USSR’S old Internet suffix is attracting cybercriminals
Malicious sites growing on .su domain assigned in 1990
MOSCOW — The Soviet Union disappeared from the map more than two decades ago. But online an ‘e-vil empire’ is thriving.
Security experts say the .su Internet suffix assigned to the USSR in 1990 has turned into a haven for hackers to send spam and steal money.
Oren David, a manager at security firm RSA’s antifraud unit, said scammers began to move to .su after the administrators of Russia’s .ru space toughened their rules back in late 2011.
Cybercrime hideout
Group-IB, which runs one of Russia’s two official Internet watchdogs, says that the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and doubled again in 2012, surpassing even the vast number of renegade sites on .ru and its newer Cyrillic-language counterpart.
The Soviet domain has “lots of problems,” GroupIB’s Andrei Komarov said in a phone interview. “In my opinion more than half of cybercriminals in Russia and former USSR use it.”
Some Soviet sites are used
to control botnets — the name given to the networks of hijacked computers used by criminals to empty bank accounts, crank out spam, or launch attacks against rival websites.
Internet hosting companies generally eliminate such sites as soon as they’re identified. But Swiss security researcher Roman Huessy, whose abuse.ch blog tracks botnet control sites, said hackers based in Soviet cyberspace can operate with impunity for months at a time.
History of .su
The history of .su goes back to the early days of the Internet, when its architects were creating the universe of country code suffixes meant to mark out a website’s nationality. Each code — like .fr for France or .ca for Canada — was meant to correspond to a country.
Some Cold War-era domain names — such as .yu for Yugoslavia or .dd for East Germany — evaporated after the countries behind them disappeared. But the .su domain survived.
With more than 120,000 domains currently registered, mothballing .su now would be a messy operation.
“It’s like blocking .com or .org,” said Komarov. “Lots of legitimate domains are registered there.”
But experts say many are fraudulent, and even the organization behind .su accepts it has a problem on its hands.
New controls
“We realize it’s a threat for our image,” said Sergei Ovcharenko, whose Moscow-based nonprofit Foundation for Internet Development took responsibility for .su in 2007.
Ovcharenko insisted that only a small number of .su sites are malicious, although he acknowledged that criminal sites can stay online for extremely long periods of time. But he promised that stricter rules are on their way after months of legal leg work.
“We are almost there,” he said. “This summer, we’ll be rolling out our new policy.”
Meanwhile . su has become an increasingly notorious corner of the Internet.
David, the RSA manager, said the emergence of a Communist relic as a 21st century security threat was a bizarre blast from the past.
“I thought that the Berlin Wall and my grandma’s borscht are the only remnants of the Soviet Union,” he said. “I was wrong.”