>If you want to buy a botnet, it'll cost you somewhere in the region of $700
Very vague.
>ZeuS source code: $200-$500
Nope, total bullshit. It is widely available. [1]
>SOCKS bot (to get around firewalls): $100
Nope. "Socks bot" refers to the ability to convert an infected computer into a SOCKSv5 proxy
>Unintelligent exploit bundle: $25
This refers to exploit packs, which is obfuscated software sold on these boards that contain unpatched 0day exploits. Exploit packs are worthless after a week, unless updated since all the vulnerabilities (apart from Java[2]). They're available for free.
Also, just as an additional note: it is not just Russia doing this. Countries where extradition is not an option generally tend to have the largest amount of cyber crime. The list includes China[1], Germany[4], Russia, Japan[3] and France[2]. People in these countries generally target Americans, since USA has the second largest amount of internet users (245,203,319) [5] and has one of the highest GDP in the world[6]. Recently a security firm investigated a Facebook virus called KoobFace and found out its Russian authors, however, they were unable to prosecute them due to Russian Laws[7]
What you say is not correct, at least in regard to Germany. This lets me wonder about the validity of your other statements. In Germany, cyber crime is thoroughly investigated and punished, with no exception when your victims are overseas.
On top of that, the excerpt of Germany's most basic collection of laws you have linked ([4]) just states that there will be no extradiction to US. This only means that people will be punished for their crimes within Germany and not in the U.S. - but not that they won't be punished at all.
I'd be willing to fork up the $150 to see if they could hack into my own gmail account. Seems like cheap penetration testing. Pointing them toward myself should be legal as well. So who do I pay?
In fact Google should be paying them to hack honeypotted accounts and see what they try.
A year ago a "friend" of me hired a russian hacker, just for a joke, and he hacked my gmail, twitter and facebook accounts. And the passwords were random 10 caracters or something like that. He hired the hacker in free-lance.ru
I'm sorry but I don't know how did he do it. I was wondered when I saw that I can't login in to my gmail account. I thought that it's impossible someone to hack my gmail account, because Google is a big company they should have some good codes there. But it's possible. In that day my friend sent my new password per sms my and said that it was a joke.
if you want to hire someone, go to free-lance.ru, in left menu select web-programmin (Веб-программирование)then secyrity (Защита информации) and hire someone. Some of them will do the work, if not, they know someone who can do it.
> I was wondered when I saw that I can't login in to my gmail account.
If you couldn't log in, he did it by guessing the answers to your security questions based on other stuff he could find out about you online, and resetting your password (possibly resetting or taking control of your backup email account that you had your new password set to send to, you should check all that stuff).
You're seriously wondering whether or not someone is going to trust their secrets and the source of their income with a complete stranger, and further pondering whether or not you can trust an anonymous criminal?
That's a good point, why are these guys doing this stuff illegally for pennies when there are probably plenty of companies out there who would pay them decent money for a proper pen test.
Probably because hacking into a gmail / facebook / twitter account is usually done by gathering informations about the victim by social engineering, and then trick the "lost password" form to get into the account.
Remember the guy whose macbook, ipad and iphone got wiped through iCloud ?
It has always fascinated me how history, individuals, geography and natural resources influenced people, their mentality in various world regions.
While Russia is rich for natural resources (diamonds, gas, oil), just a few people profit from them. Next tear of wealthy individuals mostly profit from serving those who profit from natural resources… Natural resources imply that value is already created. You dont have to think how to create it. You just have to sell it. This stresses a high importance on relations, closed ties between limited political and business. These ties generally are not based on pure smartness nor on common sense logic or ethic. The rest of population, stoned by these in-transparent "success stories" are leaved to strive for fast money and basically steal+cheat.
Also, considering Soviet past, where entrepreneurship have been suppressed for decades, it is just amazing how many super smart people there are, focusing their brain power on anything but long term intelectual value creation and monetization (i.e. intelectual value driven businesses). There are many terrific examples of this, including AK-47, chess players, Nginx… Though nginx is amazing it is not amazing in monetization. I'm wishing Nginx and Runa Capital all the best to in monetizing it! (details of their monetization strategy are not apparent to me).
And mature cybercrime market is nothing surprising in these circumstances.
All this being said, I don't want to say that there are no great, profitable intellectually driven companies in Russia. Among those are Kaspersy Lab, Parallels, some others. These observations are general and highly abstract.
The only seeming exception I can think of is Norway, which has a highly unusual massive government savings program to deal with its oil wealth, and then only discovered that wealth fairly recently.
Assuming you include Russian Jews, you get a lot of successful Russians doing tech stuff in the world -- just in other countries than Russia. Israel, the US, etc. have Russian Jewish populations who are incredibly successful in tech.
Oh yes, yes! Totally agree!
In my comment I've been referring to a typical russian mentality. And Russian Jews have a very different mentality, from the one I've been referring to.
Typical Russian mentality is thorough approach to problem solving and having a good rest afterwards. Russian language itself structurally teaches your brain to be more abstract.
Nope, but thank you for the reference. My observation comes from the wild, and is confirmed by observations of fellow Russian programmers and sysadmins who lived and worked in the US and the UK.
Actually I'd better refer to Bekhtereva and Stalin, who observed quite the same thing from very different perspectives.
You forgot to mention ABBYY.
And cybercrime in Russian school culture is not a crime. It's something heroic.
BTW the tone of the article we discuss here is all about demonising Russia.
I bet you 20 quid, there are more cyber wrongdoers in the US than in Russia.
What you say makes me think about Nigeria, as well. Historically, most of their wealth has come from oil, and up until 1999, they were ruled over by a corrupt military. Consequently, it seems to me that Nigeria's "entrepreneurial" culture is all about "getting money from rich people", rather than creating new things that people value.
I don't exactly think so. I'm referring to places where people prefer intellectually hard, risky, unethical and damaging work (eg cybercrime) instead of working legally on creating valuable products and companies.
I was interested to learn about examples of places and detailed descriptions of circumstances that lead to similar consequences.
So, we take you at face value, with no citations or other authority? What if you're one of the Russian cybercriminals? Or that hacker that the Georgian CERT unmasked? So, +1 for vaguely menacing vagueness.
I think the verb “to democratize” is used here in the extended meaning “to make accessible to all”, like democracy makes governance an affair accessible to all by making it an affair of the people.
But I agree that this use does seem strange sometimes in some contexts.
>If you want to buy a botnet, it'll cost you somewhere in the region of $700
Very vague.
>ZeuS source code: $200-$500
Nope, total bullshit. It is widely available. [1]
>SOCKS bot (to get around firewalls): $100
Nope. "Socks bot" refers to the ability to convert an infected computer into a SOCKSv5 proxy
>Unintelligent exploit bundle: $25
This refers to exploit packs, which is obfuscated software sold on these boards that contain unpatched 0day exploits. Exploit packs are worthless after a week, unless updated since all the vulnerabilities (apart from Java[2]). They're available for free.
[1]http://www.multiupload.co.uk/P8QUNF4YJN
[2]http://www.theregister.co.uk/2012/08/30/oracle_knew_about_fl...