
The Russian underground economy has democratized cybercrime - iuqiddis
http://arstechnica.com/tech-policy/2012/11/the-russian-underground-economy-has-democratized-cybercrime/
======
xSwag
Nope all over this article.

>If you want to buy a botnet, it'll cost you somewhere in the region of $700

Very vague.

>ZeuS source code: $200-$500

Nope, total bullshit. It is widely available. [1]

>SOCKS bot (to get around firewalls): $100

Nope. "Socks bot" refers to the ability to convert an infected computer into a
SOCKSv5 proxy

>Unintelligent exploit bundle: $25

This refers to exploit packs, which is obfuscated software sold on these
boards that contain unpatched 0day exploits. Exploit packs are worthless after
a week, unless updated since all the vulnerabilities (apart from Java[2]).
They're available for free.

[1]<http://www.multiupload.co.uk/P8QUNF4YJN>

[2][http://www.theregister.co.uk/2012/08/30/oracle_knew_about_fl...](http://www.theregister.co.uk/2012/08/30/oracle_knew_about_flaws/)

~~~
xSwag
Also, just as an additional note: it is not just Russia doing this. Countries
where extradition is not an option generally tend to have the largest amount
of cyber crime. The list includes China[1], Germany[4], Russia, Japan[3] and
France[2]. People in these countries generally target Americans, since USA has
the second largest amount of internet users (245,203,319) [5] and has one of
the highest GDP in the world[6]. Recently a security firm investigated a
Facebook virus called KoobFace and found out its Russian authors, however,
they were unable to prosecute them due to Russian Laws[7]

[1]<http://www.gov.cn/english/laws/2005-09/22/content_68710.htm>

[2][http://www.legifrance.gouv.fr/content/download/1958/13719/ve...](http://www.legifrance.gouv.fr/content/download/1958/13719/version/3/file/Code_34.pdf)

[3]<http://www.moj.go.jp/ENGLISH/information/loe-01.html>

[4][http://www.gesetze-im-
internet.de/englisch_gg/englisch_gg.ht...](http://www.gesetze-im-
internet.de/englisch_gg/englisch_gg.html#GGengl_000P16)

[5]<http://www.internetworldstats.com/list2.htm>

[6]<http://exploredia.com/list-of-countries-by-gdp-2012/>

[7]<http://nakedsecurity.sophos.com/koobface/>

~~~
bflesch
What you say is not correct, at least in regard to Germany. This lets me
wonder about the validity of your other statements. In Germany, cyber crime is
thoroughly investigated and punished, with no exception when your victims are
overseas.

On top of that, the excerpt of Germany's most basic collection of laws you
have linked ([4]) just states that there will be no extradiction to US. This
only means that people will be punished for their crimes within Germany and
not in the U.S. - but not that they won't be punished at all.

------
achille
I'd be willing to fork up the $150 to see if they could hack into my own gmail
account. Seems like cheap penetration testing. Pointing them toward myself
should be legal as well. So who do I pay?

In fact Google should be paying them to hack honeypotted accounts and see what
they try.

~~~
zeynalov
A year ago a "friend" of me hired a russian hacker, just for a joke, and he
hacked my gmail, twitter and facebook accounts. And the passwords were random
10 caracters or something like that. He hired the hacker in free-lance.ru

~~~
SCdF
Any more information to this story? Do you know how they did it?

~~~
zeynalov
I'm sorry but I don't know how did he do it. I was wondered when I saw that I
can't login in to my gmail account. I thought that it's impossible someone to
hack my gmail account, because Google is a big company they should have some
good codes there. But it's possible. In that day my friend sent my new
password per sms my and said that it was a joke.

if you want to hire someone, go to free-lance.ru, in left menu select web-
programmin (Веб-программирование)then secyrity (Защита информации) and hire
someone. Some of them will do the work, if not, they know someone who can do
it.

~~~
SkyMarshal
Question is, will they divulge the method they used to hack your site, and if
so, can you trust them to tell you everything?

~~~
s_henry_paulson
You're seriously wondering whether or not someone is going to trust their
secrets and the source of their income with a complete stranger, and further
pondering whether or not you can trust an anonymous criminal?

------
ksaitor
It has always fascinated me how history, individuals, geography and natural
resources influenced people, their mentality in various world regions.

While Russia is rich for natural resources (diamonds, gas, oil), just a few
people profit from them. Next tear of wealthy individuals mostly profit from
serving those who profit from natural resources… Natural resources imply that
value is already created. You dont have to _think_ how to create it. You just
have to sell it. This stresses a high importance on relations, closed ties
between limited political and business. These ties generally are not based on
_pure smartness_ nor on common sense logic or ethic. The rest of population,
stoned by these in-transparent "success stories" are leaved to strive for fast
money and basically steal+cheat.

Also, considering Soviet past, where entrepreneurship have been suppressed for
decades, it is just amazing how many super smart people there are, focusing
their brain power on anything but long term intelectual value creation and
monetization (i.e. intelectual value driven businesses). There are many
terrific examples of this, including AK-47, chess players, Nginx… Though nginx
is amazing it is not amazing in monetization. I'm wishing Nginx and Runa
Capital all the best to in monetizing it! (details of their monetization
strategy are not apparent to me).

And mature cybercrime market is nothing surprising in these circumstances.

All this being said, I don't want to say that there are no great, _profitable_
intellectually driven companies in Russia. Among those are Kaspersy Lab,
Parallels, some others. These observations are general and highly abstract.

~~~
YokoZar
The resource curse is very real and well documented:
<http://en.wikipedia.org/wiki/Resource_curse>

The only seeming exception I can think of is Norway, which has a highly
unusual massive government savings program to deal with its oil wealth, and
then only discovered that wealth fairly recently.

~~~
a3camero
Canada.

~~~
YokoZar
Canada's oil resources are relatively new as well, I think.

------
mintplant
In case anyone else is looking for it, the original Trend Micro Report:
[http://www.trendmicro.com/cloud-content/us/pdfs/security-
int...](http://www.trendmicro.com/cloud-content/us/pdfs/security-
intelligence/white-papers/wp-russian-underground-101.pdf)

Some fairly interesting stuff there.

------
twodayslate
This isn't just a "Russian" thing.

~~~
bediger4000
So, we take you at face value, with no citations or other authority? What if
you're one of the Russian cybercriminals? Or that hacker that the Georgian
CERT unmasked? So, +1 for vaguely menacing vagueness.

~~~
andyakb
he needs citations and authority to say that it isnt only russian with an
underground economy for cyber crime?

------
xk_id
just to clarify – when it says "hacking a gmail account costs this much", it
means " _attempting_ to hack", right?

~~~
Someone
It could be "No cure, no pay". That also prevents arguments about the quality
of efforts made.

------
adaml_623
I read this article and didn't notice anything about voting at all? Strange
use of the word 'democratized'

~~~
demetris
I think the verb “to democratize” is used here in the extended meaning “to
make accessible to all”, like democracy makes governance an affair accessible
to all by making it an affair of the people.

But I agree that this use does seem strange sometimes in some contexts.

