Who’s playing dirty online?
William Hague, the British Foreign Secretary, issued what was described as a “blunt warning” to countries involved in cyber attacks against other nations at last month’s London Conference on Cyberspace. In reality, it amounted to little more than a plaintive, “Please, stop it.”
Officials said the message was aimed primarily at Russia
the states which are most frequently seen by the British media as the main
Indeed, the week before, Baroness Neville-Jones, Britain’s former minister for
security and counter-terrorism and now the Prime Minister’s special
representative to business on cyber security, ramped up the rhetoric. She said Beijing and Moscow
were “certainly” involved in that sort of activity. Mr Hague, perhaps aware of
adverse political fallout from any public statement, avoided that specific
issue, leaving the UK’s
media to point the finger at Russia
as chief culprits.
Nevertheless, the Russian delegation in London
confessed to being taken aback by the furore, not least Igor Shchegolev, the
communications and media minister. “Not one participant raised these questions
at the conference, neither in the corridors, nor during the course of the
discussions,” he told Rossiyskaya Gazeta at the time of the conference.
“So, we didn’t have to answer that. For us it was a little surprising: on one
hand we had been invited to the conference to discuss this important subject;
then when we arrived, it turns out that this is some sort of pretence. In fact,
such accusations are not new to us.”
In the West, Russia is often
portrayed as a global centre for cybercrime, with China seen as the main market for
industrial and economic espionage – allegations vigorously denied by both
countries, which say that they are frequently on the receiving end of such
Quite rightly, Russia
points to the fact that in cyberspace, as in Shakespeare’s Macbeth , “Nothing
is but what is not.” Halfway-decent hackers have always been able to successfully
hide their tracks: the shadowy world of the internet is purpose-built for any
unscrupulous intelligence agency that wants to make it look like cyber attacks
are coming from the computers of another state.
Mr Shchegolev agrees: “The British press recognises there are no specific facts
proving any bad intentions by Russia.
The nature of the internet
is such that
anything can be claimed.” But
despite this, the claims persist. Len Hynds, former head of Britain’s
National Hi-Tech Crime Unit (NHTCU), which was disbanded in 2006, believes this
is partly a problem of perception. Although there appears to be persistent
proof that cyber attacks do come from Russia, as a nation it is by no
means the only source. “You have to be fair and say that it’s not just Russia. There
are signs that cybercrime is becoming an issue in Africa and in South America. However, in every meeting that you go to
about cybercrime, people say it’s Russia,” says the former chief
constable, who now works in the private sector.
As well as the problem of perception, Mr Hynds points to several other reasons
Russian notoriety. Chief among them is the existence of the Russian
Business Network (RBN). An organisation formerly based in St Petersburg, the RBN offered the world’s
cyber criminals a range of services – from bullet-proof hosting of illegal
websites to the movement of illicit funds.
Source: Kaspersky Lab
Culprits never arrested
Almost exactly four years ago, following pressure from the Russian authorities,
the RBN, which before then had operated openly, became a less public operation.
It is still functioning, however, and, it is claimed, is still “Russian”.
has operated remarkably effectively in clamping down on parts of its cybercrime
groups, says Mr Hynds, a process which is also under way in several other
so-called global hotspots.
“The South Americans, particularly the Brazilians, are working very hard to get to grips with it. When I was at the NHTCU we had wonderful co-operation in bringing some big people to court – one person in particular who was involved in extortion was sentenced to eight years.
“But even though we caught some people, we never got to the money. We knew who
they were, but the culprits were never arrested.”
This issue sits at the heart of the cybercrime problem for Russia. The nub
of the West’s argument with Russia
is that the country has a selective attitude to cybercrime. Russian hackers
appear to enjoy a certain status, and are even, perhaps, the focus for a
certain amount of national pride. “Russia has outstanding universities
specialists in mathematics,
physics and computer science,” says the cyber security expert Danny Lieberman. “The
list of notable Russian mathematicians goes on and on. Put very simply, Russia has
very, very good raw material for hacking. Having great
talent is a great start for achieving world-class results in any field.”
According to Professor Mark Galeotti of New York
University, the problem began
immediately after the end of the Cold War, when Russia’s economic privations
immediately led to a glut of talented but unemployed people, some of whom made
their way into organised crime.
On the plus side, this pool of intellectual resources can and is being used to
positive effect. At the London
conference, Russian experts sat side by side with their Western counterparts in
discussion panels that dealt with some of the most pressing computer security
issues, such as the protection of national defence systems.
The fact remains, however, that, in the West, there remains a feeling that Russia could do
more to deal with the issue. Cybercrime appears to be tolerated so long as its
impact is felt outside Russia’s
borders, says Professor Andrew Blyth, a computer forensics expert at the University of Glamorgan. “The Russian state has the
ability to clamp down if it wants to, and it also has the laws to do that. Its
legal framework is the same as in most European states. The problem is that its
approach has been fragmented until now, and it has not had a push from the
centre.” This view of a piecemeal response is supported by Prof Galeotti.
“Although the Interior Ministry’s Directorate K is nominally the lead agency
in dealing with the problem, there are local counterparts in regions and
constituent republics; there are turf wars with the Federal Security Services
Centre for Information Security and others.”
It is a picture that will only improve, according to Western experts, if Russia
demonstrates a commitment to dealing with the issue, including the sharing of
information and co-operation.
This is a situation Russia is keen to address, according to Mr Shchegolev. In London, the Russian delegation proposed the creation of “rules and mechanisms. . . and instruments of interface between the states which will allow us to precisely determine where the threat is coming from and to prepare the adequate response to this threat.”
Code of practice
Although this sounds fine on paper, there is a problem in practice. Russia is one
of a number of non-signatory countries to the Budapest Convention (an
international treaty setting laws and guidelines for dealing with cybercrime),
citing concerns over violation of international law norms and problems of
national sovereignty. Instead, Russia
proposes an international code of practice in cyberspace, which, according to
Mr Shchegolev, would make it “seriously more difficult to misuse information
technologies both against individual states and against the world as a whole”.
He adds that Russia
has already worked out a package of proposals forming this code of practice
with other partners within the framework of other international forums.
As such, he
maintains this agreement should be set up in the form of a United Nations
Events on a diplomatic level have not encouraged co-
operation. The disappointment over recent attempts at a Russo-British reset, and
the festering extradition wrangles between the countries have, according to
many observers, led to less co-operation in hacking investigations. “To be
honest it was like a wall coming down, says Mr Hynds. “One minute everything
was fine; the next, nothing.”
However, he still sees grounds for optimism: “There are more and more companies
that want to do business in Russia,
and that will change things because there will be more [Russian] involvement in
the world economy.”
Peter Warren is a technology writer and chairman of the Cyber Security Research Institute (www.csri.info)