Three hours north of Romania’s capital city of Bucharest,
into the mountains and rural towns of the eastern European country, lies the
city of Ramnicu Valcea.
It looks like an idyllic mountain oasis, but around the
world it has a troubling nickname: “Hackerville.”
“This is a town that had many different organized groups of
hackers,” Peter Traven, an FBI assistant legal attache at the U.S. embassy in
Bucharest. “And then, also, potentially organized criminals that were basically
profiting off of the skill set of these hackers based in Romania.”
This city became a hotbed for cybercrime in the 1990s, and
despite crackdowns by law enforcement, it gained a reputation as ground zero
for hackers.
One Romanian man claimed to be a hacker who grew up in
Ramnicu Valcea but declined to give his name. ABC News could not independently
verify his so-called hacking exploits, but he boasted that allegedly “until
today, there hasn’t been a company I couldn’t hack.”
“There’s companies and they have competition,” the man said.
“Everyone is trying to get information on the others. So I’m a mercenary who
gets paid to get that information from the competitors. The demand for
information is huge. All of us wanted to prove who’s the best, and it’s just
fun, even today it’s a lot of fun for me.”
Hacking can include a suite of criminal skills — from
gaining access to the information stored in a computer system to stealing
passwords and breaching accounts, including email and banking information.
“We’re talking about sums that can get as high as tens of
thousands of dollars or euros, it depends,” said the unnamed hacker, who
claimed to have hacked government and companies for their information and
alleges that he has been paid big money for his efforts.
“If you have information on your competitors, you’ll always
be one step ahead,” he said. “I’ve had clients who sometimes didn’t just want
information, but wanted to have their competitors’ databases damaged or
destroyed or taken offline. Of course this pays more.”
Cyber criminals are compromising valuable information from
governments, companies and people all over the world, stealing it through
hacking, and turning around profits for it.
“We are in the middle of cyber war… because information is
power, and when you hold the information, you have the power,” said Madalin
Dumitru, founder and CEO of Cyber Smart Defense, a leading cybersecurity firm.
Cybercrime cost the U.S. economy more than $50 billion in
2016, according to the White House’s Council of Economic Advisors report
released in February 2018.
The rise of hacking in Romania began after the Romanian
revolution and fall of communism there in 1989 that led to the country enduring
a prolonged period of economic turmoil, according to Traven.
“After the end of communism we have a lot of
technically-trained individuals … and with the job market being what it was at
the time they realized that there was more of an effort could be made in making
more money by utilizing their skills and turning to hacking,” Traven said. “And
in particular, trying to hack for financial credentials and financial data.”
Over the years, it created an underground industry, with
Romanian hackers becoming known around the world. There is now a coordinated
effort between the U.S. and Romanian law enforcement to stop these cyber attacks.
“When individuals can make more money in the cyber
underground compared to using those skill sets to work for private sector, the
government, it makes it very hard to compete with the money that these
individuals can make,” Traven said.
One of these hackers is the notorious Marcel Lazar Lehel,
known as Guccifer, who was arrested in 2014 on hacking charges for targeting
several prominent U.S. officials and their families, including the Bush family
and former Secretary of State Colin Powell.
He pleaded guilty in May 2016 to charges of aggravated
identify theft and unauthorized access of a computer and was sentenced to 52
months in prison, the BBC reported.
In the hierarchy of hacking nations, such as Russia, North
Korea and China, Traven said, “Romania is prominent only because of its
history, but also because it still has illegal activities” currently based
there.
But, he said, the reason Romania “isn’t as prolific” in
hacking as some other countries “is because of the partnerships that the FBI
has made with the Romanian police as well to combat this kind of activity.”
CERT is the national cybersecurity
and incident response team in Romania, a sort of first responders for hacking
attacks. They said in 2017, CERT processed around 140 million alerts about
systems under attack in Romania.
Some attacks come from hacking experts like Alex Coltuneac,
a so-called “white hat hacker,” or security consultant hired by companies to
expose holes in their security systems to help make them stronger.
“I’m a good hacker. I have to mention this,” he said. “I
like to help. I want to make our IT industry better… I like to help other
companies.”
One such company Coltuneac works with is Google. He said
Google will pay hackers up to $40,000 to find bugs in their security systems.
By doing this, Coltuneac said, “I can pay my rent, I can have a better life,”
and he said he only uses his skills for good.
“I know who I am, I know what I want to do,” he said. “I
can’t see my life like that, hiding from police, from others.”
But there are hackers, so-called “black hat hackers,” who
are criminals, like the man in Ramnicu Valcea claimed to be.
“The coolest thing is when we hack a database and people
don’t even know we’re there,” the man said. “You go in, take the information,
pass it on and just stay there like an invisible tick.”
And antivirus software “has nothing to do with” being able
to stop hackers, he said. “For me, it’s five minutes [of] extra work to hack
them. As far as I’m concerned, sooner or later, anything can be hacked.”
“Black hat hackers” and “white hat hackers” are on opposing
sides of the so-called cyberwar, with one side fighting to break into systems
and steal information and the other trying to stop them.
“The simplest way to stop hackers from attacking a company,
Coltuneac said, “is to hire them.” Then, he said, the companies “will know the
mindset of a hacker and will help your company.”
Cyber Smart Defense is one such company that hires some of
the most notorious, but reformed, former “black hat hackers” in to their ranks.
“The bad guys, they will move from the street, where they
used to be, for example, they used to [rob] banks… these things are not
happening anymore because it’s much easier to hack a bank, and then convert the
money into bitcoin or whatever cryptocurrency and make it disappear,” Madalin
Dumitru said.
Only now, Dumitru said, these hackers “do now exactly what
they used to do, but now of course, it’s legal [and] authorized.”
Companies like Dumitru’s employ Romanian hackers like Razvan
Cernaianu, known as Tinkode, who hacked the National Aeronautics and Space
Administration (NASA), the Pentagon, the European Space Agency and the U.K’s
Royal Navy, and hacker Victor Faur, known as Sirvic, who hacked NASA, the U.S.
Navy, the U.S. Department of Energy and other U.S. government entities.
Faur said he knew what he was doing was a crime, but that “I
just didn’t take it serious[ly]. I said, ‘Well, OK, even if they catch me and
the police comes, I will probably get a slap on the wrist and move on.’”
Instead, Faur received a U.S. federal indictment on nine
counts related to hacking in 2006. Faur was convicted in Romania on
hacking-related charges and received a 16-month suspended sentence and a fine
of $238,000 in 2008, but he told ABC News that “actually what they charged me
[with] was maybe 10 percent of what I did.”
Cernaianu, who is a co-founder and the chief technology
officer of Cyber Smart Defense, received a two-year suspended sentence on hacking-related charges in 2012.
Dumitru, who grew up in Ramnicu Valcea, is hoping to use his
hometown’s reputation to usher in the next generation of computer security
experts.
“When it comes to [internet technology] IT, Romania and
Hackerville, will become the Silicon Valley of Europe,” he said.
But while international law enforcement, the Romanian
national police and the FBI have cracked down on cybercrime over the last
decade, experts say the threats continue to evolve.
“I think there is no company which can’t be
hacked,” Coltuneau said. “Every company can have its own vulnerabilities
because it’s impossible to be fully secure. You can’t do it. Every day there
will be a new attack technique which will be discovered.”
Comments
Post a Comment