One of the strange features of cybercrime is how much of it is public.
A quick search will turn up forums and sites where stolen goods, credit cards and data are openly traded. But a glance into those places may not give you much idea about what is going on.
“Everyone can join as long as you speak Russian,” said Anton, a malware researcher at security firm SentinelOne, who has inhabited this underground world for more than 20 years.
“By Russian I mean the USSR, so there is Ukrainians, there is Kazakhstan, there is Belarus. The Romanians are doing all the dirty work like spam and maintenance so they are not really involved in developing malware,” he said. “But, today, is it mainly Russian? Yes.”
Those vibrant underground marketplaces have a long history and Anton adds that he tracks the malware makers to gain insights into what they might do next.
“I was there from the very early stages,” Anton told the BBC. “I guess I started at about the age of 12, when there was not much online community. “Instead it was many channels where hackers exchanged information and exploits and kind of stuff like that,” he said.