Why fear the Russian Business Network

If there is a case in which the word “cybercrime” is particularly appropriate, it is the one that includes the gang of telematic good guys of Russian Business Network, the network service provider that from the ancient Russian city constitutes the beachhead of some of the worst attacks and threats on the Internet today .

The Washington Post talks about it extensively, which in an article brings together the little information publicly available on the organization and some indiscretions of the insiders. The conclusion? Without strong supranational legal regulations, RBN it will only continue to thrive .

The network of web bad guys, defined by security companies as “the worst of the worst” digital organizations to commit crimes, is according to Spamhaus.org one of the biggest plague victims of the web, involved in large deals of child ***********, spam, malware, phishing and all kinds of criminal activity on the Net . For example, half of the cyber fraud threats with identity theft and credentials for financial services recorded during the past year originated from the RBN network.

The group of scammers known as Rock Group used RBN’s services to steal some $ 150 million from bank accounts during 2006, according to Verisign, a giant in certification and security. For Symantec, another historic security enterprise, the Russian network “is literally a refuge for all illegal activities, be it child ***********, online scams, piracy or any other illegal operation”, resulting in RBN the major provider of modern cybercrime .

A leading position achieved and maintained thanks to “strong ties with the Russian criminal underworld as well as with the government”, continues Symantec, ties carefully oiled by the corruption of the apparatuses of power and by bribes placed in the pockets of the right men . What makes it particularly difficult to draw, or even to define, a detailed and exhaustive picture of all RBN’s activities is the fact that in practice, society does not exist is not officially registered anywhere and is not advertised on the web.

To get in touch with the criminals who run the network, you have to go into unrecognized forums in Russian or use instant messaging, essentially having to deal with elusive nicknames all the time. It is then necessary to win the trust of the managers, proving to be a full-fledged criminal seeking protection and support for their nefarious online activities. Only after having demonstrated the genuineness of the bad intentions can one have access to the efficient hosting services of the organization.

At a price of $ 600 per month – 10 times the price proposed for legitimate activities – RBN provides criminals with a cyber-cop-proof web space, guaranteeing the so-called bulletproof hosting thanks to which websites remain reachable on the Internet regardless of the efforts of police forces around the world to take them offline . RBN acts in practice as a container, or, rather, as a vector of attacks and distribution of malware, allowing real crackers to act undisturbed.

“They make money on the service they offer,” emphasizes analyst Alexander Gostev of the well-known Moscow antivirus company Kaspersky, while “the illegal activities are all conducted by the groups that buy the hosting”. In short, legally the network would be clean and this seems to be one of the reasons why the network is still standing, despite the efforts to close it conducted internationally.

Apparently the Russian police forces also get in the way unwilling to cooperate , perhaps pressured, perhaps properly oiled, with Americans and foreign investigative agencies trying to stem the problem. “It is evident that organized cyber-crime has taken root in those countries that do not have response mechanisms, laws, infrastructures and investigative support ready to respond quickly to threats,” accuses Ronald K. Noble, general secretary of the Interpol international force.

And if local laws aren’t enough to stop crapware inc. , if the FBI trudges and asks for patience and diplomacy appears powerless, the connectivity managers they begin to act on their own initiative to stem the tide of telematic slime before it submerges them permanently. For example, a sysadmin of a medium-sized American ISP, which has chosen to remain anonymous for fear of heavy repercussions on the Internet as well as in real life, blocks the range of addresses belonging to the Russian network.

“We played cat and mouse game with RBN for about a year – confesses John – until I got tired of kicking out or cleaning up compromised users after visiting one of these Russian addresses.” After banning the offending IPs the network managed by John is practically reborn with reports of phishing sites hosted on the company’s websites by third-party ISPs cut from 30-40 a week to just 3 cases in two weeks.

Countermeasures effective only temporarily, says Danny McPherson of Arbor Networks company: “Ultimately it just shifts the problem somewhere else”, because massively blocking the Russians it would do nothing but push the usual suspects to other cybercrime havens in search of shelter and hospitality. “What we really need – the expert suggests – is laws and regulatory policies that intervene promptly”, and in a supranational context, to suture the putrefying wound of cybercrime. Hoping that there is still time to save the patient: his name is the Internet and he is not having a good time.

Alfonso Maruccia