Information Warfare: Where The Bad Boys Are

Archives

January 27, 2013: Most of the nasty software ("malware") that takes control of your computers and smart phones comes out of Russia. There’s a reason for this. The malware is very lucrative and its appearance coincided with the end of the Cold War in 1991.

For over two decades Cyber War and criminal hackers have planted malware ("malware") in computer networks belonging to corporations or government agencies. These programs (often called "Trojan horses" or "zombies") are under the control of the people who plant them and can later be used to steal, modify or destroy data, or shut down the computer systems the zombies are on. You infect new PCs and turn them into zombies by using freshly discovered and exploitable defects in software that runs on the Internet. These flaws enable a hacker to get into other people's networks. Called "Zero Day Exploits" (ZDEs), in the right hands these flaws can enable criminals to pull off a large online heist or simply maintain secret control over someone's computer.

A recent survey of exploit kits (malware equipped with ZDEs and designed to be edited to suit the users exact needs) found that 70 percent of them were created or first appeared in Russia (followed by China with 8 percent and Brazil with six percent). Many of these kits were created in other East European countries but released in Russia because it’s safer to do that sort of thing there. The new exploit kits have to be bought, while the older and less effective kits are available for free.

Surprisingly, many ZDEs are still effective on millions of PCs after two or more years. While most government and corporate PCs frequently have their software updated (and making new ZDEs useless for the updated computer), many are not updated and become fair game for low budget hackers who cannot afford the few thousand (or few hundred) dollars for a more recent exploit kit.

When the Cold War ended in 1991 a lot of bright, well educated people in Eastern Europe who knew how to program found themselves unemployed. These folks worked for the defunct communist governments in a variety of scientific and other jobs that disappeared in the transition to democracy. Many of them used the flood of inexpensive PCs flooding into Eastern Europe (which had not seen a lot of consumer electronics from the West) and adapted to the appearance of the Internet. Many of these unemployed brainiacs realized that there was money to be made, mainly in the wealthy Western nations, via Internet based crime. For many people, this was too good an opportunity to pass up, especially since the risk of getting caught and prosecuted was practically nil in the beginning.

While most of the tools come from Eastern Europe, not all the Internet based criminal activity does. About half the actual use of these kits comes from China, the U.S., and Russia, while another 22 percent comes from just seven other countries. Russia remains the home of most malware developers, and that is in part because the Russian government does not pursue these criminals too vigorously. The unwritten rule has been that if you did not commit cyber crimes against Russians, and were willing to help the government Cyber War organizations with your skills, you were safe.