Ukraine: Hacker haven

KYIV, Ukraine — When the hacker group Anonymous attacked the website of the Organization for Cooperation and Security in Europe last week, it said it was responding to the OSCE’s “betrayal of democratic values” following Ukraine's October parliamentary elections.

President Victor Yanukovych’s Regions Party, which has backtracked on the democratic gains of the Orange Revolution, won a tiny majority in a vote OSCE observers criticized as showing the “democratic progress appears to have reversed in Ukraine.” That apparently wasn’t strong enough for the hacker group.

Tellingly, Anonymous also upbraided the OSCE for training Ukrainian police to combat activist hackers.

Its attack, which led to the release of restricted documents, marked the latest in a series of politically motivated hacking scandals involving Ukraine.

This country has long had a shady reputation when it comes to cyberspace. But the attack has highlighted its growing role as a battlefield for political hackers and source of cybercrime.

“Ukraine is one of the largest centers of cybercrime,” Brian Krebs, a US-based computer security expert told Kyiv Post. “Not only is much of the criminal network located here, but also considerable flows of dollars obtained by hacking go here.”  

Others agree. The Honeynet Project, an international cybersecurity group that maps cyberattacks, shows Ukraine to be one of the biggest players in a region that’s the world's top producer of malware — malicious software used to disrupt computers or gain access to computer systems.

Ukraine is also well known for its wildly popular file-sharing sites. Earlier this year, Anonymous brought down several official Ukrainian websites after the government shut down Demonoid, the first so-called bittorrent site, which enables users to download music, video and other content by accessing small pieces of files from other computers.

Ordered ahead of the deputy prime minister's visit to Washington, Demonoid’s closure was seen as a favor to the US government, for which fighting copyright infringement is a priority.

Last February, distributed denial of service attacks took down dozens of official websites after the government shut down another popular Ukrainian file-sharing site, Ex.ua, which the Recording Industry Association of America lists as one of the world's top-25 pirating websites. Ex.ua, which later re-opened, accounts for 15-25 percent of Ukrainian web traffic.

Demonoid also resurfaced from an address in Hong Kong. But it's one of the few such outfits to have left Ukraine.

Experts say Ukrainian cybercrime falls into a general pattern common for East Europe. Tom Kellermann, vice president for cybersecurity at the Japanese security software firm Trend Micro, said in a recent report that post-communist cybercriminals tend to work in small, tightly-knit groups that attack financial targets for immediate financial gain, as opposed to their Asian counterparts, who largely operate within large organizations that perform broad sweeps of corporate and government information used to build databases.  

The two groups also differ in their methods: East Asian hackers typically opt for standard, proven programs without worrying much about being found out. East Europeans rely on innovative, often unique malware to hit difficult targets and cover their tracks.

More from GlobalPost: Czechs confront reputation for terrible food

Kellerman characterizes their elegantly crafted programs as the “Faberge eggs” of the malware world.

But they’re not always crafty enough. Two years ago, police arrested five Ukrainians who were part of a 60-person group that used hosts in Britain to steal $70 million from US businesses. Half the proceeds were estimated to have gone to the Ukrainians. 

The government's response so far has remained weak. Ukraine's main information security body, the Computer Emergency Response Team, says on its website that the country lacks an agency that would coordinate responses to attacks. That’s currently up to individual departments, companies and ISP providers, but they “work for their own interests or interests of their constituency.”

As long as state institutions remain weak, experts say, Ukraine will remain a safe haven for hackers.