The holiday shopping season is upon us, and along with the bright lights and frosted window displays we can count on suffering through a more shadowy tradition: rampant cybercrime. Between Black Friday and Christmas in 2013, cyberthieves gained access to credit and debit card information from up to 40 million Target customers. This month, Macy’s announced that digital intruders had stolen payment information on its website from an undisclosed number of accounts — not the first time this has happened to the company.

Early reporting suggests the offenders behind this latest Macy’s breach may be the Magecart consortium, a criminal network that specializes in pilfering online payment data. Though few details are known about the consortium, it is suspected to have originated in Eastern Europe, the source of many of the world’s most technologically adept cybercriminals.

While it is easy to fixate on the technical components of cybercrime, the problem is ultimately a human one. By understanding the people behind these attacks, we can better appreciate the threat and begin to deal with it successfully. In the case of countries in Eastern Europe, these criminals have benefited from a Soviet-influenced education system that since the days of Lenin has focused on the STEM disciplines — science, technology, engineering and mathematics.

Unfortunately, many of the economies in former Soviet countries cannot legitimately support the glut of technical talent produced by this high-quality education system. There is a lack of government and private financing to help entrepreneurs start their own businesses and not enough well-paid jobs for skilled people such as programmers. With limited opportunities, many highly capable Eastern Europeans are carving out careers in cybercrime, leading to the creation of what is effectively a criminal Silicon Valley.