|image source: http://unisdr.org|
|image source: mashable.com|
Typical personal computer systems in Eastern European countries are old, slow, and outdated. Either that, or they are built from do-it-yourself kits made by local manufacturers. To get anything to run correctly on these systems is a virtual miracle. Is it any surprise then, that programmers in Russia, Estonia, and other Eastern European countries are some of the best in the world? They are trained at an early age to write code that is lightweight, efficient, and effective. Key malware that has been used recently in high profile security incidents, including theTrojan Horse Bug,Turla, SNAKE, BlackEnergy, and BlackPOSall originate from Eastern Europe. It should also be noted that these examples made headlines in the last six months and include only a very small portion of the new code that surfaces daily from the Eastern European cyber underground. Necessity has driven a new generation of programmers in the region to create extremely deadly and targeted code that leaves a very small footprint and goes undetected by intrusion detection mechanisms and antivirus/antispyware sofware.
Education and Labor Market
One of the most influential and impactful changes to Eastern European countries since the fall of the Soviet Union has been advancements in education, more specifically the maths and sciences. According to thePISA, Estonia’s educational system has moved from seventh in the EU (thirteenth overall) to second in the EU (sixth overall), in less than ten years. We should all congratulate their accomplishments, as well as that of other Eastern European countries that have seen similar success. While education has flourished however, employment rates in these nations have largely plateaued or even declined. Many young scholars are forced to turn their superior minds to work in the cyber underground, writing malware, stealing payment information, or otherwise contributing to the overwhelmingly dangerous capabilities of this hacker subculture.
Culture of Apathy
Recent historical struggles in Eastern European countries have created a hotbed for criminality. Young adults turn to organized crime and the criminal underworld for survival, and there is little that the respective governments can do to curb the problem. Instead, these governments (notably in Russia) turn to internal policy. As long as the attacks are not conducted against local organizations, they are virtually ignored. Afterall, how can a government rightfully prosecute criminality that is seemingly victimless and provides a means for its citizens to feed themselves without depending on social programs?
For further reading, please check outthis document by VeriSignand this thesis by Justin Allen Wilmes. As always, please let me know your thoughts in the “comments” section below. I always take pride in addressing comments and answering questions. Afterall, the best information protection efforts and advancement of the cybersecurity field is through collaboration between like-minded people. Thank you for visiting!
Steve P. Higdon has been working in the information security field for over ten years, providing support and consultancy to several public and private sector organizations. Steve holds several industry certifications and can be reached via email at firstname.lastname@example.org and on Twitter at @SteveHigdon.