Think Information. Think Security.
Just over three years ago, Russia fired the first shot in its war upon Georgia, the first ever combined kinetic and cyber war.  The shot was not fired from the 125 millimeter gun of a T-72 tank, but from the keyboard of a computer.  The impact was a lurid defacement of, Georgian President Mikheil Saakashvili’s website.  Various kinds of cyber attacks continued throughout and beyond the kinetic assault.  Careful analysis by several independent experts revealed the key role played by Russian organized crime—the Kremlin’s cyber war reserve force. These cyber thugs are formidable opponents, but they can be taken down.

Defacement of came on the tail of long and well-considered preparations for war and at the head of an invasion complemented by a cyber campaign—Internet blockade, fake news reports and distributed denial of service (DDoS) attacks.

DDoS attacks come from thousands of computers, each infected with malware that herds it without its owner’s knowledge into a botnet—literally, a robot network.  Upon command of the so-called botherder, each computer in the botnet blasts requests at the target website until it is overwhelmed and unable to perform its intended function.

Examination of all available information leaves no doubt that the cyber attacks were coordinated by the Russian Government.  However, most of the attacks were carried out by private citizens—well organized hacktivists and cyber criminals, particularly the Russian Business Network (RBN). RBN was a cyber crime syndicate with ties to Russian Prime Minister Vladimir Putin.  It has since evaporated into the Ethernet, but that simply means that the people involved have morphed into new roles—cyber crime thrives in Russia.  Indeed, the fingerprints of organized crime are all over the DDoS attacks on the LiveJournal blogsite and Novaya Gazeta website last spring.

Russia’s employment of cyber criminals is brilliant in two respects.  First, it confounds the already difficult task of attribution—a fancy term for figuring out who did it.  By interposing a third party between itself and the target, the Kremlin boosts the plausibility of its denials.  Second, sub-contracting to cyber criminals is cost effective because the government does not have to buy equipment or recruit, train and pay skilled personnel.  When it is not needed for external aggression or internal repression, this cyber war reserve force is actually making money.

How do we combat this vital component of Russian cyber capability?  By undermining its cost effectiveness.  To make money, cyber criminals need botnets and online credit card payments. Both are vulnerable.

Cyber criminals use botnets to send out millions of spam messages—do you want to buy cheap Viagra?  A fake Rolex watch?  A diploma from a non-existent university?  Botnets can also be used to mount a DDoS attack on behalf of a crooked business that wants to cripple an Internet-dependent competitor or to extort money directly from a targeted business. Or zombie computers in a botnet can be used to host illegal material such as child pornography.  These are just some of the uses of a bonnet.

But on March 16, criminal botnets were dealt a heavy blow.  With an order from an American Federal District Court, the United States Marshall Service and Microsoft took down the Rustock botnet, one of the largest ever.  Rustock had sent up to 30 million spam messages a day, often promoting fraudulent online pharmacies.

By seizing command and control servers that were located in the US, American authorities severed the zombie computers from the Rustock botherder, still known only as “PE386,” believed to reside in Saint Petersburg or Moscow.  This gave computer experts the time needed to purge malware from 900,000 infected computers.  Worldwide spam volume plummeted.  Meanwhile, civil lawsuits were filed against anonymous Rustock operators. 

As in combating any form of crime, final victory will never be achieved.  Botherders will remain elusive, slinking around countries like Russia that protect them.  They will move to servers in more convenient countries.  New botnets will emerge.  So the objective should be to gain the cooperation of as many nations as possible and to tell the botherders, “You can run, but you cannot hide.”

That will drive up the cost of cyber crime and decrease its cost effectiveness to the Kremlin.

Major credit card-issuing banks could level another blow against cyber crime.  Security writer Brian Krebs studied the records of Glavmed, a fraudulent online pharmacy operation that garnered $70 million between 2006 and 2010.  55% of that money came through debit and credit cards issued by the top eight card-issuing banks.  If the big banks would simply stop processing payments for spamming fraudsters, organized cyber crime would be devastated.

Of course, the criminals will move to other payment mechanisms, but, like beating back the botnets, constricting the money flow will raise the cost of cyber crime.

All this is worth doing, if only to fight crime.  However, understanding that cyber criminals are Russia’s cyber war reserve force, a blow against crime would also be blow against the Kremlin’s external aggression and internal repression.  It is time to take down the cyber thugs.

Cross-posted from: Georgian Security Analysis Center 

Leave a Reply.