Inside Cyber Warfare - Jeffrey Carr [68]
If you’re an ardent social computing fan who is active in Facebook, MySpace, LiveJournal, or Twitter, your virtual footprint will be very extensive. If you make your living on the Internet as a web service provider or forum administrator, your footprint will be even larger.
The IDC is an organization that studies how much data is generated by individuals and businesses each year (Figure 7-1). According to the IDC whitepaper “The Diverse and Exploding Digital Universe” (March 2008), “the digital universe contained 281,000,000,000 gigabytes, which works out to about 45 gigabytes per person on the planet.” Of that, half is due to an individual’s actions online. The other half is what the IDC refers to as your digital shadow—ambient content created by others about you (video on traffic cameras or at ATMs, credit card transactions, medical records, etc.).
Figure 7-1. The expanding digital universe
Now imagine that you want to create a forum to recruit, train, and launch cyber attacks against state networks or websites. You won’t use your real name or known alias for fear of reprisals. Instead you’ll create a fictitious name for your domain registration and/or server hosting plan that cannot be traced back to you.
This is not as easy as it sounds, because some domain registrars will attempt to verify the authenticity of the information that you provide. Your name and address may also have to match those attached to the credit card that you use to make the purchase. This poses a serious problem for those individuals who want to act surreptitiously.
Because of that, members of the cyber underground have identified which hosting providers and domain registrars have lax verification and payment policies, and patronize them exclusively. The Russian Business Network (RBN) is a prime example. Although the RBN went dark in November 2007 after an increasing amount of attention was being paid to its operations, some of the IP blocks associated with it are still active.
The genius of the RBN was that it built a bulletproof loop that guaranteed its online businesses uninterrupted service, regardless of how many complaints were filed against its various websites.
Like the RBN, the StopGeorgia.ru forum is part of a network that’s been bulletproofed. The rest of this chapter walks you through the intricate relationships, aliases, and shell companies that were created to serve that purpose. Before getting to the specifics of the StopGeorgia.ru network, let’s begin with an introduction to how bulletproofing works.
Components of a Bulletproof Network
A bulletproof network refers to a series of business relationships that make it extremely difficult for authorities to shut down web enterprises engaged in criminal activities.
Every bulletproof network begins with the inherent weakness of ICANN to enforce accurate WHOIS information.
ICANN
ICANN is a nonprofit organization with headquarters in Marina del Rey, CA. The organization took over registration and accreditation responsibilities from the US government in 1998.
When you register a domain name with an accredited registrar, ICANN issues a corresponding IP address. The registration process requires that the customer provide accurate WHOIS information. Unfortunately, ICANN hasn’t been effective in enforcing its own rules.
A GAO audit in 2005 looked into this problem and found that an estimated “2.31 million domain names (5.14 percent) have been registered with patently false data—data that appeared obviously and intentionally false without verification against any reference data—in one or more of the required contact information fields” (from the GAO report “Internet Management—Prevalence of False Contact Information for Registered Domain Names,” published in November 2005; see Figure 7-2).
Figure 7-2. GAO analysis of domain contact information
ICANN relies on registrars to enforce the collection of accurate registration information, which is level two of the bulletproof