The BBC Interviews a Reformed Russian Hacker

"Four hours flight east of Moscow, the next generation of those graduates is in training.

In the snow-coated Siberian city of Tomsk, one in every five residents is a student. Information security is what they excel in. But in college corridors here, students talk of hacking with respect, even reverence."---BBC (3-11-10)

The BBC recently travelled to the Siberian university town of Tomsk, Russia, in order to interview young Tomsk hackers. I have written a number of articles suggesting that Tomsk hackers might have been involved in the hacking of the East Anglia University's Climate Research Unit (CRU). After I posted my articles, the British media also began to speculate about this possibility. Perhaps the BBC (3-11-10) is trying to learn more about Tomsk hackers because of the recent "Climategate" hacking scandal.

Some evidence suggests that young hackers based in Tomsk may not have been the culprits. According to technology editor Charles Arthur of the U.K. Guardian (2-5-10):

Analysis by the Guardian and digital forensics experts...suggests the access occurred over a period of days, if not weeks, and was carried out from a computer based on the east coast of north America.

...[S]omeone with clear hacking skills...grabbed the files [and] broke into the RealClimate blog to upload the archive and prepare a draft post; then, when that was thwarted, they uploaded it to a Russian website, and posted links to it on climate sceptics' blogs using web servers located in Saudi Arabia and Turkey. [See the full text of this interesting analysis.]

Hopefully, British investigators will soon track down the hacker.

The BBC (3-11-10) interviewed a former hacker named Yevgeny Kaspersky, whose Wikipedia says that he "graduated from the Institute of Cryptography, Telecommunications and Computer Science, an institute co-sponsored by the Russian Ministry of Defence and the KGB." I don't know where this school is, but FAPSI used to have a school like that in Voronezh. This school is called "the world's largest hacker school," according to Wikipedia. [See Kaspersky's blog.]

The BBC (3-11-10) observes:

Yevgeny Kaspersky describes Russia as a nation of "super hackers" and he should know.

Mr Kaspersky has made his name battling the world's cyber criminals. The computer security guru says hackers in China and Latin America generate the greatest number of cyber-attacks.

The most sophisticated come from his own country.

"Russian attacks look more professional. The malware and design is more complicated and more technical," Mr Kaspersky says.

"I think it's thanks to Russia's technical education. Its graduates are probably the best."

Four hours flight east of Moscow, the next generation of those graduates is in training.

In the snow-coated Siberian city of Tomsk, one in every five residents is a student. Information security is what they excel in. But in college corridors here, students talk of hacking with respect, even reverence.
"Hacking is an art, the art of breaking-in," Alexei says. "A true hacker strives to learn something new. It's the art of constantly achieving new heights of expertise."

The students don't learn this art directly in class. Alexei says his institute only "helps him in the right direction". But there are plenty of opportunities to hone your hacking skills on campus. [Full text.]

According to Russia expert Dr. Paul Goble (5-31-07):

The FSB (state security) and quite possibly elements within the Kremlin itself have been encouraging Russian “hacker-patriots” to launch denial of service attacks on websites that official Moscow does not like, according to a leading Russian investigative reporter who specializes on security issues...

Such arrangements provide the Russian government with plausible deniability while achieving the ends that its officials quite publicly indicate they seek.

In 2002, [Russian journalist Andrei] Soldatov notes, Tomsk students launched a denial of service attack at the “Kavkaz-Tsentr” portal, a site whose reports about Chechnya angered Russian officials. The FSB office in Tomsk put out a special press release saying that what the students had done was a legitimate “expression of their position as citizens, one worthy of respect.”

Over the next several years, Russian hackers attacked a variety of other sites...

Russia’s “hacker-patriots” have not limited themselves to attacks on websites linked to Chechnya or foreign states. They have also attacked extremist groups like the National Bolshevik Party, moderate opposition groups like “the Marc of Those Who Disagree,” and mainstream media outlets like “Kommersant” and “Ekho Moskvy.”

In all these cases, Soldatov suggests, the FSB with its Center for Information Security as well as the National Anti-Terrorist Committee did not have to use their own in-house resources to attack objectionable websites; they could simply point the growing community of “hacker-patriots” in the right direction...

[Soldatov observes] that “it is not excluded” that “certain groups of activists are being guided not by the special services but by the administration of the president”...[See full text.]