Russia is home to some of the world’s biggest tech companies, and is one of the world’s leaders in computer science education. It’s also a hotbed of cybercrime and digital fraud. The recent Target credit card case originated in Russia, and so did a host of other prominent e-crimes.
So why is web-based crime so appealing for Russian nationals? Despite Russia’s excellence in STEM education and a booming tech sector, salaries in Russia for tech workers remain extremely low. According to Payscale.com, the average Russian software developer can expect to earn only a bit more than $15,000 annually. Even with the much lower cost of living in Russia, that kind of money doesn’t go far. In addition, Russian government authorities have traditionally taken a lax approach to prosecuting computer crimes. Those are two reasons why a recent report by Russian security firm Group i-B estimated their domestic cybercrime market at $1.9 billion/year.
Trend Micro, a Japanese security firm, recently issued a fascinating white paper on Russian credit card fraud and digital crime. Max Goncharov, the study’s author, says that Russian-language web forums are a primary venue for selling credit card numbers and offers to hack accounts, develop malware, launch DDoS attacks, or engage in various varieties of fraud.
"The number of Russian underground forums has been growing each year," he writes. "Even though some forums come and go, the most popular ones just change hosting service providers and domain names every so often but keep their loyal members. The most popular Russian underground forums such as verified.su and ploy.org can have 20,000 to several hundreds of unique members," Goncharov continues.
In particular, Russian forums are a hotbed for credit card numbers, trojans, and traffic direction services (which function as distribution services for malware). It’s essentially capitalist; individuals with skill sets or valuable information like credit card numbers offer their wares at a price the market will tolerate, and interested buyers then obtain the products or services.
Not only that, but prices for illicit credit card information on these forums have been dropping due to increases in supply. Goncharov and his team used an automated data scraping system to collect information from an undisclosed number of websites and forums accessible both through standard http or https access and Onion routers like Tor.
It's not just credit card numbers being trafficked here. Sometimes, companies and individuals can even buy traffic for their sites through these forums. Criminals can purchase iframes, which are inserted into high-traffic websites that redirect traffic over to the criminal’s site; Trend says that traffic from Australian, American, German, British, and Italian IP addresses are particularly prized.
But Goncharov’s most interesting discovery is on pricing. It's not just credit card numbers getting cheaper; everything else is, too. Traffic redirections from American Internet users that would have cost $400 in 2011 cost only $130 in 2013; trojan software packages that cost $500 in 2011 were only $35 last year. Forged European passports could be obtained for $1 a pop; forged Russian passports or passports from ex-Soviet nations like the Ukraine and Kazakhstan go for between $1 and $2. Although Trend’s chart didn’t take into account new trojans and new virii that weren’t around in 2011, they stated that the price dip was consistent across the board.
In the end, Russian cybercriminals have created a black market economy of surprisingly low prices—a place where American credit card credentials can be purchased for the staggeringly low price of $1 and German credit cards cost $6. Spammers can obtain floods of 10,000 Skype messages apiece for under $90, and it only costs $100 to hack a Facebook account. Maybe crime pays after all.