Security

Russian malware creators rule. Here’s how they got so good

Above: Malwarebytes Adam Kujawa

Image Credit: Courtesy Malwarebytes

Eastern Europe, in particular Russia, is the malware capital of the world.

That’s the assertion of Adam Kujawa, a former Navy cryptologist and head of malware intelligence for Malwarebytes, a growing San Jose security outfit that has 100 employees and also has an office in the windswept Baltic country of Estonia.

Kujawa spent much of his time in the Navy intercepting communications of foreign militaries and breaking codes. Out of all the branches of the U.S. armed forces, Navy cryptologists are perhaps the best, as the saying goes, and many naval intelligence personnel go to work upon discharge for the NSA or its sister agencies.

The knowledge Kujawa gleaned from his Navy stint and work in the private IT security sector has given him a prized front row seat to some of the nastiest and most effective malware campaigns globally.

Malware is responsible for over $1 billion a year in stolen data and solutions to kill it. Malware installed at the point of purchase at retailers Target and Neiman Marcus earlier this year was responsible for the theft of over 100 million users personal data, including credit cards.

Kujawa and a former senior federal law enforcement official who oversaw numerous multi-agency malware investigations told VentureBeat that the best creators of Malware, in quality of infection rates and difficulty liquidating them, come from hackers from the countries of the former Soviet Union, in particular Russia and Ukraine.

Kujawa said Russia and its Eastern European neighbors are fertile territory for talented programmers who have gone astray because the pay is better hacking than if they were programming for a startup. The 28-year-old malware specialist listed the top five reasons Eastern Europe rules for sending malware to the rest of the world.

Top 5 reasons Eastern Europe is the malware capital of the world

1. Lax cyber crime law enforcement

Many Eastern European countries either don’t have enough laws that criminalize hacking and malware or fail to enforce them as heavily as in Western countries. This kind of freedom allows cyber crime organizations to grow and operate without much fear of prosecution. Countries like Russia are known for law enforcement turning a blind eye to cyber crime when there is a profit to be made.

2. Less opportunities for savvy people

We know many Eastern European countries as being less wealthy than the West, and in turn, many cyber criminals get recruited into that life because of their high intelligence, ability, and the promise of high pay. When you don’t have enough money to eat or pay your rent, morals go out the window. In addition to that, working behind a computer is far more inviting a profession than working in a factory, a mine, or behind a counter.

3. There is an abundance of virtual real estate

While in Western countries, rules on what a user can host on a public server or distribute online are strict for the purpose of abiding national laws and keeping users safe, Eastern Europe isn’t as picky. A service known as “bulletproof” hosting is commonly available from companies based in Eastern Europe. This hosting method can hide the identities of the users, ensure high amounts of connectivity, and allow them to host whatever they want as long as they pay.

4. Malicious resources are at their fingertips

The laws and culture of Western countries don’t allow the growth of cyber crime communities as large as ones found in Eastern Europe. While they do exist, a user has to actively seek out these groups. Eastern European cyber crime groups are easy to get in contact with; in many cases it could be a matter of having a friend who “knows a guy.” In others, the fact that you speak the language and have a novice amount of computer knowledge can get you in contact with all the resources required for learning to be and operating as a cyber criminal.

5. The culture breeds cyber criminals

There are numerous reasons why the culture of Eastern European countries encourages cyber crime activity, from the survival tactics used by citizens during the days of the Soviet Union to the nationalistic movement that launched a massive cyber attack against the Estonian government and economy in 2007. At the end of the day, those of us in the west might perceive hackers and malware developers as just more criminals like thieves or fraud artists. In Eastern Europe, these professions are seen in a positive light, regardless of who gets hurt outside of the community. The work brings in money, which in turn helps local economies and creates jobs in the area for the youth. From a patriotic point of view, these individuals can be on par with soldiers fighting for the people.

0 comments