Under Fire from Internet Mercenaries Russian Hackers Target Political Opposition

Want to bring down your business rivals? Russian hackers can paralyze a company Web site anywhere around the world for just a few hundred dollars. And it's not just companies they target -- political opposition groups in Russia are also in their crosshairs.

Vassily -- not his real name -- stares spellbound at his flickering computer screen. He is waiting patiently for a response from thousands of "zombie" computers he controls around the Internet -- one which will carry devastating consequences for his victims.

The 18-year-old computer science major, who has been obsessed with computers since the age of 12, lives in a provincial city two time zones east of Moscow. He would end up in prison if he were discovered by the police.

As his fingers fly across the keyboard, the young Russian demonstrates how he can shut down Web sites anywhere in the world with just a few keystrokes. Vassily's target of the day is a large building supplies company.

"I'm bombarding the site with nonsensical queries from 50,000 computers at the same time," he says triumphantly. The industry term for his strategy is a "distributed denial of dervice" (DDoS) attack. It constitutes an avalanche of data, sent from unknown computers, which overloads the system being attacked until it crashes. "It suffocates in garbage," says Vassily with a laugh.

A Fistful of Dollars

Thousands of companies worldwide are victims of DDoS attacks every day. Hackers, once primarily a threat to businesses, have since expanded their reach to include other targets. In Russia, for example, they have become a significant factor in the political powerplay ahead of the upcoming Russian elections, as well as a threat to the country's few remaining independent media outlets. DDoSs are being used to deliberately muzzle the opposition and the anti-government media.

Russian hackers were also involved in an attack this spring that shut down the entire IT infrastructure  of the small Baltic nation of Estonia. Estonian politicians and the Western media called the attack part of a cyber war. But who exactly was behind it remains unclear.

Russian hackers, modern-day mercenaries, will sell their services to anyone for a few dollars. Vassily advertises his "high-quality service" in a hacker forum for $150, while his competitor DrDDoS offers a "35 percent discount" for anyone who places two orders.

These cyber pirates hijack other people's computers, using e-mails or contaminated websites to download programs that provide them with full control of the host computers. Vassily uses the server at a French gynecology clinic as one of his so-called "bots." Experts estimate that up to a quarter of computers connected to the Internet could be doubling as these zombies worldwide.

"The owners of these computers have no idea that they're being used for criminal purposes," says Peter Stamm, who heads the division to combat computer crime at Germany's Federal Office of Criminal Investigation (BKA) in Wiesbaden. Zombiemeter, a service operated by Ciphertrust, an American Internet security firm, has identified more than 300,000 new bots in Germany this month alone.

Unleashing the Whirlwind

The program Vassily uses to control his bots is called "Smertj" ("whirlwind"). He types in the addresses of the target and the duration of the attack. Then he lights a cigarette and steps outside into the fresh night air to stretch his legs. It takes all of five minutes for his cyber zombies to report for action. Vassily presses a key to launch the attack command.

Most victims remain silent, fearing that they could lose their customers' confidence by making the attacks public. But Alexey Bakhtiarov is not one of them. In fact, he is only too pleased to receive visitors in the offices of his company, Infobox, in St. Petersburg. He says he will never forget how hackers set their sights on his company's computer systems at 11:30 p.m. on May 30 of this year.

"The Web pages of more than 10,000 customers were suddenly no longer accessible to millions of visitors," he says. Infobox, one of Russia's largest providers, operates Web sites for individuals, companies and government agencies, including the Kremlin and the St. Petersburg city administration. "Our reputation suffered greatly," says Bakhtiarov, sighing.

Russia is considered a stronghold for hackers. In fact, General Boris Miroshnikov, who heads a special unit at the Interior Ministry, has said he believes Russian hackers are the world's best.

Black Belt Hackers

In a scruffy Moscow apartment, Ilya Vassilyev, 33, calmly hands out black armbands -- not unlike the black belt awarded to judo masters -- to the best students in his "Civil Hacker School." Vassilyev is proud of his boys. "People as far away as Germany enroll in my correspondence courses," he boasts.

A publication called Chacker recently published -- with no legal consequences -- precise instructions on how to hack into the Web sites of foreign governments. Sergei Pokrovsky, the publication's editor-in-chief, readily admits to having planted anti-NATO slogans on the organization's computers in Washington and Brussels in 1999. It was at a time when the Western defense alliance had just stopped Yugoslav dictator Slobodan Milosevic, a friend of Moscow's, from continuing his ethnic cleansing activities in Kosovo by bombing the Yugoslav capital Belgrade. "I was simply overcome by emotion," says Pokrovsky. "We knew that we wouldn't be punished for it."

DDoS attacks have become common practice in Russia. In the wild 1990s, shady businesspeople would hire thugs or even contract killers to intimidate their competitors. Nowadays they increasingly use the services of cyber vandals to accomplish the same objective. Hackers are especially fond of targeting companies like Infobox, which earn their money directly on or using the Internet. Attackers shut down the systems of OSMP, a Moscow provider of online payment services, for five hours in June, causing damage upwards of $150,000.

"It's easier to shut down a competitor with DDoS than to invest a lot of money in your own marketing," explains Paul Sop of American IT security firm Prolexic. Sop estimates the number of daily attacks worldwide at about 10,000.

The number could be an exaggeration, however: Helping companies deal with the threat of hackers is a profitable business for Prolexic, which charges its customers between $7,000 and $25,000 a month for the opportunity to use Prolexic's large hardware capacity if their Web sites are attacked.

"The Net is perfect for criminals," Sop complains. "The risk of being caught is close to zero. It's like living in the Wild West."

Blackmail from the East

Perhaps the Wild East would be a more apt description. Russian-speaking hackers, in particular, offer their criminal services online in return for payment, posing a threat to companies worldwide, including in the West. As far back as the mid-1990s, Vladimir Levin, a mathematician from St. Petersburg, hacked into the main computer of US banking giant Citibank and diverted over $10 million to the accounts of his friends.

In August 2005, hackers, presumably from Eastern Europe, demanded that German online gambling site Fluxx pay them €40,000 in the form of a Western Union wire transfer, in return for their stopping DDoS attacks on the company. The Germans refused to pay. British and other online casinos and gambling sites were not as resolute -- they paid a total of $4 million in ransom money to a gang of Russian hackers.

Cyber warriors have also targeted political Web sites. This spring they launched multiple attacks on the Web site of former world chess champion Garry Kasparov's Other Russia movement . Each attack happened shortly before the group had planned to stage demonstrations against Russian President Vladimir Putin. It was a heavy blow to the opposition movement. Because the Kremlin controls Russian television and large parts of the press, opposition groups depend on the Internet to call their supporters to action.

The country's few independent media outlets have also faced DDoS attacks. One of them is Echo Moscow, a radio station critical of the government. In early May the station's Web site crashed in response to a powerful hacker attack. Although Echo Moscow continued to broadcast, its popular Web site was out of commission for four days.

"The attack was big, well-planned and clearly ordered by someone," says Alexei Venediktov, the station's editor-in-chief, who has turned Echo Moscow into one of Russia's most prominent media outlets. Venediktov sees the attacks as "a new tool in the fight against rebellious editorial departments. This was a trial run for the coming elections."

A new parliament will be elected in December, and the presidential election is set for next March. "My clients," says one hacker named Sergei, "also include political structures."

Sergei reveals that an attack of the kind that was directed at Echo Moscow's site would cost no more than $400 per day. It's a small price to pay for silencing the Internet voice of the Kremlin's most prominent critic. "I can do everything," Sergei brags, "but everything has its price."

But in late April Sergei went into battle without being paid anything at all. When the conflict between Russia and Estonia over an Estonian plan to move a Soviet war memorial  began to escalate, Sergei had his cyber zombies attack the neighboring country.

Like many nationalistic Russian hackers, he felt offended by the Estonians. "Of course I participated," says Sergei, "out of idealism."

Translated from the German by Christopher Sultan