Unpacking Matryoshka: What the History Means for Russian Cybercrime

More and more cyber-attacks incidents have occupied the headlines. A man, wearing a hoodie and sitting behind a computer, hacks the world with his unlimited power — this is most likely the first image of the cybercriminal for the majority of people in the society. It is beyond my topic to define what cybercrime is, but it is fair enough to say that the image of a cybercriminal is not exactly what people portray. These actors seem to be stuck with the label of “viciousness”, “brutalness” and “greediness”. Do we really understand cybercrime? If we are dealing them with a right approach, how come more and more companies are planning to increase their cybersecurity defense budgets? I truly have no answers in my mind.

As a security analyst, I spend almost my whole career analyzing malicious software written by adversaries to help the victims build the defense. Given that my job is as much as fighting against another group of people, namely the cybercriminals, sometimes I asked myself, “Who are the guys operating from the other side?” It is difficult for me to draft, not to say organize, my thoughts, especially when I only have an engineering background. I decided to audit an open course «Russian History from Lenin to Putin» taught by Professor Peter Kenez on Coursera.

The course, starting from era of 1800s and finishing at Putin’s administration, gives a broader understanding of what happened in Russia. Unlike those overhyped story-telling history shows, the course is taught in a pedestrian approach as I have learned that many decisions were made due to a complicated characteristic of time instead of a heroic act. Fortunately, we can bring rationality to analyzing history as a third person living from an entirely different place a long time afterwards. However, there are still many mysterious questions that even historical scholars are not giving a clear answer.

Within this article, I will start by writing two elements which, in my opinion, are essential for allowing Russian cybercriminal phenomenon to be created. I try to find the connection to the past and see if the history brings me any hint. Having that argument, I found that transparency is critical for a well-functioning society. Much in the contrast, Russia is a non-transparent state and the voice of their people cannot be heard. I will show some of the past events which have contributed to a highly suppressed environment in the second section. Inside the paragraph, I mean to remind reader that we should blame the regime instead of the people. Next, I will walk through the most important era — the days after Soviet Union collapsed — when uncertainty is the only certainty. It was the environment which allowed the cybercriminal phoneme to be developed. In the last paragraph, I am going to talk about the remediation. How do the current policy makers hold the criminals accountable? What are the fundamental challenges?

The Core of CyberCrime — Corruption and STEM focused education in USSR

Corruption and the well-developed STEM education system in USSR era are two central pieces which allow the cybercrime ecosystem to be developed. Different research [1][2][3] points to the same reason — a malfunctioning society with a STEM-focused education system.

Professor Jonathan Lusthaus wrote “The poor economy, relatively reliable and accessible Internet, and prevailing corruption may combine to create a breeding ground for online crime.” The research carried by Dr. Lusthaus does not fully focus on former-USSR countries, though it is fair to say Russia and other CIS countries like Ukraine are the most corrupted countries. According to Corruption Perceptions Index surveyed in 2020, Russia and Ukraine ranked 129 and 117 out of 179, respectively.

Brain Krebs investigated a spam empire at a time and wrote the following starting paragraph in his book. “To understand the threat that email spam poses for all of us, it’s crucial first to peer into the dark corners of the cyberworld and understand what’s lurking there. Kidnapping. Bribery. Extortion. Blackmail. Corruption. These were among the business skills commonly employed by the men who built the earliest cybercrime havens — the virtual pirate coves of the Internet.”

Corruption is a common society problem among all the countries around the world. Even though the degree of it matters, how come Russian and CIS countries possess the most advanced and sophisticated cybercriminal ecosystem to date? A possible explanation is related to the well-developed STEM (Science, Technology, Engineering and Mathematics) educational system which was initiated from the Soviet era, more precisely the Lenin regime. Lenin and his comrades in the highest level of the party organization were very much impressed by science.

In the paper of «Some Aspects of Soviet Education» [4], Leslie W. Ross mentioned that “Moreover, according to the plan, the Soviet pupil is carried much further in mathematics and science than the American pupil.” “The concept of “polytechnic” education looms large in Soviet thought.”

Deniss Čalovskis [5], the creator of GOZI malware who was extradited to the US from Latvia, graduated from one of top university in Riga, Latvia. Sergei Yaretz aka “Ar3s”, the actor behind andromeda botnet, was arrested in Belarus in 2017 [6]. He mentioned holding a college degree in his profile. Other FBI wanted Russian-nations criminals Yevgeniy Bogachev, Maksim Yakubets and Igor Turashev are believed to be well-educated. Take these indictments and arrests as the examples. It seems the success of the STEM education cultivates not only those outstanding Russian scientists but those students crossing the line and becoming criminals.

Corruption is the keyword running through the whole course as well. The terror brought by the Stalin’s regime forbids any opinion to be expressed. In 1934, congress had about 2,000 members, half of them killed by the next term. One would argue that a one-man state could be very effective. In fact, there was a higher possibility for a person to be killed when he was in a higher hierarchy. The regime tried everything just to stay in power. Numerous of efforts to suppress the opposed power has been carried out. Even in Putin’s regime, he has created another layer of corruption after removing the oligarchs who rose during the privatization.

“When we think of totalitarian regime, sometimes we think it is a well-functioning, well-oiled machine, and this was very much to the contrary. In as much as where issues cannot be openly discussed, it is bound to be inefficient, confusing, and ultimately unsuccessful of bringing about the betterment for the life of the people of the Soviet Union.”

To me, non-transparency is the twin brother of corruption. There is always an obstacle I encounter whenever I am researching Russia. To overcome that, I even started to study Russian language and hope someday I will be able to look through it.

A fundamental challenge for researching Russia — a non-transparent state.

In my opinion, Soviet Union was a non-transparent state. With listing these past traces the regime left, it builds my confidence — the regime did not represent their people. Even till today — under Putin’s administration — the situation in the state has not been improved. I am focusing on the Soviet Union era as it was the childhood for those active cybercriminals nowadays.

Soviet Union was developed by socialism, but if this ideology represented the will of the people is still a question.

“Lenin believed that it was possible of establishing a socialist regime. And then the workers will understand when the time comes.”

From Lenin’s point of view, there was nothing special about the Russian people. He thought Russia was just backward of Europe. It was not Russian people’s choice to fire the revolution; it was mostly the losing faith of the Tsar regime. At the same time, Lenin and his Bolsheviks were able to bring people onto streets. Ironically, the consequence was the workers suffering the most during Russian Civil War, namely the revolution.

Russian people had gone through three terms of famine in 1891, 1921, and 1932. Stalin mobilized nationalism and gave a speech in 1931, “If we do not industrialize, if we do not catch up with the west, in 10 years we will be defeated by the enemy.” The consequence was that Russian people suffered from a great famine in 1932. During the collectivization, the regime invented an idea called Gulag (ГУЛАГ). Gulags were divided into three sub-classes. In the first class, the government took away all peasantries’ property but allowed them to remain in the village. Very high taxes were set on them. The people in the second class had to leave the village, but they could still stay in the district. Those falling in the third class were deported to Siberia. Approximately a million people were in it.

After the second world war, Soviet people thought they would be rewarded by a freer life. However, this is regarded as the gloomiest years in Soviet history, in as much as the Soviet people suffered enormously during the war and the economic conditions were the most distressing. The Soviet leadership felt that the war loosened political social controls over the Soviet people. The regime cut the people from the rest of the western world. It is the dissipation of hope.

It is very hard for us to image how much sorrow does a Russian need to go through. To keep the regime in power, different suppressions had been carried out across the timeline of USSR. Even after the leadership themselves lose the faith in communism and decided to embrace the capitalism, it is still the Russian people suffered the most.

The reformers came up with the idea that the people of the Soviet Union would all be given shares. The hope was that they would invest in the factories where they are working. Russian people did not benefit from it. Enormous drop in the production and the standard of living. However, at the same time, the transformation made a small amount of people very rich. The Russian people did not understand what capitalism is.

During the privatization, the life expectancy had significant dropped, declined from 63 to 58 for man by the end of decade. There is no other society has such a decline of life expectancy at peacetime.

Ironically, intelligentsia, which had supporting the most vocal critics of the whole Soviet system were particularly hard hit. The consequence was that a large number of Russian scientists went aboard. And that caused long-term damage.

In 1998, Russia went through a financial crisis. Ruble has to be devalued and that was the background in which Putin came to office. Putin was doing, imposing on the districts a new set of bureaucratic offices and thereby limit the authority of the governors. Putin made sure that the most significant news source namely television, came to be taken over by those who supported Putin.

The truth is always hidden from the people throughout the Russian history. Opinions cannot be discussed. Returning the transparency to their people has the never been considered even to these days. The first step to solve the problem is to identify the problem. It becomes very clear for me — it is the regime allowing the problem to be created, but it is the people living inside the box suffering the most.

Cybercriminal could be a side product of a failure of a massive social experiment.

It has been proved that a planned economy with free market cannot coexist. Shock Therapy was introduced as an economic reform policy after Soviet Union collapsed. The capitalism was not part of Russian people’s soul. Consequently, it created a certain degree of lawlessness. Eventually, Criminality flourished.

This era of mess started immediately after the regime dissolved in 1990s. It was the shared childhood of those Russian-speaking cybercriminal actors. It meant to be the time when the shaping of their personality and the development of their moral quality mattered the most.

“As a child, I scrounged through the trash heaps and smoked cigarette butts. I walked 10 km one way to the school. I wore the same clothes for six months. In my youth, in a communal apartment, I didn’t eat for two or even three days. Now I am a millionaire.” — Said by the actor who claimed to be the owner of an infamous Ransomware-as-a-Service (RaaS) named REVIL in an interview [7].

One can argue that the implementation of the totalitarian regime in Soviet Union did not allow the competition to be happened. On the other hand, competition is the very central piece of both a free market and an underground market. The criminals, living in such confusion, were smart and capable of competing. Immediately after the regime opened the door to capitalism, the criminals end up competing with, or precisely “ripping off” people living in the rich countries. It is something explainable.

Sergey Pavlovich, a former Russian carding fraud criminal, wrote the following paragraph in his book:

“Had my friends and I had begun life in a different country and at a different time, many of us could have been bank employees, businessmen or owners of companies. Some, of course, would still have become criminals. But we were born in the Soviet Union at the turn of an epoch and we became adults in the 1990s when old moral values had been rejected and new ones hadn’t yet appeared. We became cyber-criminals not because we were naturals, but because of the times: our parents were working two or three jobs to make ends meet, and we, the kids, were left on our own. No-one told us stealing was a sin, and even if they did, no one bothered to explain why. But everyone around us was stealing, from civil servants to businessmen: and almost everyone got away with it. Why couldn’t we do the same?”

It is possible to find a list of successful entrepreneurs or top security experts who were born in the same environment but somehow escaped from the country and created something spectacular. Take Dmitri Alperovitch as an example, his father moved the family to United States in 1994, and he has built one of the most successful cybersecurity startups worldwide.

I always remind myself that there was a huge gap of economic performance between the west and Russia at that time. As the following graph shows, the GDP of the north American countries steadily increased from 1990 to 2000 with an expectation of 2 to 4 percent of growth every year. In contrast, there was a huge economic performance drop in Russia. Not to mention that the data provided by Russia in that certain period is questionable.

It is possible to see perfectionism exist in the mastermind of cybercriminal. The mindset of competition flourishes. The cybercriminal ecosystem has been developed into a place where the buyers pushing the seller beyond extreme. Compartmentalization is the ultimate business model been developed.

Take the notorious GOZI-kit banking variants as an example. The effort made by the developers is something remarkable. Emotet/Geodo, the biggest spamming botnet taken down in 2021 [10], was developed in such a way of, for example, a Silicon Valley software company [11]. Another symbolic example is the data revealed to the public when the law enforcement shed light on the GameOver-Zeus botnet [12]. It allows us to peek into how the most refined malicious software was designed, and how the actor drove a sophisticated business underworld.

Everyone was stealing, and Russia was a lawlessness state. A small group of people, namely the oligarchies, have become extremely rich in the real world. It seems also to be true that a small group of cybercriminals, who are usually referenced as Elite Cybercriminals, were very interested in stealing big money online and ultimately became wealthy.

However, income inequality is not an exception even in underground as well. Ironically, even on the way of pursuing wealthy, these criminals are not able to escape from the reality — the economic situation is still relatively weak in Russian and CIS countries.

Why study history, and Russian history in particular? “Russian history shows extreme circumstances. It shows how human beings behaved in extraordinary circumstances.” — Professor Peter Kenez.

Why is it tough to arrest Russian cybercriminal? Russian’s foreign policy — prioritizing national security but only with mild active aggression — could explained it.

A young Russian man, together with his family, was waiting in line to get onboard of their seaplane after enjoying his summer vacation in Maldives. However, he did not notice that the destination was not where he expected. He was extradited to the United States and sentenced to 27 years to the prisons. His name is Roman Seleznev.

Roman Seleznev was one of the infamous individuals in the carding forums. Moreover, his father Valery Seleznev, is a member of Russian congress. This was the second try at arresting him. The first time [14] happened in May 2009. FBI collaborated with FSB and launched a special mission to catch him in Moscow secretly. However, the detail of the operation was leaked, and Roman was at large. It was widely considered that the Russian government hired those skilled criminals for the reason of protecting national security in many aspects [3]. There is a doubt that FSB meant to leak the information to Roman in exchange for their own interests. Ever since, the collaboration between US and RU on holding suspects accountable has little progress.

When we look back into Russia history, it is fair to say that the Soviet Union had never been an aggression regime. What the regime focused on the most was the domestic affairs. It took most of the efforts to suppress the opposite opinions. The suppression contributed to Russophobia. This Anti-Russian sentiment was getting tense in a specific region of Russian surrounding countries — Poland, Ukraine, Czech Republic, Hungary, Lithuania, Latvia, Estonia, and so on. Those operations, interpreted as Russian’s aggression from western point of view, could be attributed to mainly for national security concern.

World War II is also an important but overlooked topic. It was Russia, who seemed weak at that moment, suffering the most on Nazi-Germany’s attack regards. The westerns, majorly British and France, abandoned the Soviet Union and their people. Even though it was the Soviet Union freeing Berlin, their contribution was seldom mentioned. The people lost faith in the promise the western gave. Cracks began to show in between the west and the Russian people.

Looking into the past, we are able to find the evidence of regime cutting the connection from the people to the rest of the world at different points on the timeline. In the Russian Revolution –

“The Bolshevik belongs to the extreme wing of the Westernizers. From Bolshevik point of view, Russia had no special standing, it simply was more backward than the rest of Europe. The great irony is that the revolution which was carried out in the name of westernizing and be part of an international entity, automatically cut Russia off from the west, and in fact contributed to its separateness.”

After World War II –

“The Soviet leadership felt that the war loosened political social controls over the Soviet people. The regime cut the people from the rest of the western world.”

And under Putin’s administration –

“The Russian economy did not overcome the autocracy, meaning, it has not become integrated into the world economy.”

The regime does not trust their people.

One can argue that under Putin’s administration, Russia has become an aggressive state. From my point of view, although it is true at some point, it has not been fully transformed into that. Take the annexation of Crimea as an example. It can be explained as an aggressive response to the idea of Ukraine joining NATO and European Union.

“The Russians seem to always on the losing side. And the more they are, the west perceive Russia ever more aggressive.”

Back to the cyberspace, Konstantin Kozlovsky was arrested by Russian police in 2016. He was one of the dual leaders of a Russian-speaking cybercrime group “Lurk” targeting majorly the Russian people themselves. There are reports and indictments stating that about half of Lurk’s group members were based in Ukraine with another half in Yekaterinburg, Russia. The disruption of the Russian members against the Lurk group was considered motivated by national security concerns as Ukraine is getting closer and closer to NATO.

My take is — it is not the Russian government supporting the cybercrime gangs to rip off the westerns; however, the hacking skills of the criminals have been weaponized by the Russian government. It is documented that the actors are forced to help the regime for the government’s own interest. The regime feels uncomfortable if any of the arrested individual hands in the secret which could eventually lead to deteriorate the regime. The consequence is the lack of willingness collaborating with foreign administration in the law enforcement system of Russia.

How did the west respond? Well, there are more sanctions being posed.

“What is the consequence of these sanctions? It is to impoverish Russian further. Now, is this in American interests to make Russians more miserable than they already are? It seems to me; this is not in fact the case.”

Closing

I do hope, someday, we will be able to alleviate the problem by thinking strategically. I strongly oppose the outlawed behaviors done by all sorts of the criminals as I have spent almost my whole career controlling the damage caused by the adversaries. Sometimes what the criminals steal or damage are not limited to the digital assets themselves; those are something with priceless memories of the victim. It sucks.

Russian’s economic situation improved a lot under Putin’s administration. However, it was majorly contributed by the raw materials exported from Russia. Those items are highly limited to crude oil, coal, gas, gold, etc. The information technology industry should be a choice of those young students — who might be developed into cybercriminals — to be hired. However, the lack of the motivation to be competitive and the corruption are still two major problems, and it is difficult for start-up to be flourishing. I do not have such confidence that the hazard will be ended in any soon.

Professor Peter Kenez walked me through the miserable Russian history. It helps me to understand that the quality of life, the confidence of seeing the future in people’s mind, the chance of the opinion being heard, and the freedom to be competitive really matter.

The choices have never been given to the Russian — it is the environment and the circumstance pushing them to the extreme.

Studying the footraces left by the humankind in a certain situation could give us a piece of advice that helps us understand how thing goes. As a security analyst, the very first question we are bound to answer is — why are they always from Russia?

“There is no lessons and lessons in history are more likely to lead to trouble, because we are bound to learn the wrong lessons. Why we learn history is — how human beings behaved in certain set of circumstances. How some institutions function in different historical circumstances. We gain a broader understanding of humanity, of whom we are. And that may not necessarily but may lead to wisdom.”

Reference

[1] Jonathan Lusthaus, Industry of Anonymity: Inside the Business of Cybercrime, 2018.

[2] Brian Krebs, Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, 2015

[3] Вторжение: Краткая история русских хакеров, Даниил Туровский, 2020

[4] Leslie W. Ross, Some Aspects of Soviet Education, 1960

[5] Hacker forum takedown leads to arrest in Latvia, https://eng.lsm.lv/article/society/society/hacker-forum-takedown-leads-to-arrest-in-latvia.a137855/, 2015

[6] ANDREI BARYSEVICH AND ALEXANDR SOLADM, mastermind Behind Andromeda Botnet Arrested in Belarus, https://www.recordedfuture.com/ar3s-behind-andromeda/, 2017

[7] Recorded Future, ‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown, https://therecord.media/i-scrounged-through-the-trash-heaps-now-im-a-millionaire-an-interview-with-revils-unknown/, 2021

[8] Sergey Pavlovich, How to Steal a Million: The Memoirs of a Russian Hacker, 2018

[9] Sulian Lebegue, 2021

[10] Europol, World’s most dangerous malware EMOTET disrupted through global action, 2021

[11] Trend Micro, Examining Emotet’s Activities, Infrastructure, 2018

[12] Elliott Peterson, Michael Sandee, Tillmann Werner, GameOver Zeus: Badguys And Backends, 2015

[13] Harold Chun, Norman Barbosa, Ochko123 — How the Feds Caught Russian Mega-Carder Roman Seleznev, 2017, https://www.youtube.com/watch?v=6Chp12sEnWk

[14] Mike Eckel, For Russia And U.S., Uneasy Cooperation On Cybercrime Is Now A Mess, https://www.rferl.org/a/cyber-crime-us-russia-cooperation-mess/28459178.html, 2017

[15] Booz-Allen-Hamilton, BEARING WITNESS: UNCOVERING THE LOGIC BEHIND RUSSIAN MILITARY CYBER OPERATIONS, 2020

push ebp; mov ebp, esp;

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store