• Choose a category
• All
• Classic-Fiction

In a follow-up article on the Security Fix blog, Krebs went into much more detail, naming the upstream providers that the RBN relied on to provide its Internet connectivity: Tiscali.uk, SBT Telecom, Aki Mon Telecom, and Nevacon LTD (Figure 8-2).

Figure 8-2. Map of companies providing network services to the RBN

He also traced its history back to 2004, when it was known as “Too Coin Software” and “Value Dot,” and then walked his readers forward to its present iteration:

Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers at RBN, including such notable pieces of malware as Gozi (http://www.secureworks.com/research/threats/gozi/?threat=gozi), Grab, Haxdoor (http://www.f-secure.com/v-descs/haxdoor.shtml), Metaphisher (http://research.sunbelt-software.com/threatdisplay.aspx?name=PWS-Banker&threatid=41413), Mpack (http://blog.washingtonpost.com/securityfix/2007/06/the_mother_of_all_exploits_1.html), Ordergun (http://www.symantec.com/enterprise/security_response/weblog/2006/11/handling_todays_tough_security.html), Pinch (http://pandalabs.pandasecurity.com/archive/PINCH_2C00_-THE-TROJAN-CREATOR.aspx), Rustock, Snatch, Torpig (http://www.sophos.com/virusinfo/analyses/trojtorpiga.html), and URsnif (http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=58752). The price for these malware products often includes software support, and usually some virus writers guarantee that the custom version created for the buyer will evade detection by anti-virus products for some period of time.

David Bizeul is a French security researcher who has written one of the best reports on the RBN to date (see Figure 8-3). He summed up its business focus quite succinctly:

The RBN offers a complete infrastructure to achieve malicious activities. It is a cyber crime service provider. Whatever the activity is—phishing, malware hosting, gambling, pornography...the RBN will offer the convenient solution to fulfill it.

Figure 8-3. The RBN—a crime service provider

In any attempt to understand the influence of Russian organized crime in the cyber threat domain, a key distinction must be made between organized crime in Russia and elsewhere.

In the United States, the FBI and other agencies focus on how criminals may be infiltrating or, at the very least, influencing government offices. In Russia, the government infiltrates organized crime and establishes a reciprocal business relationship. The government provides protection in exchange for favors. Favors may range from making money to using a gang to implement state interests.

Richard Palmer made a similar case in his testimony before the House Banking Committee (September 21, 1999), wherein he explained how Russia is governed by the rule of “understandings” rather than the rule of law. According to Palmer, who spent 11 years with the Directorate of Operations at CIA, businesses operating inside the Russian Federation quickly learn that when it comes to collecting on bad debts or enforcing contracts, it’s faster and cheaper to engage Russian criminals than wait for the Russian court system to take care of it. Unfortunately, the flip side of that equation is also true: it’s sometimes cheaper to have the person you owe money to killed than to repay a debt.

In the case of the RBN, once media attention became frequent enough, the FBI sent several officials to Moscow to meet with its counterparts in the Federal Security Service (FSB). The purpose of the meeting was to share information about the criminal activities of certain individuals associated with the RBN and how the Kremlin might want to remove such a presence from the Russian Internet. The Russian security officers excused themselves, and when they returned approximately a half hour later, they informed the FBI officials that they must be mistaken, that no such domains existed on RuNet.

Back at the US embassy in Moscow, the FBI discovered that the more public domains formerly