Kaspersky Lab accused of bribery
All's fair in love and war, as they say – and some consider business to be one of those, if not both. With the ongoing shift of commercial operations to cyberspace, cyber-crime is on the rise as well. And it’s not just about hacking and stealing credit card details – dirty competition has found its way into the digital world as well. One of the easiest way to harm competition without actually trying to improve own business is to shut down their website – it’s the modern equivalent of trashing store windows.
While generally these sort of shenanigans are not noticed by the general public and the authorities, a local cyber-war took place last holiday season. Several Russian online stores selling New Year's decorations - trees, ornaments and such - were attacked by hackers. Experts of the Russian IT forensics company Group-IB have registered massive denial of service attacks targeting large e-retailers selling aforementioned goods. According to the official statement, it wasn’t really something out of the ordinary. General Director of Group-IB, Ilya Sachkov, explained distributed denial of service or DDoS attacks are traditionally seasonal. It's high season for commerce, and sites who receive most traffic during this time are ones most likely to get hit. So, why would one do that? The answer is pretty obvious. Competition is tough, especially online - users don't have any physical limitations when it comes to choosing where they shop – not like in “meat-space”, where location plays a significant role. Some e-retailers try to lure in customers with lower prices, some offer free shipping and some think that a more efficient use of their money is to spend it hiring hackers to attack their competitors.
Seeing as how information on products and stores is at the customers' fingertips, if they really need something and one store is down, they'll just find another store. Switching stores is a matter of minutes – it’s not like you have to drive or walk around. The fact that a number of sites selling New Year’s decorations were targeted gives reason to believe that it’s mostly likely one of lesser-known competitors who ordered the attack. Seems logical – not being at the top of listings meant customers probably were satisfied with the top stores – so shutting them down would force customers to explore other options. It happens more often than people talk about it. For example, I have a friend who runs a few online shops. He admitted that his server went down on more than one occasion for the same reason – DDoS attacks. Rivals didn't like sharing their clients and were willing to pay the price of a few thousand rubles to at least temporary disable the competition. According to security experts, it's relatively easy to buy programs able to control robot or zombie networks – hundreds, sometimes thousands of computers sending signals that overload a server, constituting a DDoS attack. The particular variety suspected of being used to take out New Year's websites costs around $300 dollars through underground forums – and protecting servers from these attacks and dealing with the aftermath costs a lot more, meaning that financially speaking, defense is less effective that attack. Of course, there’s the issue of ethics and a very, very small chance of the authorities being involved.
Such is the case involving Assist, a digital payment processor company. In 2008 the system was taken down by a DDoS attack. It was a pretty serious attack, too – the system did not function for 9 whole days. As the nature of the business is making sure money from an account A reaches account B, a lot of people and companies became secondary victims in this incident. One of these companies was Aeroflot, the largest Russian airline. Losses for Assist were estimated to be in the range of 15 million rubles – but that’s nothing compared to what their major client lost. Being unable to sell tickets online, Aeroflot claimed to have lost 146 million rubles. Long story short, an official investigation was launched and eventually yielded results – evidence pointed towards another digital payment process, Choronopay. Its owner, Pavel Vrublevskiy, became the defendant in the criminal case. He admitted to organizing an attack on the site in the end of 2011 – however, in 2012 the court has returned the case to the prosecution, claiming there have been errors in indictment and adduction evidence. For half a year, again, everyone seemed to forget about this story – until March of this year.
As I’ve said, the investigation discovered that the attacks were commissioned by Chronopay. But how did it happen? This information was not public – not in mass media, anyway. Apparently, Kaspersky Lab, a well-known IT security company, was hired to help out with investigation and provide digital forensics services. February 20th of this year State Duma deputy Maxim Shingarkin filed a query with Prosecutor General Yuri Tchayka as well as director of the Federal Security Service Alexander Bortnikov, in which the deputy claimed according to his own sources and information found in the world wide web, an employee of Kaspersky Lab could have received a 50,000 dollar bribe for the aforementioned digital forensics. So, for all anyone knows right now the data implicating Chronopay was fabricated. If the allegations are true, it’s not just the denial of service case that comes at risk – Kaspersky Lab’s reputation is at stake. The company, apart from selling consumer anti-virus solutions, also provides security services for major corporate and governmental entities, including industrial and nuclear facilities. If the company’s performance can be altered through bribery – well, it’s best not to trust it then. While the prosecution looks into the accusations, the company itself issued a statement, discarding any chance of foul play and reminding that this idea was already voiced by the defense in the aforementioned case in order to render evidence inadequate. This story actually can make a relatively good cybercrime movie, perhaps with the addition of a little drama and explosions.
By the way, the Digital October center hosted the annual i-COMference March 5th and 6th . It was dedicated to communication through modern technological platforms, covering the now-traditional topics – e-marketing, crowdfunding, viral marketing, using social media for commercial purposes and so on and so forth. As the conference wraps up, I’ll give you an overview of the event, which had participants from both young and aspiring start-ups and internet powerhouses. Meanwhile, even the dinosaurs of traditional business are starting to venture out in the cyberspace – and I’m not talking about just selling services and goods through the internet. Sberbank, Russia’s largest bank, has decided to jump on the start-up bandwagon. It has launched a fund for support of online entrepreneurs – and although this idea was initially not appreciated by the bank’s chairman German Gref, he green-lighted it after Vladimir Putin expressed his support. It is expected that the fund will be partially crowd-sourced, too. A website is expected to launch, where entrepreneurs present their start-ups and users vote for them and even support financially. Sounds familiar? Well, to me it sounds very similar to Kickstarter. German Gref is not known for wasting money and his initial gripe was high risks for start-up financing. Perhaps this will reduce the risks for the bank as it will be able to choose those projects that already have some real-world traction.
Speaking of start-ups, FourSquare is a very young service, and it’s already a household name on part with Facebook and Twitter. Frankly, I’ve never been a fan of it – I really don’t see the point. But then again, if perhaps I had dozens of friends always roaming around the city and said city wasn’t Moscow – if it was something where you can actually walk from one worthwhile place to another – perhaps then would see its benefits, like hooking up with friends who happen to be nearby. For now, I see this is a way to claim superficial rewards from businesses who offer them – like, say, a cup of coffee per check-in. But don’t take my opinion. A recent survey indicated that a third of users of geolocation services like Foursquare “want friends and family to know where they’ve been”; 23% admited that they only do it for special offers from retailers – hey, like me!; 16% are even more vain and do it to show off where they’ve been – sometimes that’s me, too; 15% want to alert people close by for a chance to hang out – that’s what I would use it for; and 11% do it for the virtual points and badges. Having this in mind, this week Timur Krasnobrizhev, representative of an agency creatively called “Social Networks” provided figures on Foursquare usage in Russia. The country now has approximately 1.7 million Foursquare locations and 450,000 users, who have made over 100 million check-ins to this date. Impressive. The most popular locations are, as expected, in Moscow. Number one is Domodedovo international airport, number two is a trendy nightclub Gipsy and number three – Gorky Park, which is currently going through major renovations and is also becoming a hotspot for the hip crowd, as Foursquare activity demonstrates.