Why Russian Hackers Have It Easy

The New York Times has an interesting article today about Russian hackers. A hacker operating under the moniker BadB was pursued by the United States Secret Service and arrested in France earlier this month. The difficulty in catching BadB, say experts quoted in the article, illustrates Russia’s apparent unwillingness to fight internet crime. Here’s an excerpt from the story:

The seizing of BadB provides a lens onto the shadowy world of Russian hackers, the often well-educated and sometimes darkly ingenious programmers who pose a recognized security threat to online commerce — besides being global spam nuisances — who often seem to operate with relative impunity.

Law enforcement groups in Russia have been reluctant to pursue thesetalented authors of Internet fraud, for reasons, security experts say,of incompetence, corruption or national pride. In this environment,BadB’s network arose as “one of the most sophisticated organizations ofonline financial criminals in the world,” according to a statementissued by Michael P. Merritt, the assistant director of investigationsfor the Secret Service, which pursues counterfeiting and someelectronic financial fraud…

…Arrests in Russia for computer crimes are rare, even when hackersliving in Russia have been publicly identified by outside groups, likeSpamhaus, a nonprofit group in Geneva and in London that tracks sourcesof spam.

The F.B.I. in 2002 resorted to luring a Russian suspect, VasilyGorshkov, to the United States with a fake offer of a job interview(with a fictitious Internet company called Invita), rather than ask theRussian police for help. To obtain evidence in the case, F.B.I.computer experts had hacked into Mr. Gorshkov’s computer in Russia.When this was revealed, Russian authorities expressed anger that theF.B.I. had resorted to a cross-border tactic.

Online fraud is not a high priority for the Russian police, [DmitriZakharov, a spokesman for the Russian Association of ElectronicCommunication] said, because most of it is aimed at computer users inEurope or the United States. “This is a main reason why spammers arenot arrested,” he said.

Politics may also play a role. Vladimir Sokolov, deputy director of theInstitute of Information Security, a Russian research organization,said the United States and Russia were still at odds on basic issues ofcomputer security, although the differences were narrowing.

The United States tends to view computer security as a law enforcementmatter. Russia has pushed for an international treaty that wouldregulate the use if online weapons by military or espionage agencies.Last year the United States opened talks on a treaty, but has continuedto press for closer law enforcement cooperation, Mr. Sokolov said.

Computer security researchers have raised a more sinister prospect:that criminal spamming gangs have been co-opted by the intelligenceagencies in Russia, which provide cover for their activities inexchange for the criminals’ expertise or for allowing their networks ofvirus-infected computers to be used for political purposes — to crashdissident Web sites, perhaps.