Modern field guide to security and privacy

How Ukraine crisis could dent country's booming cyber-crime

Ukraine is notorious worldwide as a haven for cyber-criminals, but Ukraine's need for international assistance could result in pressure to crack down on the country's cyber-underworld.

|
Phil Coale/AP/File
A customer signs his credit card receipt at a Target store in Tallahassee, Fla., in this file photo. Some credit- and debit-card information stolen from Target over the holidays turned up in Ukraine, according to one report.

Two US senators are hoping to use Ukraine’s new vulnerability to compel the Eastern European nation to clean up the rampant cyber-crime within its borders.

The Ukranian city of Odessa is said to be home to the world’s largest online stolen credit card data marketplace, and the country at large rivals Russia in the pantheon of cyber-crime. Indeed, Ukraine has become a magnet for Russian hackers gravitating to the digital crime syndicates there.

Now, a beleaguered and indebted Ukraine is asking for help from the International Monetary Fund, which gets 17 percent of its money from the US. For Sens. Mark Warner (D) of Virginia and Mark Kirk (R) of Illinois, this presents an opportunity.

"Ukraine is a known hub for cybercrime, and the United States should work with the Ukrainian government to create a framework of cooperation to deter, prevent and counter these cyber criminals and ensure the safety of the newly formed Ukrainian government and financial system,” said Senator Kirk in a statement.

Ukraine-based cyber-criminals have become notorious internationally. One big seller of the credit- and debit-card information stolen in the hack on Target stores lives in Odessa, according to journalist Brian Krebs.

“A network of underground cybercrime shops … all traced back to a miscreant who uses the nickname Rescator,” said Mr. Krebs in a Jan. 14 blog post. “Clues about Rescator’s real-life identity suggested he might be a particular young man in Odessa, Ukraine.”

An even more intriguing Ukrainian cyber-crime operation involved IMU, which appeared to be a legitimate company incorporated in Belize but with main offices in Ukraine’s capital, Kiev. IMU appeared to employ more than 600 employees in Kiev, with subsidiaries in India, Poland, Canada, and the US, according to McAfee, a cyber-security firm. It posted job offerings including receptionists, financial managers, webmasters, and R&D engineers.

But IMU’s primary product was “scareware,” which infects computers and makes a bogus message pop up on the screen, saying the machine is infected with a destructive virus. It tells the user to call IMU, which will fix the problem. Once IMU has its money, it turns off the bogus pop-up.

IMU responded to about 2 million calls in 2008, according to Nir Kshetri, professor of management at University of North Carolina at Greensboro, in a recent report on Eastern European cyber-crime.

A 2010 federal indictment said IMU cost Internet users in 60-plus countries more than $100 million. The FBI says the company now appears to be defunct.

The Senate legislation unveiled Monday would create a law enforcement partnership between the United States and Ukraine to combat cyber-crime and improve cyber-security. It also recommends that the US develop an extradition treaty with Ukraine, suggesting the lack of one is an important reason why Ukraine has become a haven for cyber-criminals.

Cyber-crime is among the top five most common economic crimes in Ukraine, according to a 2012 study by Ryerson University in Toronto. But for much of the past decade, Ukraine’s record in bringing cyber-criminals to justice has been poor.

Of the roughly 400 people arrested in the country on Internet and banking fraud charges from 2002 to 2011, only eight were convicted, according to Dr. Kshetri’s report.

Some progress has been made since 2009, when the FBI stationed a supervisory special agent at the US Embassy in Kiev to assist with cyber-crime targeting the US, the report adds. And Ukraine has also devoted more resources to its computer crime and fraud enforcement in recent years, Kshetri says in an interview.

Last June, Ukraine’s cyber-security agency, known as the SBU, announced that it had broken a cyber-crime ring that stole $72 million using the Conficker botnet, a piece of malware that began infecting computers around 2008.

But Kshetri suggests there is a long way to go. “Corruption has enabled and generally encouraged [cyber-criminals] to obtain the right to reside and operate criminal activities in the country,” he says in his study. “The IMU case provides evidence to support this hypothesis.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to How Ukraine crisis could dent country's booming cyber-crime
Read this article in
https://www.csmonitor.com/World/Passcode/2014/0326/How-Ukraine-crisis-could-dent-country-s-booming-cyber-crime
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe