by Rachel EmbreeThe Russian Business Network (RBN) was an Internet service provider that hosted illegal and harmful activities, including malware circulation, phishing scams, and child pornography. When RBN was first established, it apparently hosted some legitimate action, but soon became entirely focussed on providing internet access for profitable criminality. One angle the network has seemed to centre on is identity theft; fake anti-malware and -spyware programs are delivered, which install viruses or keyloggers allowing personal information to be stolen. A significant amount of this so-called "rogue software" is hosted by RBN. Their website hosting is called bulletproof due to their ability to shirk law enforcement efforts to shut the network down.
RBN's activities are incredibly far-reaching. For example, in 2005, hackers exploited a then-unknown error in Internet Explorer that allowed them to install keyloggers when you visit a website that had been hacked; the sites that distributed this malicious code and collected the data were hosted by RBN. Some U.S. government sites apparently were compromised with SQL attacks that redirected them to virus-ridden RBN sites. The list goes on; in fact, some say that it is difficult to find a major cyber attack in the last several years that did not have some connection to RBN.
Why has the Russian Business Network been able to operate criminal activities on such a large scale? First of all, the network observes the typical criminal cautionary tactics: it only registers domains to anonymous addresses, never advertises its services, deals in electronic transactions that are difficult to track, and can only be contacted through obscure Russian forums or messaging services. Those seeking the services of RBN must prove their involvement in some type of data theft in order to demonstrate they are not law enforcement agents. Once you do engage the use of RBN, the criminal entrepreneur can expect to pay about $600 a month for their website, about ten times more than the fee at a legal provider; this extensive capital allows RBN to keep their service up and running. As well, companies operating out of RBN tend to avoid aiming for Russian citizens in order to lower the risk of involving local authorities.
It is also contended that this cyber mafia is linked with real Russian underground crime and the government itself. The Russian government has indeed put little effort forth to shut down this company (which mostly operates out of St. Petersburg). This type of organized crime in cyberspace can thrive in countries like Russia that do not even have the mechanisms or laws to adequately deal with this kind of technological threat. But even further, it is unclear if RBN could ever be successfully prosecuted for hosting these illegal activities. Although they clearly make money from providing this service, the actual crimes are committed by the parties who buy their service.
At some point in 2007, it appeared that the Russian Business Network dissolved: routing for their IP addresses no longer existed. Perhaps RBN grew wary of the unwanted attention from law enforcement. At any rate, it seems that RBN has expanded into a more distributed method for hosting. It is speculated that equivalents have popped up in Asian countries like Taiwan and Turkey, and experts still apply the RBN name to their former clients that continue to run scams out of Russia and Ukraine. The scale and longevity of this organization truly makes RBN one of the most formidable dangers in cyberspace.
Washington Post: Shadowy Russian Firm Seen as Conduit for Cybercrime
CNET News: Infamous Russian malware gang vanishes
No comments:
Post a Comment