Inside Cyber Warfare - Jeffrey Carr [75]
Figure 7-10. Three-tier model of command and control for RF nonstate hackers
The infrastructure—which not only makes those attacks possible but provides the environment for Russian hackers to thrive—is developed and owned by Russian organized crime interests such as Rove Digital, McColo, Atrivo/Intercage, ESTDomains, and others. We’ll further explore the longstanding relationship between the Kremlin and Russian organized crime in Chapter 8.
Chapter 8. Organized Crime in Cyberspace
Card: I need guarantees.
Card: what if you change the pass and don’t give any info? I’ve been on the *** several years now. It’s a resource for carders.
7: I know, I am on there, too.
7: if you take my info into account and work a little, you can get a lot more money.
Card: I see.
7: I just think it’s a pretty dangerous thing—there are some big guys behind this money—they don’t ask who you are and why you are doing this. They’ll just break both your arms.
—English translation of ICQ discussion between two hackers negotiating a fee for stolen card data.
Whether you think the Russian mafia or the Chinese Triads are involved in cyber attacks really depends on how closely you align cyber crime with other forms of cyber conflict. As I stated earlier, I believe that no such distinction should exist. Cyber crime is perpetrated by an attack on a network, just as is done in acts of cyber espionage or computer network exploitation (CNE). The malware used to gain access to backend databases is the same. In many cases, the same hackers are involved in cyber crime and geopolitical attacks on foreign government websites, as is the case with one of the two hackers quoted above.
The hacker identified as “7” was also a member of the StopGeorgia.ru forum, albeit under a different alias, and directly participated in attacks on Georgian government websites. 7 is also the one who inferred the involvement of the Russian mafia in underground cyber transactions such as the one from which that quote came (i.e., “...there are some big guys behind this money—they don’t ask who you are and why you are doing this. They’ll just break both your arms.”).
Assassination in the Russian Federation is a very real threat, and US intelligence agencies believe that elements of Russian organized crime have infiltrated the police force. That is why, the argument goes, so many assassinations remain unsolved.
US law enforcement and intelligence agencies have been investigating Russian organized crime since the 1990s. According to one of my contact’s at one of the three-letter agencies, they were making some excellent progress in establishing links between members of organized crime and Russia’s political leadership.
Once 9/11 happened, that research was halted, as everyone was transferred to counter-terrorism, which pretty much dominated things until 2007.
2007 was the year that the Russian Business Network (RBN) rose to prominence as a high-profit, low-risk criminal enterprise selling “bulletproof” services to anyone willing to pay its fee. Its business model of earning high profits with almost zero risk of being caught made the RBN the darling of the Russian underworld.
Then, in November 2007, the RBN seemed to vanish (Figure 8-1).
Figure 8-1. 06 NOV 07 drop in traffic at AS40989
One thing that organized crime has always shied away from is the spotlight of media attention, and the RBN was getting a lot of it. One of the reporters responsible for penning story after story on their antics was Brian Krebs of the Washington Post. On October 13, 2007, three separate articles appeared on the Post’s Security Fix blog, written by Krebs.
Krebs’s first article appeared in the main section of the Post, where he described the role of the RBN as a criminal services provider, referring to at what the time were recently published reports