A Russian crime ring is suspected of obtaining access to a record 1.2 billion username and password combinations, shedding renewed light on how vulnerable online personal information can be. Cybersecurity firm Hold Security said the gang of hackers was based in a city in south central Russia and comprised roughly ten men in their twenties who were all personally acquainted with each other, the New York Times reported.
Cybersecurity experts say this enormous data breach is just the latest evidence that cybercrime has become a global business—one that, including all types of cybercrime, costs the world economy an estimated $400 billion a year. Complex malicious software, or malware, is finding its way into the hands of hackers not just in known cybercrime hubs like Russia and China but also in Nigeria and Brazil, while expanding Internet access around the world means that there are more potential cybercriminals who can easily acquire online the skills and know-how to join the craft.
“It appears more cybercriminals are entering into the game at a quicker pace than quite honestly we can keep up with [in the US] to defend our networks from these malicious hackers,” says JD Sherry, the vice president of technology and solutions at Trend Micro, a Tokyo-based cyber-security firm.
Here’s a look at the global hotspots for these cyber criminals:
Crime syndicates in Russia use some of the most technologically advanced tools in the trade, according to Sherry. “The Russians are at the top of the food chain when it comes to elite cyberskill hacking capabilities,” he says. Even before the latest revelations of stolen online records, the United States charged a Russian man, Evgeniy Bogachev, of participating in a large-scale operation to infect hundreds of thousands of computers around the world. The massive data breach of the retailer Target last year has also been traced to Eastern Europe.
But why Russia, and its smaller neighbors? Trained computer engineers and skilled techies in Russia and countries like Ukraine and Romania may be opting for lucrative underground work instead of the often low-paying I.T. jobs available there. But the Russian government has in the past also been less than helpful in helping U.S. authorities track down wanted cybercriminals. “The key really is the lack of law enforcement environment, the feeling that you can do almost anything and get away with it,” says Dmitri Alperovitch, a Russia-born U.S. citizen and co-founder and CTO of security firm CrowdStrike. “They were able to grow and evolve into organized enterprises.”
China is considered to be another stalwart hotbed for hackers, though the spotlight has primarily fallen not on gangs of criminals, but on the Chinese government, which has been linked to economic and political espionage against the U.S. In May, the Justice Department moved to charge five Chinese government officials with orchestrating cyberattacks against six major U.S. companies. Unaffiliated Chinese hackers have also posed a problem inside and outside the country, but according to Alperovitch there’s a surprisingly low presence relative to the size of the country. “We can speculate as to why, but the most likely reason is that the people that are identified doing this activity by the Chinese government get recruited to do this full time for the government,” he says.
Sherry calls Brazil “an emerging cybercrime economy.” Cybercriminals there and across South America are increasingly learning from their counterparts in Eastern Europe via underground forums. They'll also pay for Eastern European tools to use in their own attacks, using highly complex Russian-made software that Sherry says can include millions of lines of code. That black market has become so sophisticated that Eastern European hackers now provide I.T. support for customers buying their malware, according to Sherry. So far, most of the attacks that originate in Brazil target local individuals and firms, including the recently reported cybertheft of billions of dollars from an online payment system. "The question is, when will that change?" says Jim Lewis, a senior fellow at the Strategic Technologies Program at the Center for Strategic and International Studies.
The original home of low-tech scam emails remains a key player in underground cyber activity and has become a destination for international cybercrime syndicates, according to Sherry. Authorities in Nigeria and other African countries have been slow to crackdown on scammers and hackers, even as more people connect to the Internet. “It’s proving to be a very comfortable environment for cybercriminals to set up shop, operate, and carry out their illegal activities,” Sherry says. Recent efforts by President Jonathan Goodluck to legislate cybercrime in Nigeria have served to push some of the activity into other countries in the region, such as Ghana.
Tech firms in Southeast Asia have a long history of working with Western software firms and other tech companies, Sherry says, meaning there is a broad base of tech expertise there. "People who are really good software engineers, those people are going to be naturals when it comes to taking off the 'white hat' and putting on the 'black hat,' Sherry says. In Vietnam, where the I.T. industry has expanded at a rapid rate in the last decade, a hacker allegedly masterminded the theft of up to 200 million personal records in the U.S. and Europe that included Social Security numbers, credit card data and bank account information. The communist government there has also been recruiting local hackers to spy on journalists, dissidents, and activists, according to the Electronic Frontier Foundation.