Russian cybercrime market doubles in size

Russian cybercrime investigation and computer forensics company and LETA Group subsidiary Group-IB released a 28-page report prepared by analysts from its computer forensics lab and its CERT-GIB unit on the Russian cybercrime market in 2011.

The report outlines the main risks associated with various types of hacker activities, analyzes the main trends in the development of the Russian cybercrime market, estimates the shares and the financial performance of the Russian segment of the global cybercrime market, and forecasts market trends for this year.

Key trends in 2011:

Russian cybercrime doubles
The global cybercrime market was more than $12.5 billion in 2011. The global Russian speaking component of that market was more than $4 billion; and the Russian national cybercrime market was $2.3 billion, essentially doubling last year’s number of $1.2 billion.

Mafia professionalizes Russian cybercrime
Traditional crime syndicates are beginning to organize the previously disorganized Russian cybercrime market. In addition, these crime syndicates are beginning to work more closely together, sharing compromised data, botnets, and cashing schemes.

Online fraud and spam account for more than half of Russian cybercrime
In 2011, the largest type of Russian cybercrime was online fraud at $942 million; followed by spam at $830 million; cybercrime to cybercrime, or C2C (including services for anonymization and sale of traffic, exploits, malware, and loaders) at $230 million; and DDoS at $130 million.

Criminal profiles
In its report, Group-IB specialists and CERT-GIB analysts profile details of 5 cyber criminals caught in 2011: Vladislav Khorokhorin, Oleg Nikolayenko, Yevgeniy Anikin, Maksim Glotov, Andrey Sabelikov.

Group-IB suggests that Russian laws are critical in getting traction against the global Russian cybercrime market. Although they feel there has been progress with recent laws introduced by Russian President Dmitriy Medvedev and enacted by the Russian State Duma, these laws do not yet go far enough.

The report recommends also steps that will significantly improve the number of solved computer crimes, change the existing law enforcement practices, and establish proper international cooperation in this field.

These recommendations include:

• Clarify language of new laws – Amend the law with an additional conceptual apparatus related to issues of information security and information technologies. For example, the term “botnet” needs to be introduced, perhaps under a different name, which remains and will remain for the foreseeable future the main tool for committing the majority of cybercrimes. In addition, change the term “computer information” in the existing law, which does not fully reflect the nature of computer information, leading to possible incorrect interpretations of this term.
• Increase penalties – Make the penalties for crimes committed using computer technologies more severe.
• Update, amend and augment criminal procedures – Create more effective criminal procedures around gathering “digital evidence” such as describing the procedures and actions related to procuring, securing, and investigating; and creating a separate definition for the crime scene of a cybercrime and establish a specific place of investigation of such crimes.
• Improve law enforcement – Organize federal and regional training programs for the judicial, prosecutorial, investigative, and law enforcement agencies, including seminars regarding the issues of cybercrime investigation.
• Improve international coordination – Develop a document for submission to the UN, establishing the principles of international interaction against cybercrime, while also respecting the sovereignty of the member states, as opposed to the Budapest Convention.