This blog post was written by James Andrew Lewis, senior vice president at the Center for Strategic and International Studies (CSIS).
Now that 3 companies and 13 individuals from Russia have been indicted for U.S. election interference, the general American populace has insight into a problem that has been growing for years: Russia has little respect for the law. In fact, based on a recent study on the Economic Impact of Cybercrime CSIS undertook with McAfee, Russia leads the world in cybercrime. This reflects both the skill of its hacker community and its disdain for western law enforcement.
The complex and close relationship between the Russian state and organized crime means that Russia provides a sanctuary for the most advanced cybercriminals, who focus on the financial sector. The best cybercriminals in the world live in Russia, and as long as they do not travel to countries where they could be arrested, they are largely immune from prosecution. For example, one of the cybercriminals who hacked Yahoo at the behest of Russian intelligence services, compromising millions of accounts and transferred the PII to the Russian government, also used the stolen data for spam and credit card fraud for personal benefit.
Yet Russia is hardly the only country specializing in cybercrime; China, North Korea, and Iran are right up there. The combination of massive budgets, access to talent and protection from law enforcement make nation-states the most dangerous source of cybercrime, which our report estimates takes about a $600 billion toll on the global economy.
Next to Russia, we believe North Korea is the next most important nation for cybercrime. Both hack banks for financial gain. In 2015-2016, for instance, a cybercrime campaign targeted dozens of banks in the SWIFT network, stealing tens of millions of dollars from banks in developing countries. The North Korean Reconnaissance General Bureau (RGB) has been linked to these attacks, which provided a lucrative way to supplement the North Korean government’s access to foreign currency.
Recognizing the difficulty of pulling off large-scale thefts from a single major western bank, the RGB targeted smaller, less sophisticated banks in developing countries like Bangladesh, Vietnam, and Ecuador. In Bangladesh, they used the victim banks’ credentials to send what looked like legitimate SWIFT fund transfer requests These requests at first appeared legitimate to the receiving banks, since they were sent from legitimate partner banks through the established channels, so in some cases, the money was transferred.
North Korea also has turned to cryptocurrency theft to help fund its regime. North Korean hackers have targeted at least three South Korean cryptocurrency exchanges in 2017. Cryptocurrencies are a particularly valuable target for North Korea, who are able to use Bitcoin’s anonymity to circumvent international sanctions. Some researchers have speculated that North Korean actors have also been involved in attempts to surreptitiously install Bitcoin mining software on hacked computers, hijacking networks of compromised systems to mine for cryptocurrencies. The Pyongyang University of Science and Technology has begun offering its computer science students classes in Bitcoin and Blockchain, confirming the growing interest in cryptocurrencies for North Korea.
Hackers in North Korea and Russia, whether affiliated with the state or not, account for much of the cybercrime that occurs in the world. Until these nation-states change their behavior, either by stopping state support for hacking or by enforcing laws against criminal hackers, cybercrime will remain a major international problem.