Who’s playing dirty online?
William Hague, the British Foreign Secretary, issued what was described as a “blunt warning” to countries involved in cyber attacks against other nations at last month’s London Conference on Cyberspace. In reality, it amounted to little more than a plaintive, “Please, stop it.”
Officials said the message was aimed primarily at Russia and China, the states which are most frequently seen by the British media as the main offenders.
Indeed, the week before, Baroness Neville-Jones, Britain’s former minister for security and counter-terrorism and now the Prime Minister’s special representative to business on cyber security, ramped up the rhetoric. She said Beijing and Moscow were “certainly” involved in that sort of activity. Mr Hague, perhaps aware of adverse political fallout from any public statement, avoided that specific issue, leaving the UK’s media to point the finger at Russia and China as chief culprits.
Nevertheless, the Russian delegation in London confessed to being taken aback by the furore, not least Igor Shchegolev, the communications and media minister. “Not one participant raised these questions at the conference, neither in the corridors, nor during the course of the discussions,” he told Rossiyskaya Gazeta at the time of the conference.
“So, we didn’t have to answer that. For us it was a little surprising: on one hand we had been invited to the conference to discuss this important subject; then when we arrived, it turns out that this is some sort of pretence. In fact, such accusations are not new to us.”
In the West, Russia is often portrayed as a global centre for cybercrime, with China seen as the main market for industrial and economic espionage – allegations vigorously denied by both countries, which say that they are frequently on the receiving end of such attacks.
Quite rightly, Russia points to the fact that in cyberspace, as in Shakespeare’s Macbeth , “Nothing is but what is not.” Halfway-decent hackers have always been able to successfully hide their tracks: the shadowy world of the internet is purpose-built for any unscrupulous intelligence agency that wants to make it look like cyber attacks are coming from the computers of another state.
Mr Shchegolev agrees: “The British press recognises there are no specific facts proving any bad intentions by Russia. The nature of the internet
is such that anything can be claimed.” But despite this, the claims persist. Len Hynds, former head of Britain’s National Hi-Tech Crime Unit (NHTCU), which was disbanded in 2006, believes this is partly a problem of perception. Although there appears to be persistent proof that cyber attacks do come from Russia, as a nation it is by no means the only source. “You have to be fair and say that it’s not just Russia. There are signs that cybercrime is becoming an issue in Africa and in South America. However, in every meeting that you go to about cybercrime, people say it’s Russia,” says the former chief constable, who now works in the private sector.
As well as the problem of perception, Mr Hynds points to several other reasons for
Russian notoriety. Chief among them is the existence of the Russian Business Network (RBN). An organisation formerly based in St Petersburg, the RBN offered the world’s cyber criminals a range of services – from bullet-proof hosting of illegal websites to the movement of illicit funds.
Source: Kaspersky Lab
Culprits never arrested
Almost exactly four years ago, following pressure from the Russian authorities, the RBN, which before then had operated openly, became a less public operation. It is still functioning, however, and, it is claimed, is still “Russian”.
Nonetheless, Russia has operated remarkably effectively in clamping down on parts of its cybercrime groups, says Mr Hynds, a process which is also under way in several other so-called global hotspots.
“The South Americans, particularly the Brazilians, are working very hard to get to grips with it. When I was at the NHTCU we had wonderful co-operation in bringing some big people to court – one person in particular who was involved in extortion was sentenced to eight years.
“But even though we caught some people, we never got to the money. We knew who they were, but the culprits were never arrested.”
This issue sits at the heart of the cybercrime problem for Russia. The nub of the West’s argument with Russia is that the country has a selective attitude to cybercrime. Russian hackers appear to enjoy a certain status, and are even, perhaps, the focus for a certain amount of national pride. “Russia has outstanding universities with world-class
specialists in mathematics, physics and computer science,” says the cyber security expert Danny Lieberman. “The list of notable Russian mathematicians goes on and on. Put very simply, Russia has very, very good raw material for hacking. Having great
talent is a great start for achieving world-class results in any field.”
According to Professor Mark Galeotti of New York University, the problem began immediately after the end of the Cold War, when Russia’s economic privations immediately led to a glut of talented but unemployed people, some of whom made their way into organised crime.
On the plus side, this pool of intellectual resources can and is being used to positive effect. At the London conference, Russian experts sat side by side with their Western counterparts in discussion panels that dealt with some of the most pressing computer security issues, such as the protection of national defence systems.
The fact remains, however, that, in the West, there remains a feeling that Russia could do more to deal with the issue. Cybercrime appears to be tolerated so long as its impact is felt outside Russia’s borders, says Professor Andrew Blyth, a computer forensics expert at the University of Glamorgan. “The Russian state has the ability to clamp down if it wants to, and it also has the laws to do that. Its legal framework is the same as in most European states. The problem is that its approach has been fragmented until now, and it has not had a push from the centre.” This view of a piecemeal response is supported by Prof Galeotti.
“Although the Interior Ministry’s Directorate K is nominally the lead agency in dealing with the problem, there are local counterparts in regions and constituent republics; there are turf wars with the Federal Security Services Centre for Information Security and others.”
It is a picture that will only improve, according to Western experts, if Russia demonstrates a commitment to dealing with the issue, including the sharing of information and co-operation.
This is a situation Russia is keen to address, according to Mr Shchegolev. In London, the Russian delegation proposed the creation of “rules and mechanisms. . . and instruments of interface between the states which will allow us to precisely determine where the threat is coming from and to prepare the adequate response to this threat.”
Code of practice
Although this sounds fine on paper, there is a problem in practice. Russia is one of a number of non-signatory countries to the Budapest Convention (an international treaty setting laws and guidelines for dealing with cybercrime), citing concerns over violation of international law norms and problems of national sovereignty. Instead, Russia proposes an international code of practice in cyberspace, which, according to Mr Shchegolev, would make it “seriously more difficult to misuse information technologies both against individual states and against the world as a whole”.
He adds that Russia has already worked out a package of proposals forming this code of practice with other partners within the framework of other international forums.
As such, he maintains this agreement should be set up in the form of a United Nations convention.
Events on a diplomatic level have not encouraged co-
operation. The disappointment over recent attempts at a Russo-British reset, and the festering extradition wrangles between the countries have, according to many observers, led to less co-operation in hacking investigations. “To be honest it was like a wall coming down, says Mr Hynds. “One minute everything was fine; the next, nothing.”
However, he still sees grounds for optimism: “There are more and more companies that want to do business in Russia, and that will change things because there will be more [Russian] involvement in the world economy.”
Peter Warren is a technology writer and chairman of the Cyber Security Research Institute (www.csri.info)