DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [78]
In exchange, of course, should the Russian state require the services of a hacker for launching a crippling cyber attack on a perceived enemy, then it is probably best for the hacker to cooperate.
2007 was the heyday of a loose organisation of companies based in St Petersburg known as the Russian Business Network, or RBN. This mysterious acronym offered to host websites for individuals and companies – it was known as the king of bulletproof hosters. Companies that offer this service are essentially letting their customers know that they are not interested in the content or function of a website and, in exchange for much higher fees, will resist any legal or digital attempts to bring down the sites.
Not all bulletproof hosting is intended as a way of circumventing the law, but criminals and pirates frequently avail themselves of such services. They are virtually indispensable for individuals and groups involved in the distribution of child pornography, for example, and the RBN was known to include such clients on its books, as several security companies’ research departments have identified.
These hosts have also proved invaluable for people distributing spam email, as these operations require huge, secure capacity in order to spew forth their billions of dubious adverts and viruses. Nigerian 419 scams, counterfeit medicines, the now-fabled penis enlargers and many other products (real or imaginary) are dumped on the world from bulletproof hosts. Many spam messages conceal viruses or links to infected websites, which, if activated, may turn a computer into a single footsoldier in a botnet army.
As the Russian Business Network was booming in 2006 and 2007, Spamhaus, the secretive anti-spam operation in Cardiff, listed it as controlling 2,048 Internet addresses. It described the RBN as ‘among the world’s worst spammers’ and home to vast ‘child pornography, malware, phishing and cybercrime-hosting networks’.
The RBN’s primary significance lies in the profitability of such bulletproof hosting organisations, which are able to charge $600 or more a month. For legitimate websites, the cost would be one-tenth of this.
But its secondary role is, in many respects, the more interesting one. The attacks on Estonia began with millions of spam emails swooping down on the computer networks of the Estonian government. Subsequently François Paget, who works for the US computer-security giant McAfee, analysed the content of the spam to discover that they were identical to the standard RBN mailouts. Furthermore, Andy Auld, the head of cyber intelligence at Britain’s Serious Organised Crime Agency, reported that in their brief field-observation of the RBN in St Petersburg, British police were able to establish that the RBN could operate in part because it bribed local law enforcement and the judiciary.
It is possible that the RBN instigated the attacks on Estonia but highly unlikely. More probably it was either paid to launch them or the authorities leaned on them to participate in this act of patriotism. This connection between a complex of St Petersburg-based Internet Service Providers that specialised in criminal activity and the cyber attack on Estonia highlights one of the greatest conundrums at the heart of computer crime and computer security.
There are three main ‘threats’ on the Internet, each manifesting themselves in a variety of guises. First, there is cybercrime. In its most basic form, cybercrime consists of ‘carding’, the theft and cloning of credit-card data for financial gain. Beyond carding, there are all manner