The Untold History of Today’s Russian-Speaking Hackers

Monday sees the release of “The Billion Dollar Heist,” a documentary about the theft of $81 million from the Bangladesh Bank, considered the biggest cyber-heist of all time. The film’s executive producer wrote the book Dark Market: How Hackers Became the New Mafia (and is also a rector at the Institute for Human Sciences).

But he’s also written an article for the Financial Times outlining the complicated background of Russian-speaking hacker gangs responsible for malware and ransomware, starting with “one of the most remarkable if little-known events in post-cold war history: the first and, to my knowledge, the last publicly organised conference of avowed criminals” in May, 2002.

The First Worldwide Carders Conference was the brainchild of the administrators of a landmark website, carderplanet.com. Known as “the family”, this was a mixed group of young men, both Ukrainians and Russians, who had spent the previous 10 years growing up in a lively atmosphere of gangster capitalism. During the 1990s, conventional law and order in the former Soviet Union had broken down. The collapse of the communist system had left a vacuum in which new forms of economic activity were emerging…

Founded a year before the conference, CarderPlanet revolutionised web-based criminal activity, especially the lucrative trade in stolen or cloned credit card data, by solving the conundrum that until then had faced every bad guy on the web: how can I do business with this person, as I know he’s a criminal, so he must be untrustworthy by definition? To obviate the problem, the CarderPlanet administrators created an escrow system for criminals. They would act as guarantor of any criminal sale of credit and debit card data — a disinterested party mediating between the vendor and the purchaser… The escrow system led to an explosion of credit card crime around the world in which many criminal fortunes were made….

Roman Stepanenko Vega, a Russian-speaking Ukrainian national who was one of the founders and administrators of CarderPlanet, explained to me how “two days before the conference’s opening, we received a visit from an FSB [Federal Security Service] officer in Moscow. He explained that Moscow had no objections to us cloning credit cards or defrauding banks in Europe and the United States but anywhere within the CIS was off limits.” In addition, the FSB officer let CarderPlanet know that if the Russian state ever required assistance from criminal gangs, it would be expected to co-operate…

Members of criminal gangs were later recruited into notorious state-backed hacking teams such as Advanced Persistent Threat 28.
A 2021 ransomware attack on Colonial Pipeline brought warnings of a U.S. counterattack, the article notes, after which “Russian police started arresting and imprisoning cyber criminal groups.” Ransomware attacks now seem particularly focused on Europe, and “According to cyber-security experts, the Russian government is giving these criminal groups information on potential targets.”
But once more the hackers have been careful not to cross what the Americans consider red lines, as advised, presumably, by Russia’s security services. Russia is probably confident that disrupting European businesses will be unlikely to provoke a cyber attack. But the U.S. — whether its government, municipalities or police — remains strictly off-limits.
Thanks to long-time Slashdot reader Geoffrey.landis for sharing the article.