Russian Cybercrime: Geeks, Not Gangsters

Other security pros agreed with the researchers’ general characterisation. Though there are “top-feeders” that set up affiliate programs to maximise their profit and let lower-level criminals do the dirty work, these are the closest examples of “mob bosses” to be found, said Joe Stewart, director of malware research at SecureWorks’ Counter Threat Unit.

Most participants are students with computer skills that have “grown up with this underground economy and have found a niche for themselves in the criminal marketplace,” he said.

“Given the ease of anonymous money transfer in Russia, there’s no need for criminals to be part of a classic Mafia gang where they work for a boss, everyone meets in person and there is some sort of trust/fear relationship that protects the organisation and its leaders,” Stewart said. “What you have these days is organised but they don’t necessarily know each other’s real name or ever meet in person, and trust is earned by reputation in past transactions.”

Hackers bicker on forums

The level of discourse on the forums is typically similar to 4chan or other online communities where users bicker and snipe at each other, Grugq said. Users who are respected are blessed with endorsements; those who aren’t can be blacklisted, he said.

Just about everything is for sale: Skype accounts, botnet software, domain names and dedicated servers, and much, much more.

“Credit cards [are] getting more attention from authorities,” Yarochkin said. “So for credit card trading, there are mostly specific, closed forums where you’d need to buy your access. Everything else is being traded in open.”

The mob keeps its distance

Yarochkin noted that there are criminal groups operating outside the forums the two analysed that would therefore be invisible to the duo.

“From what we can guess,” Grugq said, “any [mob] involvement is more along the lines of some people at the very top of the stack have to pay off the real gangsters. … So, for example, if you are organising a massive credit card cash-out scam which nets millions of dollars, you’ll have to pay protection money to the mob to not get robbed. It doesn’t look like the mob itself is organising these cash-outs though.

“We’re not disputing that organised crime is involved with cyber-crime, but the popular conception of leather jacketed thugs running around with firearms and laptops is not in line with what we have observed from the actual communities,” he said. “It seems like it is very useful for some companies to popularise the scary idea of Russian cyber-gangsters, but honestly the involvement seems to be much more hands off.”