Operation Ghost Click: FBI (and friends) take down major Russian and Estonian cybercrime operation

It can sometimes seem like one of the more striking ironies of the modern global underworld is that the criminals are so much more willing to cooperate than states. A case in point would seem to be today’s breaking story about the FBI’s Operation Ghost Click and the unsealing of an indictment against a major cybercriminal venture that had hijacked 4 million computers in a hundred countries. Through front companies such as Esthost and Rove Digital, they made perhaps $14 million, largely through redirecting browsers to pay-per-click ad sites using DNSChanger malware. (Worried that yours was infected? Check here, courtesy of the FBI.)

The criminals were Russian and Estonian nationals. Moscow and Tallinn may be at daggers’ drawn, but it seems that their crooks are still happy to work together when there’s profit to be made.

Well, yes and no. Six key figures have been arrested in Estonia, all Estonians: Vladimir Tsastsin (who had already been convicted on cybercrime charges in the past and is also charged with 22 counts of money laundering), Timur Gerasimenko (Gerassimenko), Dmitri Egorov (Jegorov), Valeri Alekseev (Aleksejev), Konstantin Poltev and Anton Ivanov. It doesn’t take a linguist to note that these are hardly especially Estonian-sounding names. Indeed, the remaining main figure, who is on the run, is a Russian national, but actually has the more Baltic name: Andrei Taame. It looks as if this was actually an ethnic Russian operation, just many of those ethnic Russian hackers and social engineers happened to be members of Estonia’s Russian community.

Yes, criminals do cooperate across national and ethnic lines, but we need not consider them marvels of internationalism. There are all kinds of practical issues which get in the way, from language and culture to the problems of sharing funds in different jurisdictions that mean that the age of the multi-national gang (as opposed to transnational cooperation between gangs) is not yet really with us – although to be sure the Russians tend to be further along that route than most.

Conversely, this was an international law-enforcement operation, involving not just the FBI but also the Estonian and Dutch police. It also demonstrated the power of public-private law enforcement cooperation: other partners included Georgia Tech University and the University of Alabama at Birmingham, the National Cyber-Forensics and Training Alliance, and private groups such as Neustar, Spamhaus, Team Cymru and Trend Micro, as well as an ad hoc group of subject matter experts known as the DNS Changer Working Group (DCWG).

Nor is this the first case of successful cooperation. Indeed, in last year Estonian Sergei Tsurikov (again, a pretty Russian name), a cybercriminal convicted of participating in a $9 million theft from RBS Worldpay in 2008, was extradited to the USA.

One could speculate that the Estonians might be especially keen to help deal with ethnic Russian criminals, but frankly law-enforcement cooperation is developing well. This is a crucial issue when dealing with cybercrime in particular, given its protean nature. In this context, while Russia itself remains a key locus of world-class cybercriminals (harness the ingenuity of those hackers to the Skolkovo project and you’d have a real intellectual powerhouse) it is saddening that its willingness or ability to cooperate with Western law enforcement on cybercrime cases is still erratic, at best. This may be because of the still-pervasive problem of corruption (although then why does it seem, according to law enforcers I’ve spoken with, to be worse for cybercrime than other serious crimes, including drug trafficking?). It may reflect the technical shortcomings of the Russian police, who are still too often ill-equipped for such investigations and may want to ignore them and yet are unwilling to admit or demonstrate these weaknesses to their foreign counterparts. Or it may have something to do with the systematic cyber-espionage operations cited in last month’s US Office of the National Counterintelligence Executive (ONCIX) report Foreign Spies Stealing US Secrets in Cyberspace? Whatever the reason, this is a serious issue, and one which merits being put rather higher on the political agenda. After all, while in the short term Russia may feel it gains – or at least has little to lose – from Russian cybercrime perpetrated against Western governments, companies and individuals, as it slowly develops its economy, it will find itself an increasingly tempting target, especially from rising new ‘cybercrime nations’…

%d bloggers like this: