Interesting news this week with some heavy anticrime work in Russia resulting in the arrests of the alleged RBS Worldbank cybercriminals. In related research I had to laugh out loud at this particular turn of phrase reported by the Financial Times;
I’m not sure how “avoiding scaring other targets” could be taken in any other way than ‘leave alone all of the other guys’… So today’s topic is around the question: Should the FBI actually lighten up as the FSB [allegedly] requests? First, let’s define what corruption really is.
JDLR is an acronym I learned from hanging out with cops: Just Don’t Look Right. That guy on the corner at 3am with the $200 sneakers on? To a beat cop, he probably would talk to him based on JDLR. At ESET malware is flagged because it JDLR (we call it heuristics).
What made me laugh about the Financial Times quote? When the FSB asks the FBI to ‘avoid scaring other targets’ in Russia it sounds too much like a dirty cop protecting other clients.
In my criminal investigative background, dirty cops got dirty by getting paid off or ‘hired’ by Bad Guy A to ignore criminal operations of Bad Guy A. Usually the escalation of this would end up Machiavellian and the dirty cop would be used to eliminate competition from Bad Guy B’s criminal operation.
All of this was almost mathematically formulaic in that it became a constant variable for the sphere of influence that Bad Guy A had with the dirty cop, with a fluctuating variable of the mandated positional effectiveness of the dirty cops. Basically, dirty cops keep their jobs by bringing in suspects in crimes. Dirty cops can double their personal effectiveness and bring in Bad Guy A’s competitors, leaving the dirty cops free to pursue other interests in their lives rather than working hard to fight crime.
In comparison between real life and television FX Network’s Shield crime-drama series was based on one such dirty cop. The series was loosely based on a real-life dirty cop story which took part in Rampart division of Los Angeles, California during the 1990s.
In one of these real world incidents, corrupt Rampart officer Perez (affiliated with one LA gang, our Bad Guy A) ended up framing Javier Ovando, another gang’s footsoldier or Bad Guy B. The dirty cop was in effect keeping his Bad Guy A safe by going after Ovando (Bad Guy B) and taking him off the streets.
My perspective is that it Just Don’t Look Right that the FSB would be concerned with mobsters covering their tracks, particularly those whose crime is cyber.
To be fair, let’s look at what ‘covering tracks’ may entail?
Arrests and convictions are society’s way of setting boundaries. In Saudi Arabia, drug dealers get beheaded every Wednesday. Stateside, white collar crime sentencing (fraud, embezzlement, California’s Sec. 502 cybercrime, etc.) has historically not had as strong sentencing as violent, or blue collar crimes (armed robbery, assault, sexual assault). Some states even have three strikes laws to keep triple felony offenders out of society forever with life imprisonment.
With that in mind, I’m not seeing FSB’s actions as providing much of a deterrent. According to Wired’s reporting, their expert’s viewpoint is aligned with my own in skepticism:
My analysis of this interview is that Hilbert’s experience is telling him things JDLR about this arrest having any relative impact based on his experience with countries having a corruption level so high. One truism which a whole slew of heavy-hitting US Attorneys on our side of the pond will tell you – until we can prosecute these cybercriminals in our courts, they’re not going to have any measure of deterrence.
Dancho Danchev provides the best solution I’ve heard all day. Really.
Basic criminology usually solves the crime by following the money or influence and attacking the weakest link in the chain. In cybercrime, it may end with legislation (and enforcement) of tighter restrictions on affiliate network programs such as what Dancho recommends. As far as how effective these arrests might be, Dancho's main question from his blog post still points towards shared and similar skepticism:
Feel free to comment on what you feel the FSB statement could be interpreted as – maybe I’m being too harsh. I haven’t had my coffee yet.
Contributing Writer, Securing Our eCity
Author ESET Research, ESET