The Group-IB 2011 Report on Russian Cybercrime analyses current trends and predicts future developments. It also discusses the currrent state of computer crime legislation in Russia, and makes specific recommendations for the future. Most of it confirms what other security companies have been saying: that Carberp is the malware of choice, particularly in Russia; that taking down individual botnets may temporarily disrupt, but not permanently disturb the continuing growth of spam; that DDoS attacks are becoming smaller, more frequent and more sophisticated.
But the report also lays out the evolving cybercrime battlefield in Russia, a landscape being fought over by organized crime on the one hand, and law enforcement on the other. Of the criminals it notes a consolidation of previously disparate groups into "organized groups with a centralized management system;" increasing cooperation between the major groups "based on mutually beneficial sharing of compromised data;" and the penetration of 'professional' criminals so that cybercrime is no longer the sole prerogative of techies.
"As consequence of the above trends," writes Group-IB, "the following fact is apparent: the Russian cybercrime market is experiencing a period of dynamic transition from a quantitative state to a qualitative one." Organized crime is using the proceeds of its traditional sources, drugs, prostitution, arms trafficking and so on, to fund the development of more advanced cybercrime.
Law enforcement, however, is currently hamstrung in its fight against cybercrime: the law, is quite simply, inadequate. "For example," says the report, "Yevgeniy Anikin and Viktor Pleschuk, who hacked the WorldPay system of The Royal Bank of Scotland and stole $10 million from its accounts, were found guilty by a Russian court, yet only received suspended sentences, while those convicted of ordinary crimes, such as theft in the amount of up to $50,000, serve actual time in prison."
President Medvedev has made some improvements with his bill amending the criminal code and enacted by the State Duma in December 2011. The two primary improvements were the inclusion of additional aggravating circumstances, and an increase to the severity of penalties. Group-IB, however, doesn't think it goes far enough. In particular, it wants greater clarity, increased penalties and improved training for law enforcement. It also wants to replace and improve on the Budapest Convention, the first international treaty on cybercrime.
Russia should, it says, "Develop a document for submission to the UN, establishing the principles of international interaction against cybercrime, while also respecting the sovereignty of the member states, as opposed to the Budapest Convention." This would, says Group-IB, "significantly improve the number of solved computer crimes, change the existing law enforcement practices, and establish proper international cooperation in this field."