On sale now at amazon.com

The return of the Russian gangsters

Mapping organized crime trends sheds new light on the local underworld

The reversion of drug routes from the south toward Russia is giving rise to new trends in organized crime in the Czech Republic, which is viewed as a potential drug hub.
Where have the Russian gangsters gone? There is a striking disconnect between the regular warnings from the police, Interior Ministry and Security Information Service (BIS) that Russians represent a serious challenge to the Czech Republic and the actual evidence on the ground: arrests made, criminals convicted, goods seized. Instead, it is usually Czech gangsters or criminals from even further afield who are brought to justice, such as the Vietnamese gangs that are increasingly being held responsible for trafficking marijuana and methamphetamines.
In part, those warnings have become a ritual recitation of past fears, and there always seems to be some terrible threat just around the corner. Two shootings in 2008, for example, led a BIS spokesperson to raise the specter of a gang war between Russian-speaking groups in Prague, which never materialized. Likewise, it seems every report of Russians in Karlovy Vary contains some dark allusion to mafia money.
Only sometimes there really is a wolf around that corner. While Russian gangsters are much less in evidence in the Czech Republic these days, there are real reasons to fear they will be back. As an official from the Internal Affairs Ministry in Moscow told The Prague Post, "Last time, our gangsters thought they could just bully their way in. This time, they will be much smarter."
In the 1990s, Russians made serious inroads into the Czech underworld, but even then there was a degree of politically convenient exaggeration: An Interior Ministry report in 1992 claimed 80 percent of all organized crime was committed by foreigners.
All the main networks such as the Moscow-based Solntsevo, St. Petersburg Tambovskaya and Chechen and Caucasian groups were strongly positioned in the country. For a while, Prague was even home to Semyon Mogilevich, the notorious Ukrainian-born Russian criminal who is a fixture on the FBI's "most wanted" list. However, the Russians' very visibility was also their weakness. They attracted far too much police attention and the enmity of local gangs.
Over the course of the 1990s, many Russians were forced out of the country, and a number of operations closed down. Yet that did not mean they abandoned the Czech Republic. Instead, the Russians had to adopt a lower profile. They withdrew from many street-level activities such as protection racketeering and selling drugs, though Ukrainian gangs still tended to victimize the Ukrainian community, especially in Moravia. Instead, they concentrated on working at the level of illegal wholesalers, criminal coordinators and underworld investors in businesses of every kind. Several sources in Moscow suggest even a link with billionaire František Mrázek, who was gunned down in Prague 2006.
They maintained contacts, a position within the Czech underworld and a criminal infrastructure. According to the Russian police, those foundations may be about to be built on afresh, mainly because of drugs, and Afghan heroin in particular.
Afghanistan produces more than 90 percent of the world's opium and heroin. Historically, those drugs flowed into Europe through the Middle East and Turkey. Increasingly, though, they are taking the "Northern Route" through Russia, which now accounts for almost a third. Some head east into China, some stays in Russia, but most carries on into the lucrative European market. This is proving a bonanza for Russian organized crime, especially given the depressed state of the rest of the economy. Gangs able to tax or control the drug routes are thriving.
As existing routes through Poland become saturated, the criminals currently managing the trade are looking for alternatives to get their heroin into Europe. The Czech Republic is well placed to be a drug hub (already Interpol reckons that 70 percent of all narcotics smuggled into the country is for re-export) and the Russians have the cash and connections to make it happen. A Russian investigator from their Federal Antinarcotics Service, the FSKN, told The Prague Post he expects the level of heroin trafficking into the country to increase by 25 percent a year.
He also raised an alarming second possibility, that it could become the arena for competition. As he put it, "if you can't control the pipeline, you wait by its mouth." In other words, gangs losing out in Russia might try to move into the Czech Republic to muscle into the market. By the standards of most European countries, heroin is disproportionately popular in the Czech Republic, creating a lucrative opportunity.
The third potential implication is that it experiences an influx of dirty Russian money. The traffickers are making unprecedented amounts and are doing so at a time when Russia's future is uncertain. For all his tough rhetoric, Vladimir Putin has never made the fight against organized crime a priority. Russia's godfathers fear the urban protest movement now rising in Russia might force Putin to crack down on corruption and dirty money. Thus there has been an upsurge in the amount of shady money leaving Russia (total capital flight this year is likely to be anything from $50 billion to $100 billion).
This coincides with renewed international efforts to control illegal capital flight and money laundering. Just when the criminals want to move funds out of Russia, their traditional routes through Cyprus, Israel and Italy are under pressure, so they are looking for alternatives. The Czech Republic has a highly developed and stable banking system, but on the other hand is perceived as somewhere that corruption and artifice can evade financial controls. The Russian FSKN has identified a number of cases in which it believes drug money may have been moved through networks of front companies into the country.
Meanwhile, the authorities may be looking the wrong way. Agencies like BIS seem most concerned about the threat of Russian intelligence agencies using gangsters as agents, or the Kremlin using front companies to gain influence. These are real threats, but arguably less immediate and serious than "ordinary" organized crime.
This politicized perspective also makes it harder to cooperate with Moscow. Unprofessionalism, corruption and political interference within Russian law enforcement are massive obstacles to any partnerships. However, at the same time, there are honest, intelligent and effective Russian investigators who genuinely want to collaborate.
The challenge is finding some route through the obstacles. A new law on Czech-Russian police cooperation is a great start. Next year, the Interior Ministry should also be completing deliberations about hiring suitably vetted foreign nationals, something Robert Šlachta, head of the ÚOOZ organized crime detection unit, has supported. Certainly some Russian and other Eurasian officers would also make it easier to infiltrate and understand these gangs.
Ultimately, the unavoidable logic of the market means the Russians are coming. Afghan heroin is reshaping the Russian underworld, creating winners who want to establish trafficking routes through the Czech Republic, losers who are being pushed west into Central Europe and profits that need to be invested. The question is how Prague prepares itself to deter or deal with its future guests.
- Mark Galeotti is professor of global affairs at New York University's SCPS Center for Global Affairs.

CEO of Group-IB: Hackers Join Traditional Organized Crime Groups

 Since the beginning of the year, the Russian authorities have put a halt to the activities of three cybercrime groups involved in stealing money from remote banking systems (RBS). At least three similar groups are continuing to operate. CEO of Group-IB Ilya Sachkov tells RIA Novosti correspondent Ivan Shadrin how money is stolen online, cashed, where it is stored and why individual hackers get together to form traditional organized crime groups. Group-IB investigates cybercrimes in collaboration with the Federal Security Service and the Ministry of the Interior.

Q: According to the Interior Ministry, over the past few years hackers have stolen millions of dollars from customers of Russian banks. Why is this happening? What is wrong with the Russian banking system?

A: You have to understand that a system which is completely invulnerable to attack simply doesn't exist. Cyber criminals can break into virtually any system. Added to that is the fact that some banks are not using the most secure systems.

Online banking money theft schemes

For instance, banks might provide customers only with a login, a password and a digital signature to access their remote banking accounts. If they get hold of a copy of an insecure digital signature, a criminal can launch an attack from anywhere.

To counter this threat, banks are introducing ‘security tokens.’ It is almost impossible to retrieve a digital signature from these tokens. However, USB tokens are often left connected to a computer even when the user is not logged into the remote banking system. In this way hackers can gain remote access to computers and transfer money directly. This is how they avoid security systems that track IP addresses of customers to prevent suspicious transactions – for instance, from abroad. In the case I described above the transaction looks legitimate because the IP address and the token are the customer’s. There is no cause to doubt the user's identity.

An even more complicated system uses one-time passwords that are printed out by the bank or sent in a text message. Companies usually use printouts, whereas individuals prefer texts.

Q: Can one-time password systems be hacked?

A: Basically, what happens is that criminals replace bank orders. An accountant fills in a payment instruction with the bank details required. But moments before the one-time password is entered, hackers change a particular set of data. When the user presses ‘sign,’ the bank details are already different and the money goes into the hacker's account.

There is another way to do it. Malefactors inject a phony pop-up window for a one-time password into the victim’s web browser. The user enters their password. The password is ‘processed’ for an extended period of time, followed by a time-out error. The customer has to enter another one-time password because the previous transaction failed. The accountant enters another password. The scammers now have two valid one-time passwords that must be used in order, the first to access the system and the second to send the payment.

In this scenario it does not matter whether the password was sent in a text or printed out. You enter the data yourself.

The choice of which fraudulent scheme to use often depends on the available software. Replacing bank details or injecting phony pop-up windows requires special software. If it is not available, cyber criminals have to resort to using social trickery to phish for passwords.

We know of cases where exceptionally bold fraudsters have called people up posing as bank employees and asked for their passwords.

Q: So the hacker has gotten hold of the password. What happens now?

A: It depends on the scenario. There are several different options. For amounts of up to 1 to 1.5 million rubles, the money is whisked off straight to the cards of the ‘money mules’ (cardholders hired to cash the stolen money). Within 15 minutes of the transaction, the money mules withdraw the money from ATMs and hand it over to their employers.

Larger amounts require more complicated cashing schemes. These are used for sums of between one and five million. Firstly, the money arrives in the account of a legal entity. The sum is then divided and wired to other accounts to cover up their tracks.

The ‘cashers’ get at least half of the stolen money.

Q: That's a pretty big commission. Why is that?

A: First of all, any theft is preceded by a lengthy period of preparation. Cashers and plotters talk through every detail. By the time the theft actually takes place, the money mules are fully prepared. They have a fictitious company, a bank account and cash cards for the money mules.

The current banking system allows any legal entity to create a remote "salary project." Generally speaking, a representative of the fake company will report to the bank that, for instance, 15 employees need salary cards. The bank will then request the names and passport numbers of the ‘employees’ and issue the cards. The passport numbers are usually the real IDs of the money mules. Alternatively, they can be bought from hacker forums.

Q: How are the money mules hired?

A: There are ‘honest’ and ‘dishonest’ money mules. Dishonest money mules know about their role in the scam and can even cheat their employers and disappear with the money. That's why cashers usually hire only those dishonest money mules they know well and trust.

Honest money mules are not actually aware of their role. There are websites where you can hire a person to cash money at a certain moment in time for a fee. These websites include statistics of the money earned by the mules. Each user can see their current assignments.

Money mules are usually the first to be tracked down. But they are of little use. Both the honest and the dishonest drops claim they know nothing and only withdrew the money for a friend who gave them the card.

Q: Is there any relation between cyber fraud and other crimes?

A: This business has historically been under the protection of ordinary criminal gangs. In the very beginning, cashers worked in close cooperation with traditional organized crime groups and assisted with laundering the money from illegal sources. It is easier for cyber criminals to find these people instead of organizing a money mule project from scratch.

Obviously, when the leaders of organized crime groups see that the hackers don’t mind giving away half the stolen money they become curious. They are curious enough to include hackers in their ranks and organize thefts so that they can keep all the stolen money for themselves. We are aware of such cases.

Q: Who are the more frequent victims of cyber fraudsters, companies or individuals?

A: Until the second half of 2011 more crimes were committed against companies, but since then attacks on individual accounts have became more prevalent. This is due to companies becoming more careful about the security of their assets.

In fact, if we look at the statistics, there is no clear distinction. The criminals can steal from anyone, and any amount. So far, we have only seen one small group that targeted only individuals. The reason was that they used a very simple program that did not allow hacking into corporate systems.

Q: The Interior Ministry recently reported that a botnet of six million infected computers had been shut down. Are all ‘financial’ botnets so big?

A: It does not really matter how big a botnet is when it comes to stealing from remote banking systems. Hackers may control a network of 50,000 infected computers, or bots, but only a couple of them have banking software installed. Cyber criminals that attack remote banking systems usually buy targeted web traffic with high conversion rates. A botnet may have only 1,000 bots but the majority will have a remote banking system installed.

For instance, Carberp [the biggest cyber gang, which had stolen around $150 million by the time they were caught in March - editor] tried to hack into accounting websites to send out malware. The reason was obvious: nobody visits such specialist websites just out of curiosity. A similar tactic is being used against ordinary users when the most visited banking websites are attacked. So it is not about the number of bots. It is about the quality of traffic and conversion, just like in any other business.

Q: Do Russian hackers target only Russian banks?

A: Yes, in 99% of the cases that we know about. It is quite difficult to just wire the money to a foreign bank. You would probably even have to go to the bank in person to complete the transaction. Naturally, cyber criminals do not want to go down that road.

However, when it comes to stealing from electronic payment systems, wire transfers to foreign payment systems are more frequent – only because if hackers want to cover up their tracks they transfer money to, for example, Pakistan in order to send it back to their accounts afterward. Foreign banks and payment systems are not interested in reporting suspicious transactions to foreign security services.

Q: Are payment systems attacked?

A: Absolutely. Owners of accounts in various payment systems can lose their money, too. The scenarios used are similar but the money is transferred to either other e-wallets or cash cards.

The money can easily be lost. It is stolen from one payment system and transferred to another, then somewhere else; it is then cashed or sent back to the first system. It’s not easy to follow the trail! There are many scenarios. In addition, many payment systems are registered in offshore countries that do not provide any information about transactions.

Q: How big is this sector?

A: E-wallet thefts are as common as bank account thefts. Some people keep substantial funds in their e-wallets. Many companies have electronic accounts to pay for freelance services.

It is in fact easier to steal money from online payment systems as it does not involve money mules or dummy companies. Besides, if a bank account fraud is discovered, the money will be frozen and charged back to the victim’s account, whereas most online payment systems do no have this feature.

When online payment systems are hacked, the money can be converted into mobile phone credit. Some mobile networks allow phone balances to be cashed. Sometimes cashing involves purchasing rail tickets. Thieves buy an expensive ticket (for a Moscow to Vladivostok train, for example) online and then return it to reclaim most of the money.

Q: Do cyber criminals have any favorite web money systems? If hackers don’t cash the money where do they store it?

A: Hackers have a number of payment systems that they use more often than others. For example, Liberty Reserve.

The first payment system to be closely involved with hackers was eGold, which later came to the attention of the intelligence services. The system has stopped fraudulent transactions ever since. This was when Liberty Reserve (LR) came in.

The organization was set up in the early 2000s but the system has only been active since 2006 shortly after eGold was shut down. The system was registered in Costa Rica. For only $40, you can get a cash card with their account. The bank card is issued by a bank in Lebanon that, as well as being an offshore company, pays zero profit tax.

LR has very stringent security. Since its launch, the system has not been affected by anything more serious than phishing. At the same time, they have a very simple user agreement, no small print and only a few conditions. The onus lies on customers to protect their passwords. No chargebacks. The system is only responsible for the safety of the money and secure transactions. LR charges 1% but not more than $2.99. Paying just $3 to transfer a million dollars – that's pretty convenient!

Russian and foreign hackers really like this system. Russians call it Lyuba. They use LR mostly to wire payments to each other, probably because the system does not block transactions. LR does not care about what you are paying for and what you write in your comments.

LR is also popular because of its privacy. LR will never disclose any information about payment orders to the authorities. Nobody knows how much money LR actually stores and almost no one knows who runs it.

As far as chargebacks are concerned, LR explains it this way: it is not a bank and it does not care about its reputation. Privacy and reliability are its reputation.

Q: Does that mean users have no guarantees?

A: Apart from those stated in the user agreement – no. And it’s a big risk to use LR. What if it just disappears tomorrow? Everything is founded completely on trust.

Q: But with such strict privacy, can the fraudsters be caught at all?

A: There are two approaches. The first is the police approach to search for the money mules. They find the people who cash the money and the people who are responsible for the theft. But there are so many money mule services in Russia that one will easily replace another. Moreover, where big money is involved, cyber criminals will never confine themselves to only one money mule service. They use several because they deal with dozens of payment orders every day. The sums have to be broken down into smaller amounts, which takes time.

This is the reason why owners of botnets have to hire people to keep an eye on the victim’s account, transactions and other financial information – not just out of generosity but because one person can’t handle that much money. It is a complex scam. If the police try to untangle this knot starting from the money mules they will only find the intermediaries in the criminal chain, not the organizers.

We proceed from the assumption that it is the organizers of the scheme who need to be found first of all. Be it the botnet owner or the cyber criminal who does the stealing. Once the source is uncovered, the accomplices will follow. Our experience shows that only one or two people make up the core of any cyber crime gang. These are the ones at the top of our wanted list.

Q: What kinds of people are they?

A: They are ordinary people, IT specialists. Sometimes they are in employment but more often they are unemployed. They buy expensive cars for 3-5 million rubles, apartments and other luxury goods. They travel a lot. For instance, the Carberp developer wasn’t really based in Moscow. It was difficult to arrest him because he was blowing all the proceeds on traveling and living it up. Now he won’t be seeing much of the world for a long time.

Q: The court ruling in the Carberp trial is pending. Do you think there is enough evidence against the gang leader?

A: We have been collecting evidence on the Carberp leader together with the police and the Federal Security Service since 2009. We examined the malicious software he used and discovered the servers managing the botnets and how they are connected. We tracked down phone calls and his movements across the country. We also got in touch with our colleagues abroad to obtain the data from the servers managing the botnets.

The investigation is not over yet. We are still compiling a full list of victims and identifying further incidents. We believe that this would make the evidence concerning the Carberp criminal cases complete. And we hope that the trial results in a verdict that is commensurate with the crimes committed and that the stolen funds are at least partially restored. At any rate, the court will have the final say.


Russian Ex-Cops Kidnap, Kill Austrian Lawyer

An Austrian lawyer linked to Russian organized crime was kidnapped and accidentally killed by two former Russian policemen with a criminal record, Kommersant daily reported on Saturday.

The body of Erich Rebasso, who went missing in Vienna in late July, was recently unearthed in a forest outside the Austrian capital, the report said.

The discovery was made after Russian police detained the two alleged kidnappers on request of their Austrian colleagues, who traced them to Moscow.

The suspects, Pavel Vlasov and Alexander Molchanov, have served on the police force in the city of Kirov, but were discharged and jailed for fraud and heroin dealing, respectively.

Vlasov and Molchanov, who started working for an unidentified crime boss after serving their prison sentences, admitted during questioning that they kidnapped Rebasso.

But they said they hit him on the head so hard he died in the process, Kommersant reported.

Rebasso’s death did not prevent the duo from unsuccessfully attempting to extract a ransom of 435,000 euro ($535,000) from his family.

Russian and Austrian police agreed that Vlasov and Molchanov were likely acting on someone else’s orders, but the duo named no prospective organizers so far, the report said.

Rebasso represented at least one prominent Russian businessman with a criminal record. In 2007, the lawyer was named the head of a Ponzi scheme that allegedly cost hefty sums of money to some prominent figures of the Russian underworld, though he proved in court he was a victim of identity theft and not involved in the fraud.

Vlasov and Molchanov are currently in custody and can face up to 15 years in prison if charged and convicted of kidnapping. They will be tried in Russia because Russian legislation does not allow extradition of the country’s citizens.

Expose Little Odessa’s Hidden World of Russian Crime

Investigate the Russian 'mafiya' and visit the places that have made Brighton Beach one of the world’s crime capitals.
Look past the summering beachgoers and into the back rooms of Little Odessa’s buildings and you’ll uncover a realm of prostitution, trafficking, and fraud. As a hotbed for illegal activity, the Brighton Beach area of New York now ranks with Moscow, China, and London at the top of the crime capitals. But how did this happen? Where between the neighborhood stores and the beautiful boardwalk did so many residents fall through the cracks and into a life of criminality?
Professor Mark Galeotti has been studying Russian crime for over three decades and has published a number of works that deal with global and organized crime around the world. A consultant for the FBI and several police forces, he was also a special adviser to the British Foreign Office before coming to New York.
Meet at Tatiana Restaurant on the boardwalk where, over a drink, Mark will tell you about the roots and rise of Russian organized crime in Little Odessa, from the 'Potato Bag Gang' of the 1970s through to the entry of tattooed veterans of the Soviet labor camps. You'll hear about the characters and the scams, the deals struck and the blood on the streets.
Then Mark will take you down the boardwalk and into Little Odessa. As you walk, he’ll point out some of the little-known landmarks of this criminal history, from cafes where murders were planned to the place where Russian and Italian gangsters first began to work together. Along the way, you'll find out why the criminal landscape of today focuses heavily on white-collar crime, Medicare fraud, and massive multi-million dollar rackets, and learn quite a bit about this fascinating corner of New York.

Interpol Arrests Russian Grigory Basalygin in Ecuador

Russian Grigory Basalygin, 28, was arrested in Guayaquil, Ecuador, for his involvement with organized crime and meeting an extradition request from the Russian Federation, said the local Interior Ministry.

Basalygin is charged with armed assault, drug trafficking and home invasion and assaults of businesses with severe economic damage to the victims.

Security Vice Minister Javier Cordova said Ecuador now investigates Grigory Basalygin activities in Ecuador and arranges the terms of his extradition and defines his arrest a blow to international and organized crime.