April 27, 2012, 10:44 AM — Russian-speaking criminals grabbed more than a third of the entire global cybercrime market in 2011 as a growth in online fraud activity turned the country into a major digital crime superpower, a new report has suggested.
The State and Trends of the Russian Digital Crime market 2011 from Russian security research company Group-IB estimates (using public and partner data) that the global cybercrime market reached around $12.5 billion (£7.74 billion) in size during the year, with Russians and Russian speakers (including those outside the country) accounting for $4.5 billion of that total.
At the same time, using its own internally-collected analysis, the Russia-only cybercrime market doubled to $2.3 billion compared to 2010, a disproportionate level of activity considering the country's modest 143 million population.
The top Russian cybercrime activity was online fraud, equivalent to almost a billion dollars in revenue, just ahead of spam on $830 million, internal market services on $230 million and DDoS on with $130 million.
As well as startling growth, the Russian cybercrime scene also saw consolidation into larger, more organised groups increasingly controlled by conventional crime mafias. There was also evidence of co-operation between these groups, and the growth of an important internal 'crime-to-crime' (C2C) market to support its activities.
Coming from a Russian-based group of researchers, the report makes fascinating reading. There is a wealth of anecdotal evidence from crime busts and malware trends that Russia is a key hub for crybercrime but hard numbers are seldom put on its inner workings or business model.
An obvious question is why Russia has become such an important country for cybercrime. Beyond the traditional explanation of the large number of relatively poorly-paid programmers in the country, Group-IB also underlines the importance of policing and local laws.
The researchers note the case of Yevgeniy Anikin and Viktor Pleschuk, who were part of the gang that stole $10 million from the Royal bank of Scotland's WorldPay ATM system in 2008 And yet received suspended sentences from Russian courts.
"Thus, because of imperfections in Russian laws and the lack of severe penalties, stable law enforcement practice, and regular training regarding counter cybercrime measures, cybercriminals are disproportionately [not held] liable for the crimes they commit," note the researchers.
"The cybercrime market originating from Russia costs the global economy billions of dollars every year," said Group-IB's CEO, Ilya Sachkov.