In the history of cybercrime, some of the worst offenders, the biggest breaches, and the baddest malware have come from Russia.
Some recent examples of major hacks carried out by Russian cybergangs include the compromise of the White House email system and the emails of President Obama; the breach of the IRS and thousands of US taxpayers’ accounts; and the amassing of more than a billion username and password combinations that spurred fears of the “biggest hack in history.”
The mastermind behind the Gameover/Zeus banking malware and the file-encrypting CryptoLocker ransomware that ensnared so many millions of victims is also a Russian – Evgeniy Mikhailovich Bogachev, whose alleged crimes landed him on the FBI’s “most wanted” list.
Given all that, you might think that Russian hackers are the single biggest threat to computer users around the world (they would have some stiff competition from crooks and spambots based in the US).
Yet Russian cybercrooks aren’t always so sophisticated, and their targets are not always governments and big businesses – as often as not their victims are fellow Russians.
Last month, the Russian Office of the Interior Ministry and the Federal Security Service (FSB) arrested members of a phishing gang based in St. Petersburg that the authorities say stole more than 12 million rubles (about $218,000 or £141,000 at the current exchange rate) from hundreds of bank accounts.
According to a statement from the Interior Ministry [in Russian], two leaders of the gang were already on probation for similar fraud-related crimes when authorities began investigating them for a bank phishing scheme that compromised 7000 customer accounts.
Authorities have so far identified 264 victims, who lost an average of 70,000 rubles ($1271/£824).
The Interior Ministry hasn’t named the two gang leaders or their associates, but a report from Forbes shines some interesting light on the alleged crooks and their scam.
Citing a tip-off from a Russian cybersecurity company, Forbes reported that the two gang leaders were twin brothers, and their victims were customers of the Russian state-owned bank Sberbank and other national banks.
According to Forbes, the scheme that allowed these brothers-in-crime to rake in as much as 1.5 million rubles ($27,260/£17,660) per month over the past two years involved infecting computers with a banking Trojan and sending the victims to a phishing website in order to collect usernames, passwords and phone numbers.
The phone numbers were a key piece of information.
Many banks now require customers to enter a one-time code in addition to their usernames and passwords before transferring money from their online accounts.
This method (called two-factor authentication) is supposed to prevent fraud, because crooks who have stolen your password would also need to get access to the one-time code, which is typically sent via text message to your phone.
It’s a good system that adds an extra layer of security, but the twins got around it in one of two ways: by calling up their victims and – pretending to be bank employees – convincing them to divulge their code; or by sending the victims to another fake website where they would enter the code.
With that, the crooks could get access to the victims’ bank accounts and transfer money out at will.
It’s a clever ploy, but the Russian authorities were watching, something the cybercrooks might have suspected, judging by their elaborate security system.
According to Forbes, the twins had purchased an armored door for their apartment, and they set up text message alerts to warn their associates to destroy evidence once the police showed up.
It wasn’t enough to keep the cops out, or themselves out of jail.
Image of hands in handcuffs courtesy of Shutterstock.