Inside Cyber Warfare - Jeffrey Carr [71]
Init-sol.com
Registrant
Innovation IT Solutions Corp
Andrey Nesterenko
95 Wilton Road, Suite 3
London
London,SW1V 1BZ GB
Tel. +44.8458692184
Fax. +44.8450205104
Creation date
10/10/04
Expiration date
10/10/09
Domain servers
ns5.dnska.com
ns6.dnska.com
Administrative contact
Innovation IT Solutions Corp
Status
Active
Innovation IT Solutions Corp is not a registered business in the UK or anywhere else, and it doesn’t seem to exist outside of its London mail drop address.
Mirhosting.com
Mirhosting.com provides some substantive information on its website regarding its services, albeit in the Russian language. According to Dun and Bradstreet, its principal and sole stockholder, Andrey Nesterenko, is a Russian national living in the Netherlands, yet his business address is a mail drop in London—the same one used by Innovation IT Solutions Corp (see the following WHOIS data):
Domain name
Init-sol.com
Registrant
Innovation IT Solutions Corp
Andrey Nesterenko
95 Wilton Road, Suite 3
London
London,SW1V 1BZ GB
Tel. +44.8458692184
Fax. +44.8450205104
Creation date
10/10/04
Expiration date
10/10/09
Domain servers
ns2.dnska.com
ns1.dnska.com
Administrative contact
Innovation IT Solutions Corp
Status
Active
SoftLayer Technologies
The IP address for the StopGeorgia.ru forum (75.126.142.110) can be traced backward from SteadyHost to Innovation IT Solutions Corp to SoftLayer Technologies, a US company based in Dallas, TX, with server locations in Seattle, WA, and Washington, DC. See Figure 7-7.
Figure 7-7. WHOIS data for 75.126.142.110
SoftLayer Technologies and The Planet (also in Dallas, TX) share the unique distinction of being on StopBadware.org’s top 10 worst badware network blocks (Figure 7-8). To add some perspective to this, StopBadware.org’s May 2008 report reveals China to be the world leader, hosting 52% of all badware sites, whereas the United States hosts 21%. None of the other countries involved, including Russia, individually hosts more than 4%.
When StopBadware.org released its report, it attempted to contact the companies that it named to give them an opportunity to respond. SoftLayer Technologies issued the following statement, published on the StopBadware.org blog on June 24, 2008:
SoftLayer Technologies is a provider of data center services centered around the delivery of on-demand server infrastructure. We do not manage the content or applications hosted from our infrastructure as this is the direct responsibility of our customers, many of which are in fact hosting resellers. Having said that, we also have a very strict acceptable use policy which you can find here: http://www.softlayer.com/legal.html.
We try to be as proactive as possible in eliminating any and all content from our network that breaches the terms of this policy. But, as I am sure you are aware, this is not always an easy task.
I have forwarded your email to our abuse department so that they can start investigating the findings you have suggested below. We will take all necessary actions to remove any malicious material from our network so that we can better serve our customers and the entire Internet community.
Figure 7-8. Top 10 network blocks hosting badware sites
About 45 days later, the StopGeorgia.ru forum, hosted on a SoftLayer server, became a focal point for a nationalistic Russian hacker attack against Georgian government websites. At no time did SoftLayer Technologies take a proactive role and cancel StopGeorgia.ru’s access to its servers for a Terms of Service violation.
SORM-2
Even with a bulletproofed network, it’s important to remember that while the Kremlin provides open and global Internet access to its citizens, it also collects and controls all of the data originating within its borders.
A recent interview with Anton Nosik, the editor-in-chief of the Russian news website BFM.ru, was published in the Russian online newspaper the New Times. In it, Nosik spoke of SORM-2 (System of Operation Research Measures), which copies every byte