Shadows And Light In The World Of Romanian Hackers
This small Eastern European country is the Wild West (good guys and bad guys) of the fight for Internet security.
ALEXANDRIA — On the FBI's Most Wanted list is the name Nicolae Popescu.
Born in the small city of Alexandria, a two-hour bus ride south of Bucharest, Popescu is now in his early thirties and is known for sporting a crew cut and smart clothes. After creating a digital ruse to sell hundreds of fictitious cars on eBay, and pocketing $3 million, he was arrested in 2010, but eventually released on a technicality. He is now a fugitive from justice and the reward for any information to lead to his capture is at $1 million.
How has the small country of Romania become, according to data published by Bloomberg in 2013, the No. 3 country in the world for cyber attacks?
From Bucharest, a bus leaves every thirty minutes for Alexandria and costs the modest sum of five euros. On arrival, I'm welcomed by the former police head responsible for cybercrime, who remembers Popescu well. "He was one of many young people who, in the mid 1990s, found themselves in Alexandria's only Internet café," the officer recalls. "They were smart kids, they excelled especially in science and IT but had no job prospects. So some of them decided to use their talents against the law."
Since the time of the Communist dictator Nicolae Ceausescu, Romania has invested significant resources into computer science studies. As the country was denied access to Western technology, in addition to what was produced in the USSR, Romanians learned how to manage. Among other local advances, they turned out a self-sufficient microprocessor.
The legacy has largely been positive: Many of those young people are now working in London, Silicon Valley and Seattle, while several big American companies develop software and Apps in Bucharest.
A computer security expert tells me that in the early 1990s there were hundreds of micro-networks made at home by engineers on their weekends. This explains how Romania came to be the country with the fifth fastest Internet connection in the world. Those who live in the city of Timisoara, western Romania, have the fastest network on the planet. This level of connectivity is crucial to hacking websites (the so-called "Denial-of-Service-Attacks"), but also for many other virtuous purposes.
I sat down with Silviu Sofronie in the offices of BitDefender, the Romanian company that produces one of the world's most popular antivirus systems. On the wall is a world map made up of computer parts, and in the center of the room is a door that does not lead anywhere, with the letter B painted in bright red on white background. Some of the brightest minds of the computer world work here.
Sofronie is the team leader who analyzes the structures of new viruses. "Today, the greatest danger comes from Ransomware. In just the first three months of 2013, there were 250,000 variants identified," he explains. "How do they work? A user clicks on a perfectly legitimate site, such as Yahoo or the BBC, which has now been compromised. The site sends a "trojan horse" able to encrypt all files on their personal computer. When this happens, there is nothing we can do."
The next step is the redemption request, usually "between 200 and 500 euros." After receiving the money, the hacker sends a code to unlock the computer. Redemption must be paid in Bitcoin, the virtual currency. It's up to the victim to buy the Bitcoin to send to the hackers, and the transaction is impossible to trace — it's the perfect crime.
"The money laundering is done by those who pay the ransom, reversing the classical model of kidnappings," Sofronie says. "And soon, mobile phones will be targeted."
Just like the others
A series of blackmail viruses hit Italy in 2014 and the city of Bussoleno found itself with the whole network blocked and decided to give in to their ransomers — the only government to have admitted, courageously, that they were victims of cybercrime. The deputy prosecutor of Turin, Alberto Perduca, confirmed to La Stampa that in the district of Piedmont-Valle d'Aosta "there were 3,600 reports of computer crimes in 2014 and in most cases it was impossible to trace the culprits as the attacks came mostly from foreign countries, often far away."
Who are the Romanian hackers? In Bucharest we met Razvan Cernaianu, a 23-year-old who does not drink alcohol and loves rock music. "I'm just like anyone else, in some subjects at school I didn't do very well and I like girls," he says.
In the virtual world he is known as TinKode — one of the most famous Romanian hackers in the world. In his short career he has managed to compromise dozens of sites, including those of NASA and the British Navy and he boasts of having darkened the websites of several Italian newspapers (including La Stampa) with the Romanian flag.
In 2012 Cernaianu was sentenced to six years in prison and is now on probation. "Many of us started playing video games, then we moved on to test the flaws in computer systems. The most exciting thing for me was to be recognized, become famous, to subvert the system. But now I have finally stopped and I work for a legitimate company," he adds, noting that the founder of the company where he works is a retired Romanian general.
At a café on the outskirts of Bucharest, I met with a hacker who is still active. Constantly looking around, he left his phone at home and communicates through a Russian instant messaging system with a high level of encryption ("WhatsApp is for rookies," he says).
Soon enough he opens his computer. "Look at this illegal Romanian forum," he says. "Right now, there are 172,000 connected users. The topics discussed are where to purchase machines to clone credit cards, methods to penetrate PayPal and eBay, and strategies for targeted attacks.
TinKode was very active here before he was arrested. "We are all under observation," the anonymous hacker adds.
Dejected, he tells me that members of his community were hacked by Romanian spies who stole the list of participants to their secret meetings. "The choice we were given was simple: Go to jail, or work for your country."
In fact, many hackers are being paid by intelligence services. Not surprisingly, 41% of cyber attacks come from China. Recently an American website that hosts the Chinese edition of The New York Times (which is banned in the People's Republic) was targeted. The U.S., Russia and Romania are the other countries from which the majority of these hostile acts come.
The Cold War described by John Le Carré during the 1960s is today fought in the virtual world. This makes the Internet a perfect place for double agents.