Ukraine: Tracking down the hackers

August 2, 2016

Updated on Oct. 11, 2010 · 2:18 AM EDT

By David L. Stern

KIEV, Ukraine — Amid the steady drumbeat of dismal economic news from the former Soviet Union, one sector is exhibiting remarkable growth: cyber crime.

Industry experts say that the ex-communist republics are one of the world’s largest sources of malicious software, or malware — pernicious viruses that surreptitiously infect computers to extract personal financial information, such as credit card numbers, bank accounts and passwords.

The region’s pre-eminence in the world of e-crime was in full evidence last month, as law enforcement officials from four countries, including the FBI and Ukraine’s state security service (SBU), announced that they had broken a criminal ring responsible for some $70 million in thefts in the past few years. Five of the group’s ring leaders came from Ukraine.

The group used the Zeus Trojan virus, also known as the ZBot, and reportedly aimed to steal some $220 million worldwide. In the United States, 92 people have been charged and 39 arrested in connection with the scam, while a further 19 were nabbed in a dawn police raid in London.

“Operation Trident Breach,” as the FBI called the anti-cyber crime campaign, began in May 2009, when agents in Omaha, Neb. were alerted to suspicious transactions involving 46 separate bank accounts.

“We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm, which of course, banks have had to repay at considerable cost to the economy,” FBI Deputy Chief Inspector Terry Wilson said in an official statement.

At the same time, officials announced that Ukraine’s SBU had arrested five people who were “key subjects responsible for this overarching scheme.” SBU authorities later revealed that the five were based in the eastern city of Donetsk, and that another 15 individuals were under investigation, but it was still unclear their level of involvement. The Russian author of the ZBot, however, still remains at large.

Trident Breach’s success gives hope that eastern Europe — long-considered a black hole for cyber crime enforcement — will now open up to further international efforts.

Ukrainian authorities deny that the former communist bloc in general, or their country specifically, has become a center for cyber bandits.

“We have reached absolutely no official conclusion that Ukraine has become a center for cyber crime,” said Alexander Zagrebelny, the SBU’s deputy chief of information security. “The reason is simply that Ukrainian law enforcement bodies have begun to work more effectively in this sphere, and now come across such crimes more regularly. That’s why you are hearing more about it.”

But computer security experts maintain that the opposite is true: The former Soviet Union (FSU) has emerged as one of the largest producers of computer programs for cyber crime.

According to the software security firm Kaspersky, Brazil produces close to half of the world’s malicious software for banks, though this is targeted mostly at Brazilian and Latin American institutions. China is second with 18 percent — though a good deal of this is involved in online gaming — and the former Soviet Union third with 13 percent.

“We have good statistics where malware is created,” said Maksym Schipka, Kaspersky’s director of hosted and streaming technology research. “[Hackers from the former Soviet Union] go for high profile banks, and focus a lot on western banks.”

The FSU’s pole position in cyber crime can be attributed to two factors primarily: a lax legal atmosphere that allows hackers to work relatively unmolested, and an overabundance of highly-trained specialists.

“People in the FSU have very strong technical educations and understand various technical systems in depth,” said Schipka by telephone from Moscow. “It’s something about them that they want to understand every system in fine detail.”

If anything, the tools to copy financial data from another individual’s laptop or PC has become even easier, he says. New versions of the Zeus Trojan are readily available on the internet or in underground chatrooms even on You Tube. At last count, there were about 40,000 distinct versions of the ZBot.

Schipka says that he is not trying to excuse those who choose a life of crime — the vast majority of computer experts in the region choose not to steal other peoples’ money. Still, he understands where the impetus comes from.

“These are people with a university-level education, and when they look for work, they find that they cannot sustain themselves — and we are not even talking about a posh life,” he said. “When morals are relaxed, this leads to cyber crime and making money in shady ways.”