Russian hackers are a worldwide menace, governments clamp down on cybercriminal across the globe
So what's going on here in Russia? Well, as I've said, President Dmitry Medvedev has emphasized the importance of getting on with the times and sending public officials out there into the depths of the cyberspace. Well, not really - he just made an ambiguous proposal to receive feedback on performance of civil servants through social networks - after all, they can't be used just for organizing protests, right? However, this was met with a mixed reaction from the blogosphere. Right now it's no secret that there are companies and individuals selling social network activity - fake or real. There are free lance markets where one can procure services of bloggers or social network users who are tasked with performing certain actions - like posting something in a certain blog or "liking" a video, a product or a company. Then there's the case of an Israeli entrepreneur whose online "Like" store was frowned upon by Facebook to the point of court proceedings. Thus Russian bloggers are worried that this good idea of trying to get some honest and easy-to-submit feedback on performance of those that are supposed to represent the will of the people will be marred by relatively easy and cheap manipulation of social network indicators.
I guess this is especially true for Russia - with legislation concerning online behavior being severely underdeveloped, a large population base, spreading internet access it's no wonder the country has deeply rooted piracy and other issues. For example, one the leading IT security companies Kaspersky Lab has recently named Russian part of the internet as the most dangerous space in the world wide web. According to the company, over 55% of Russian internet users regularly face web attacks. The report is called Kaspersky Security Bulletin 2011. There's a lot of information, pie charts and graphs in the report, but let's just look at the big picture. Basically, considering the spread of malware, viruses, trojans, spam and such, the company produced an indicator of aggressiveness of the environment in which a computer is running. In other words, it's an answer to the question “where in the world are computer users encountering cyber threats?” In order to assess the risk of infection to a computer in any given country, the lab has calculated the frequency at which antivirus programs on user computers detected threats in 2011 for each country. So yes, as I've said, 55.9% of unique users in Russia with computers running Kaspersky Lab products that blocked online threats were attacked at least once in 2011. The second most dangerous country is Oman with almost 55% of computers being under attack, followed by the US with 50%. Around the world, online risks rose 2 percentage points in 2011 and came to 32.3%. Russia has also contributed by spreading malware across the globe. Kaspersky Lab products have recorded over one million incidents using short text number scams, and the lion’s share of these cases are traced back to the Russian-language segment of the Internet.
Now, remember I talked how Google hosted a hackathon in which it offered hackers significant monetary rewards for deliberately hacking their popular Chrome web browser? Why would they do that? Well, it's part of the Chromium Security Rewards Program. The contest was Google’s open-invitation to hackers to help Google identify exploits in the Chrome browser, which is based on the open-source project Chromium. There were several categories, such as exploiting vulnerabilities of the operating system or using third-party software to compromise the browser with the most difficult task, valued at $60,000 to hack into Chrome by using vulnerabilities of the browser and only of the browser. There was one participant who successfully hacked Chrome this way. Care to guess which country was he from? Yep, the hacker that won the grand prize was Russian university student Sergey Glazunov who successfully hacked into a fully patched computer running Windows 7 by using a Chrome sandbox bypass. Well, to be fair, he was a long-time contributor to the Chromium project, so that means he already had working knowledge of how the browser operates. Justin Schuh, a Chrome security team member, spoke to ZDNet following Glazunov’s triumph and called the hack “very impressive.” He said “This is not a trivial thing to do. It’s very difficult and that’s why we’re paying $60,000.” Senior Vice President of Google Chrome and Apps, Sundar Pichai, confirmed the successful hack on his Google+ page.
But don't worry, if you're using Chrome you don't have to run and switch browsers - that's the whole purpose of the event. The hackers had to give up their secrets and not share the exploits with third parties, meaning that Google can shortly come up with fixes for these problems. Mr. Pichai acknowledged that and assured that the team would shortly come up with a solution.
Actually, while the Russian student Sergey Glazunov was the first one to hack Chrome, he was not the last one. Towards last weekend Google has announced that they've already paid 120,000 dollars to two participants, but as of this week these security breaches have been fixed. Still, the total sum of prize money is 1 million dollars, so most likely there are still talented hackers out there toiling away, hoping for some sweet Google cash. As some tech blogs pointed out, this event is not just a good way for Google to boost the security of their browser, but it also shows there are good hackers out there - with the majority getting bad rep and being seen as criminals and anarchists, this demonstrates that there are legitimate ways for hackers to earn cash.
Speaking of hackers, there's a lot of news from that field. Well, for starters, remember LulzSec, also known as Lulz Security? It is, well, was a computer hacker group loosely associated with the Anonymous that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony in 2011 as well as shutting down the CIA website. The original leader of LulzSec was a computer security specialist that used the online nickname Sabu, real name Hector Xavier Monsegur. While not necessarily bad of good, LulzSec has come into the attention of not just those that it hacked, but international security expert who praise the hackers in the sense that they've drawn attention to insecure systems and the dangers of using the same password for different accounts. The latter is pretty simple - imagine you have access to sensitive data at work. The security there is pretty impressive and it's really hard to hack in from external sources; virtually the only way to access the system is with login and password. But imagine now that you use the same password in less secure systems - email, social networks, random websites that require you to have a login. And you know - a lot of people choose to keep passwords stored on their home computers - all browsers give this option and usually non-paranoid users prefer to have them saved for ease of access. And that's how hackers get you. See, Google has the right idea, to pay hackers to deliberately expose security threats before they can become cause of some serious trouble. Anyway, if your home computer is compromised and you use the same password everywhere else, including your high-security account at work and if you've became a target for high-profile hackers who know what they're doing then you're in a very tight spot. Anyway, with their series of hacks that targeted CIA, FBI, Sony, and numerous other corporate and government targets, maybe they did raise awareness to the security issue and helped drive their point home- the latter being importance of freedom of internet. Well, actually, if the Anonymous likes to call themselves hacktivists and freedom fighters, the ideological and political motivation of LulzSec was not that apparent - main motivation is to have fun by causing mayhem. This chaos and mayhem and occasional political message circulated the cyberspace for quite some time with the general opinion of these hackers being untouchable. Until recently that is. Remember how I mentioned that a few members of the Anonymous were arrested across the globe courtesy of a mole planted by the law enforcements? Well, the same happened with LulzSec, only the mole was their leader who basically betrayed everyone he has recruited over the time of the organization's operation. According to official reports, Sabu has been "collaborating with the government for months," leading to a string of arrests around the world earlier this month. It is yet unclear how many hackers will be put behind bars as the result of Sabu's nine months of federal collaborating, but looks like LulzSec is no more, at least in the form that it was under Sabu's command.
All in all, it appears that this year is the year of governments in cyberspace. Hackers are being put to jail and get paid by respectable companies to channel their talents in constructive ways; same goes for pirates with The Pirate Bay founders are losing court appeals.Kim Dotcom, owner of MegaUpload, largest filesharing website is also is a lot of legal trouble while his brainchild is shut down for good. China and Belarus require personal information of their citizens to let them communicate online, the US are pushing for severe anti-piracy legislation and more countries are being added to online watch list by Reporters without borders. The bottom line is that given the events of the past few months, looks like the cyberspace will not be the same this time next year.