Security analyst Fyodor Yarochkin and a senior researcher from security firm Coseinc that calls himself “Le Grugq” have spent 6 months on various Russian web forums in order to discover just what kind of threat Russian hackers present to the world at large.
Both of them fluent in the language, they managed to get more than just a glimpse into this underground culture and shared their knowledge with the attendees of last month’s Hack in the Box conference, ENP reports.
And according to them, enterprises have little to worry about, since Russian hackers are usually attracted by money – but money they can get their hands on simply and fast. Corporate secrets hold appeal to them. They often go for the easiest potential victims, and that is usually the careless individual user.
Because, you see, the typical Russian hacker is a student looking for some pocket money. His targets are individual users in the Western world and he has no qualms about fleecing them since he believes everybody is rich outside Russia – claims Yarochkin. Russian hackers are geeks, not gangsters.
There is an entire underground economy that caters to these unprofessional criminals: they can buy or rent malware, use the services of supporting partners who will drive Internet traffic to the malicious sites, use the services of botnet masters who can execute DDoS attacks on rival websites and Twitter accounts.
These hackers are interested in infecting individual computers and stealing the users’ credit card numbers, and use them in various ways. They usually refrain from ordering physical stuff online, since the delivery address would point to them.
Although, sometimes they execute the purchase and then try to minimize that risk by sharing the details of the credit card with the public, so that many people can and will use it before it is revoked. This effectively makes their purchase one of many and makes it difficult for law enforcement to pinpoint the person who stole it in the first place.
They are also known to use the services of people who offer to provide their name and address where the item bought with a stolen credit card will be shipped, and then sell the item to the hacker for a lower price. Of course, there is always the option of buying non-tangible items, services or credits (Skype and iTunes credits are very popular).