A year after Ukrainian authorities arrested five alleged cyber criminals, the country's would-be major crackdown on cybercrime is increasingly looking like the real bust.
When Ukraine in October 2010 arrested five alleged hacker kingpins behind a multimillion-dollar scam, authorities touted it as part of a broader crackdown on cybercrime.
But they were swiftly released and remain free as the investigation drags on. With more than a year passing by, Ukraine’s would-be major crackdown on cybercrime is increasingly looking like the real bust.
Authorities finally admit that Ukraine remains a heavenly haven for hackers due to inadequate anti-cybercrime laws and the lack of knowledgeable computer scientists working on the side of the law.
“Ukrainian hackers are well-known in the world. Our country is a potential source of cyber threats to other countries,” said Valentyn Petrov, an information security official at the Security Service of Ukraine, known by its SBU acronym, on Feb. 29.
The sentencing of two convicted cyber crooks by a British court last November to four-and-a-half years in prison each for siphoning around $4.5 million from British back accounts only backed up this thesis.
The two Ukrainians – Yuriy Konovalenko, 29, and Yevhen Kulibaba, 33 – used a computer virus to obtain confidential bank account information, which they used to transfer large sums of money from these accounts to the ones controlled by their group.
The duo pleaded guilty to conspiracy with the intent to defraud, but denied money laundering charges. Another 11 members of the group were also sent to prison for online fraud by British courts.
It did not take British investigators very long to take the online theft case, which had been taking place between September 2009 and March 2010, to the court. In Ukraine, however, such criminals are rarely brought to justice, let alone properly prosecuted and convicted of online scams. Reports of cybercrimes originating on Ukrainian soil are numerous.
In October 2010, the SBU along with colleagues from the U.S., UK and the Netherlands claimed to have caught five members of a criminal group engaged in cybercrime. Using computer viruses they allegedly pumped $70 million from the U.S. bank accounts with more than half of the sum going to Ukrainian hackers.
Investigators say that the suspects were charged with unauthorized interference into computer networks and dissemination of malware. If found guilty, the accused face up to six years in prison.
But within a matter of months after being detained, the suspects were released by Ukrainian authorities amidst a pending investigation. Analysts describe it as yet another sign that no real crackdown is underway. Officials blame imperfect legislation and lack of authority for law enforcement.
An SBU spokeswoman excluded the possibility that the five suspects suspected of million-dollar cybercrimes could sneak out of Ukraine using fake passports. They are being closely watched, the spokesperson added.
America’s FBI law enforcement agency originally worked with Ukraine on some of the cases and praised the crackdown. FBI officials did not, however, respond to recent inquiries asking to assess Ukraine’s success on fighting Internet thefts.
Yevhen Kulibaba Yuriy Konovalenko
Computer security analysts initially also praised the success of the SBU, but noted that the hardest work is still ahead. “The overall result depends on how successfully the Ukrainian justice system will prosecute the suspects in court,” said Don Jackson from SecureWorks, a firm involved with Internet security.
Another sign of Ukraine’s weakness and vulnerability to cyber attacks was obvious earlier last February when governmental websites, including SBU’s web portal, were going down one by one after the temporary shutdown of EX.ua, a popular Ukrainian file-sharing website on allegations of copyright violations.
According to a written response from the Interior Ministry, over the last 10 years 400 people in Ukraine were detained on Internet and banking fraud charges and only eight people among them were convicted to prison sentences.
Outdated legislation
Ukraine has frequently been cited in recent years as an origination point for cybercrimes. Analysts contend that the country is ahead of Russia as a source of spam and malware.
“Ukraine’s a huge problem. I would rank it above Russia right now,” said Paul Ferguson, a researcher with Trend Micro, one of the world’s top internet security software firms.
“From what I saw, Ukraine is one of the largest centers of cybercrime,” added Brian Krebs, an American computer security expert and an author of the blog KrebsonSecurity. “Not only much of the criminal network is located here, but also considerable flows of dollars obtained by hacking go here.”
Analysts suspect that some hackers work in Ukraine’s top Internet service providers. Internet providers have no vested interest in fighting spam messages full of ads and malware. Doing so will decrease a large share of their traffic, and, in turn, income.
Petrov from Ukraine’s security service believes that providers and the government have to “find a balance of interests” in this respect. Krebs says weak laws and ineffective law enforcement are to blame for poor persecution of cyber criminals.
“From a number of sources in law enforcement, I know that Ukraine has no shortage of people who want to put cyber criminals behind bars and clean up Ukraine’s image as a cybercrime heaven,” Krebs said. “However, if this is not combined with a competent and responsible legislative system, the rest does not matter.”
It was only recently that government officials publicly recognized the need to update Soviet-aged criminal legislation in order to combat 21st-century cybercrimes more efficiently.
Petrov said Ukraine should adopt a strategy on cyber security and implement the Convention on Cybercrime, which was ratified by the Ukrainian parliament in 2005. The convention is the first international treaty on crimes through the Internet and aims at harmonizing international and national legislation in the field. It also provides criminal procedural tools to better investigate and prosecute such offenses.
Job market for hackers
In addition, highly skilled and educated computer programmers and engineers that do not find a developed labor market here seem to end up in lucrative unlawful business with pleasure. “There is no Eastern European Silicon Valley which would compete with the state over qualified experts in computer security,” Krebs said.
Another barrier that limits access of skilled Ukrainian computer engineers to the advanced Western labor market is English language proficiency, Krebs suggests.
This is reminiscent of the turbulent 1990s post-Soviet years when former athletes, sometimes even champions, after finishing their career in sports and in search of decent salaries often joined organized crime gangs.
Kyiv Post staff writer Yuriy Onyshkiv can be reached at [email protected].
