The notion that the problem is the existence of attackers and not the undersecured, high value commodity being stolen/compromised is a very fraught.

I am also shocked that somehow stereotyping all bad hackers as Russian is not flagged as being prejudicial.

Lastly, just how beneficial would it be to throw experienced Eastern European software developers out of work by categorically "going non-Russian"? Surely they would all just gravitate towards being baristas? After all - if the hacker is Romanian - they're Russian. If they're Ukrainian, they're Russian. If they're Polish, they're Russian. The list goes on and on.

Expand full comment

I had the same reaction, and agree with you.

However Belarus is special. Both in its dictatorial-level of political control and state-owned economic control (as well as its dependence on Russia and current mutual hostility vis-a-vis many NATO nations [including the US]).

I quickly checked two of the many "Freedom indexes" put out by various governments and think tanks. https://www.worldfreedomindex.com/ (2018 data) and https://www.cato.org/human-freedom-index/2020 (2019 data). Of the 22 Eastern European countries (not all former soviet states) Belarus is either last or third-to-last in these rankings (the bottom three in both rankings are Belarus, Russia, and Ukraine). Romania and Poland are both ranked quite highly in both rankings (5th and 12th of the 22 in worldfreedomindex and 8th and 7th of the 22 in the Cato rankings).

While I would assume the majority of programmers are ethical, the socio-political considerations would make it easier for bad actors to exist within those 100 Belarus-based employees.

Expand full comment

Freedom indices are highly politicized - Belarus is quite free with the exception of people openly criticizing Lukashenko. But American society is no different if you criticize (or endorse) the wrong people...

I would also note that Romania is an epicenter for certain types of cyber crime - so it is utterly false that "freedom" has anything to do with criminogenic propensity: https://www.wired.com/2011/01/ff-hackerville-romania/.

There's also this story - read it to see how the success of a few translated into an industry in Macedonia for fake news: https://www.wired.com/2017/02/veles-macedonia-fake-news/

Ultimately my view, from having assisted technically with the prosecutions of hundreds of cyber-criminals, is that criminals are criminal. Yes, societal factors (not freedom!) do skew the relative numbers but that is more of a risk/reward proposition than anything else.

Almost nobody makes tons of money being a cyber criminal overnight; the risk/reward ratio in a poor nation, however, is very different than the risk/reward ratio in a 1st world nation. This itself is the primary driving factor.

Capability is the 2nd: Eastern European countries have a high degree of education combined with very low living standards. Yet countries with much lower degrees of education also have significant cyber crime - Brazil for example.

From my view: it is these societal/economic factors more than anything else which drove the initial impetus into cyber crime - and the burgeoning success of the upstarts does change the equation for the rest.

This dynamic isn't new or exclusive to Eastern Europe/cybercrime: read into the real history of piracy, Drake and Queen Elizabeth sometime to get an idea how outright crime morphs into state policy.

Expand full comment

Belarus is one of the next targets for NATO destabilization and a 'color revolution' coup. I can see you got the memo.

Expand full comment

I doubt it. If any foreign powers are going to help the home-grown anti-Lukashenko Belarusians it will probably be pro-democracy NGOs or expatriate Belarusians, just like the February and October revolutions a century ago.

Expand full comment

The right to profit no matter the societal cost. That’s how a shithole — a failed state — rolls.

Expand full comment

I'm kind of disappointed by the gratuitous neocon innuendo about being 'intertwined with the Russian economy'. You should well know that is absolutely irrelevant. Like many Eastern European nations, Belarus has a large population of well-educated low-wage workers. This is why PE has them there.

Expand full comment

Do you think this will give private equity a bad name?

Expand full comment

Why would private equity care?

Expand full comment

This has always been a core concern - the lax security behind the User Interface dimension of the Internet. Although things have gotten gradually better, we are still a couple of years away from truly secure systems open to the internet.

I guess if there is an entry point they will find it. But as Matt points out, the effort for this is not being made in a concentrated way by interests aligned with the US.

The fact that Amazon had to develop its own web protocols to function efficiently, and now unfortunately the half the world is paying them for that exchange system, goes to show the nature of the beast. The other half is controlled by Microsoft and one other company.

Expand full comment

I didn't get this initially. I only got it in the weekly Substack email. I suspect the same for others since only one like so far. FYI.

Expand full comment