Partly Cloudy70° WeatherPartly Cloudy70° Weather

Soviet Union web space prime for hackers

Group-IB, which runs one of Russia’s two Internet watchdogs, says the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and again in 2012.

Associated Press

Group-IB, which runs one of Russia’s two Internet watchdogs, says the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and again in 2012.

MOSCOW — The Soviet Union disappeared from the map more than two decades ago. But online, an "e-vil empire" in its name is thriving.

Security experts say the .su Internet suffix assigned to the USSR in 1990 has turned into a haven for hackers who have flocked to the defunct superpower's domain space to send spam and steal money.

Capitalist concerns, rather than communist nostalgia, explain the move.

"I don't think that this is really a political thing," said Oren David, a manager at security firm RSA's antifraud unit.

David noted that other obscure areas of the Internet, such as the .tk domain associated with the South Pacific territory of Tokelau, have also been used by opportunistic hackers.

"It's all about business," he said.

David and others say scammers began to move to .su after the administrators of Russia's .ru space toughened their rules in late 2011.

Group-IB, which runs one of Russia's two official Internet watchdogs, says the number of malicious websites hosted across the Soviet Union's old domain doubled in 2011 and doubled again in 2012, surpassing even the vast number of renegade sites on .ru and its newer Cyrillic-script counterpart.

The Soviet domain has "lots of problems," Group-IB's Andrei Komarov said. "In my opinion, more than half of cybercriminals in Russia and former USSR use it."

The most notorious site was exposed.su, which purportedly published credit records belonging to first lady Michelle Obama, Republican presidential challengers Mitt Romney and Donald Trump, golfer Tiger Woods and celebrities including Britney Spears, Jay Z and Beyoncé. The site is now defunct.

Other Soviet sites are used to control botnets, the name given to the networks of hijacked computers used by criminals to empty bank accounts, crank out spam or launch attacks against rival websites.

Internet hosting companies generally eliminate such sites as soon as they're identified. But Swiss security researcher Roman Huessy, whose abuse.ch blog tracks botnet control sites, said hackers based in Soviet cyberspace can operate with impunity for months at a time.

Asked for examples, he rattled off a series of sites actively involved in ransacking bank accounts or holding hard drives hostage for ransom — brazenly working in the online equivalent of broad daylight.

"I can continue posting this list for ages," he said.

The history of .su goes back to the early days of the Internet, when its architects were creating the universe of country code suffixes meant to mark out a website's nationality. Each code — like .fr for France or .ca for Canada — was meant to correspond to a country.

With more than 120,000 domains currently registered, mothballing .su now would be a messy operation.

"It's like blocking .com or .org," Komarov said. "Lots of legitimate domains are registered there."

Among them are stalin.su, which eulogizes the Soviet dictator and the English-language chronicle.su, an absurdist parody site.

Soviet Union web space prime for hackers 05/31/13 [Last modified: Friday, May 31, 2013 9:41pm]

Copyright: For copyright information, please check with the distributor of this item, Associated Press.
    

Join the discussion: Click to view comments, add yours

Loading...