I agree that it is a prejudice and should be avoided, but it's not completely groundless:
According to industry analyses, Russia accounts for about 35 percent of
global cybercrime revenue, or between $2.5 and $3.7 billion. That’s wildly
out of proportion with the country’s share of the global information
technology market (which is around 1 percent).
"Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection?
In part, it is prejudice and laziness. The stereotype of the Russian hacker has become such a common media trope that it gets recycled again and again. It also offers a handy update for those looking for new ways to perpetuate the ‘Russian threat.’"
2. Following article line on FSB - anyone knows who hacked PCs of Iran nuke facility? If we judge on who had a reason - US - we shall assume that US have the same or even better hacker team than Russia [very clever OS hack that resulted in hardware malfunction at the nuke plant, thus significantly reducing its output - was covered in 2011].
3. I suspect that most of 'industry analysis' is funded by government agencies, directly or indirectly. So if the conclusion of 'industry analysis' would be that US accounts for 35 or 65 percent of global cybercrime revenue, then the next question would be - what the hell are the various government agencies doing and how effective do they spend government/taxpayers' money?
4. From the same article:
"However, a more basic answer is that a disproportionate number of Russians have worldclass math and computers skills, yet not the kind of jobs to use them legitimately. Although many firms in the industry are based in Russia, or else hire Russians, there is a pool of skilled but under-employed programmers who embrace the hacker world for fun, out of disillusion, or for profit."
Anyone can show me a skilled but under-employed programmer in Russia?
"Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
But of course there are russians, americans, germans, brits, and other nations, which do quite some harm. I just do not think there is a legitimate way to define the winner.
Sorry for off-topic rambling, probably due to habit of enjoying fact-based debate, which resulted from my days in finance ;-))
While my comment was poorly worded, statistically the majority of large botnets like Coreflood, Storm, BredoLab, Rustock, Kelihos are of Russian origin. Even the botnet we are discussing was first seen in Russia.
To comment on a couple of your points
2 - With Stuxnet, I think everyone agrees that US/Israel is to blame. The Russian connection is made because aside from the Iranians, the Russians are the only ones that had access to the facility, and they built the place. A Russian spy is a more likely culprit than a US-Iranian scientist double-agent sabotaging his own facility with results that could kill all of his co-workers.
4- No-one is talking under-employed. These criminals make more money than they ever would at any other job selling access to their botnet, advertising, spamming, installing fake virus software, stealing credit cards, etc. etc.
This gives rise to entities like the Russian Business Network (RBN)
Anyway, I meant no offense, if only americans or brits were clever enough to create a similar profile or stereotype, but I think some script kids guessing passwords pales in comparison to outsmarting the worlds largest software vendors and security researchers.
You are correct on #4. I've heard some stories about hrackers storing piles of cash under the couch [this case was in Ukraine], made from cracking banks/ATMs. Definitely, black activities are much more profitable. But I do not think that [in real life] those that crack get most of the money, with few exceptions. Biggest pile usually goes to those who organize or cover (underworld Board/CEO equivalent).
However, the start-up fever, which started in Russia appr. 1-1.5 years ago, is getting traction, as well as tech industry. This provides more opportunities and better risk/reward ratio and shall result in that more and more people will be moving to bright side.
>"Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
Well, Group-IB (a Russian computer security company) seems to disagree:
In Russia the situation is additionally worsen by a great amount of
technical universities graduates and by unstable home economy
situation as the result of which the mentioned specialists cannot
find highly paid legal income.
I don't know where they get the data from, though.
But of course there are russians, americans, germans, brits, and other nations, which do quite some harm. I just do not think there is a legitimate way to define the winner.
Sure, it's still a prejudice, I was just pointing out it's not completely irrational.
> "Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
Pretty good observation. I think most people are operating on 10-12 year old data when they think that. They think "fall of the Soviet Union" with now hungry scientists slowly turning to the dark side to become less hungry mad scientists who will inflict pain and suffering upon us all.
Perceptions are funny thing [except when from yr boss]...
I recall that in 1997-1998, when I was helping Coca-Cola establish plant in Vladivostok (Far East near Japan, 0.5 mil population), some people were concerned to go there because of tigers and bears wandering in the streets...
Yes, when I was setting up a server I eventually had to apply a separate and more draconian set of firewall rules to IP addresses in Russia and China to avoid my logs just filling up with Junk, failed logins , attempts to access shady looking URLs which did not exist and HTTP requests filled with fragments of shell or SQL script.
To be fair I'm sure this only represents a minority of the people in these countries but perhaps it is just that it is more lucrative there.
I imagine it's quite hard to earn a decent living in the west just by breaking into a few servers and sending out a bit of spam, in Russia it probably looks like an attractive get rich quick for anyone with tech skills.
> in Russia it probably looks like an attractive get rich quick for anyone with tech skills.
It is attractive. But again this is about risk/reward ratio. With increase of risk/complexity and other, legal, opportunities more people shall switch... I think...
Based on that statistic it is significantly more likely that any particular cyber crime (or accurately dollar raised by cyber crime) is nothing to do with Russia than is and yet still this is a justification?
That article doesn't even provide enough information to say that if you had to pick a single country of origin then it's more likely to be Russia than anywhere else.
In terms of generalising based on that sort of thing though, would you similarly justify a suggestion that a drug deal was down to a young black male on the grounds that proportionately young black males in the USA are more likely to be convicted of such offences than young white males? Or would you see that as a sweeping and unhelpful generalisation that tars a whole group based on the activities of a minority?
Apparently you forgot to read the first line of my post. I'm not justifying anything, I'm explaining why the prejudice exists, and that it's not necessarily due to racism.
No. "Racism is the belief that inherent different traits in human racial groups justify discrimination".
If it's based on the current social or economical situation of Russia, it's prejudice, but not racism. Remember that Russians are "citizens of Russia", not a particular ethnic group.
I observe however that their is an emergent definition of 'racism' which is quite a bit more broad than yours.
Basically it is this "Assuming specific or stereotypical attributes about an an individual or group, based on that individual or group's membership in a definable group."
This removes the typical restriction that it involve 'race specific traits' so things like 'Bankers are greedy criminals' or 'Christians are fascists' get reflected back as variations on the 'racist' meme. When ever that group membership nominally includes race it's considered racist by people who share that racial attribute.
Even the discussion we're having (and as an operations guy I see a lot of bad actors whose IPs originate in countries that were former parts of the USSR) we have to be careful to disentangle accusations of people of a region being bad, and regions which host infrastructure which is available to everyone, being used for bad. The Internet does many things and one of those things is create 'telecommuting criminals' who may easily be living in New Hampshire but hosting their C&C servers at a friendly ISP or EC2 equivalent in the Ukraine.
I presume it is inherently and practically more difficult to investigate identity of someone renting servers in US vs Russia, Ukraine or China, in part because of language, legal system and political differences.
Race does refer geographic origin (among other things.) It does not include career or religion. I don't think that is related to what is being discussed at all.
Lots of racism emerges partially as a result of some statistical basis in current social or economic situations that for whatever reason correlate to an ethnic group or nation of origin. (And racism is not solely about ethnic groups, it's also about nations of origin -- ethnic groups are just one of the classifications of humans that are considered "race", geographic ancestry is another.)
It's not racism to recognize these statistical facts. Racism is when we have prejudice based on them. It's when we slander an entire ethnic group or nation of origin based on the actions of a few of them. This is not justified just because there is more cybercrime in Russia than elsewhere: there is cybercrime everywhere, and the vast majority of Russians are not cybercriminals.
It's racism to say we "run the risk of russians" when we mean we run the risk of malevolant cybercriminals. The two terms are not interchangeable. We don't say you "run the risk of blacks" when we mean you might get mugged in downtown LA even if we believe that more muggings in downtown LA come from blacks than other ethnic groups, nor do we say you "run the risk of whites" when we mean you might get killed by a serial killer as you're walking to your car in an empty garage at night, even if we think perpetrators of such crimes are more likely white than anything else.
I think it depends on what one attributes the statistical fact to; it's only racism if we consider it inherent to the group. If we consider that to be a result of a particular condition that happens to be affect certain group at this point in time, and that any other group would have the same problem if subject to the same condition, I don't see how is that racism.
I think your examples are clear prejudice (and no, I wouldn't say them), but they may or may not be racism.
I suppose I just don't see what would motivate someone to slander an entire group of people based on the actions of a few. If someone is worried about cybercrime, they should say so rather than substituting "Russian" as a synonym for cybercriminal. To me that implies that cybercrime is an inherently Russian activity. Perhaps I am too quick to read racism against Russians into such an inflammatory use of the word "Russian" due to the amount of racial discrimination I have seen against Russian users while working in the game industry, where it is not uncommon to dismiss Russian gamers as probably a pirate or probably a hacker and to refuse them a level of support that would be provided to a person with a different accent or last name.
"the term "racial discrimination" shall mean any distinction, exclusion, restriction, or preference based on race, colour, descent, or national or ethnic origin that has the purpose or effect of nullifying or impairing the recognition, enjoyment or exercise, on an equal footing, of human rights and fundamental freedoms in the political, economic, social, cultural or any other field of public life."
I don't know what the US legal definition is (though I'm guessing it's the similar) but in the UK discrimination based on country of origin would count as racism.
It's not that Russians are inherently cybercriminals, but the country does seem to be currently suffering from conditions that help it foster.