of records were accurate.
(Jeremy Kirk in London contributed to this story.)
Share with your friends: |