Sergey Pavlovich was just 14 when he discovered how to get rich in his poor ex-Soviet state of Belarus. He and others became hackers, tapping into Americans’ credit card data at companies like T.J. Maxx (TJX) and Barnes & Noble thousands of miles away, then selling the info to big-time crooks. By the time he was jailed, at 21, he was a millionaire. “We numbed our feeling of guilt with the idea we were targeting only large companies,” he tells Fortune. “We were almost Robin Hoods.” Besides, job prospects were bleak. “No one wanted to work at a factory and make $200 a month,” says Pavlovich, whose hacking memoir is titled How to Steal a Million.
But Pavlovich has a new line of work. Now out of prison, he consults for U.S. businesses, helping them secure data from hackers like him. He is one of several cybercrime experts from the former Soviet world in increasingly high demand, despite—or perhaps because of—the escapades of Russian hackers dominating the news cycle.
“Russian software engineers are among the best in the world,” says Costin Raiu, director of global research and analysis at the Moscow cybersecurity firm Kaspersky Lab. “Russian cybercriminals tend to be very good in what they are doing.”
In New York City, criminal lawyer Arkady Bukh has hired Pavlovich and other hackers to stress-test data for clients. Bukh says the Ukrainian-born credit card hacker Vladislav Horohorin has worked for him from his jail cell in Massachusetts. The Russians’ work, Bukh says, is unassailable. “They have spent thousands and thousands of hours doing attacks,” says Bukh. “These are workaholics.”
Mikhail Rytikov, a Ukrainian named in a U.S. hacking indictment (he maintains his innocence), runs an Internet hosting business and applauds the hackers’ cybersecurity efforts. He says his motto is, “Better to make [money] legally than to steal from someone.”Hard to argue with that.
A version of this article appears in the February 1, 2017 issue of Fortune with the headline “Not All Russian Hackers Are Bad.”
