Russian talent turning to cybercrime

ST PETERSBURG - The US Department of Justice said it might have been the most sophisticated computer fraud.

For Viktor Pleshchuk, it was the chance to buy a brand new BMW and an apartment in his hometown of St Petersburg.

The 29-year-old last month pleaded guilty to participating in a worldwide hacking scheme that led to the illegal withdrawal of more than US$9 million ($12 million) from cash machines worldwide operated by RBS WorldPay, the US payment-processing division of Britain's Royal Bank of Scotland Group.

The conviction shed light on a growing trend from Russia.

Just as President Dmitry Medvedev seeks to persuade investors his country is a safe place, more technology graduates are turning to cybercrime.

The FBI last week charged 37 suspects from Russia, Ukraine and other eastern European countries of using a computer virus to hack into US bank accounts.

"The number of hackers reflects how many good engineers we potentially have in this country," said Vladimir Dolgov, the president of Google in Russia.

Russians committed more than 17,500 computer-related crimes last year, or 25 per cent more than in 2008, according to the Interior Ministry's latest statistics.

While cybercrime was proliferating, Russian laws against it were written in 1998, when hacking was often perceived as a childish prank, said Boris Miroshnikov, the head of the ministry's anti-cybercrime department, in a report on the agency's website.

A ministry spokeswoman said the department had advised Russian lawmakers to impose stiffer penalties on hackers. She declined to be identified, citing department policy.

"We are working on that, but so far we haven't moved beyond discussions," she said.

Businesses around the world lose more than US$1 trillion in intellectual property through data theft and cybercrime annually, according to a report in January 2009 by McAfee, the technology security company based in Santa Clara, California.

Seeking to thwart the attacks, US legislators in March proposed to use trade restrictions to penalise countries that provide safe haven to hackers.

"The cybercrime threat coming from Russia is significant and growing," said US Senator Kirsten Gillibrand, a New York Democrat who supports the measure, in an emailed response to questions.

"It threatens America and undermines the Russians. It is in the best interest of both countries to find a way to co-operate and better control cybercrime."

The FBI said on September 30 the suspects from eastern Europe stand accused of trying to hack into US bank accounts to steal more than US$3 million. In August, French authorities arrested a resident of Moscow who used his internet network called CarderPlanet to sell stolen credit cards, the US Secret Service said on its website.

"This network has been repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community," the agency said.

The Government in Moscow needs to create jobs to help thwart cyber criminals. Their numbers had swelled since the collapse of the Soviet Union, when scores of Russian computer engineers turned to online crime, said Dmitry Zakharov, a spokesman at the Russian Association of Electronic Communications.

"Hackers are not gangsters with knives, but young and talented kids from suburbs who don't have any other options to make a living," said Zakharov for the trade group that promotes internet security in Russia.

"If the Government will create jobs for them, many will follow the lead."

Medvedev, 45, who has a video blog and a Twitter account, has said he wants to stop the Russian brain drain and turn the economy away from energy exports toward one based on technology.

The President asked billionaire Viktor Vekselberg in March to oversee plans to create a hub for the development and marketing of new technologies in the Moscow suburb of Skolkovo, where tax breaks and other incentives would be offered to lure investment.

Companies including Siemens, Cisco Systems and Nokia have agreed to participate in the project.

Pleshchuk was a "positive and shy" student who worked hard, said Sergey Sharangovich, head of the department that educated him, on the website of Tomsk State University of Control Systems and Radio Electronics.

After graduating, he moved to St Petersburg and opened an e-commerce company before he got in touch with a group of international hackers who asked him to help crack WorldPay's database, Russian investigators said.

The US Justice Department last year indicted Pleshchuk and seven other hackers in Russia and elsewhere in eastern Europe, saying the group stole the data encryption that was used by RBS WorldPay to protect debit cards, it said on its website.

The cards were used to withdraw money from 2100 cash machines in 280 cities in less than 12 hours, in what US prosecutors called "perhaps the most sophisticated and organised computer-fraud attack ever conducted".

"We take fraud extremely seriously and have stringent security processes in place to protect our customers, which we constantly review," said Michael Strachan, a spokesman at RBS.

Pleshchuk got a reduced sentence, including four years probation, after he agreed to provide information about his accomplices, his lawyer, Yuriy Novolodsky, said in an interview in St Petersburg last month. He was ordered to give up his assets, including the BMW and the apartment, to help pay the US$9 million back to WorldPay.

"On the one hand, it's flattering," Sharangovich at Tomsk University said. "On the other hand, Pleshchuk didn't apply his knowledge the right way."

- BLOOMBERG