Russian Business Network

The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the Storm botnet.[1][2][3]

The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider for child pornography, phishing, spam, and malware distribution physically based in St. Petersburg, Russia. By 2007, it developed partner and affiliate marketing techniques in many countries to provide a method for organized crime to target victims internationally.[4]

Contents

Activities

According to internet security company VeriSign, RBN was registered as an internet site in 2006.

Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals.[5]

The RBN has been described by VeriSign as "the baddest of the bad".[6] It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year.[7] Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network.[6] RBN has been known to sell its services to these operations for $600 per month.[4]

The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.[6]

One increasingly known activity of the RBN is delivery of exploits through fake anti-spyware and anti-malware, for the purposes of PC hijacking and personal identity theft.[8] McAfee SiteAdvisor tested 279 “bad” downloads from this one site, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper.[9] The user is enticed to use a “free download” to test for spyware or malware on their PC; MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. Along with MalwareAlarm, much other rogue software is linked to and hosted by the RBN.[10]

According to Spamhaus, RBN is “Among the world's worst spammer, malware, phishing and cybercrime hosting networks. Provides 'bulletproof hosting', but is probably involved in the crime too”.[11] RBN was the subject of an article[12] in the Washington Post on October 13, 2007, where Symantec and other security firms claim RBN provides hosting for many illegal activities, including identity theft and phishing. The article quotes a spokesman for Kaspersky Labs that the owners of RBN might not have directly violated the law as they primarily provide hosting services; their customers are apparently the ones violating laws.

Organization

The RBN operates under several different names, or what could be regarded as operating divisions. A few of these international operations appear to be based in specific countries.[13]

  • RBNet
  • RBNetwork
  • RBusinessNetwork
  • iFrame Cash
  • SBT Telecom Network (Seychelles)
  • Aki Mon Telecom
  • 4Stat
  • Eexhost
  • DefconHost
  • Rusouvenirs Ltd.
  • TcS Network (Panama)
  • Nevcon Ltd. (Panama),
  • Micronnet Ltd. (St. Petersburg Russia)
  • Too coin Software (UK)
  • 76service
  • Voze Networks (Panama)
  • MalwareAlarm (Czech Republic)
  • InstallsCash
  • Jiangsu Network Co., LTD [14]

Political connections

It has been alleged that the RBN's leader and creator, a 24-year-old known as Flyman, is the nephew of a powerful and well-connected Russian politician. Flyman is alleged to have turned the RBN towards its criminal users.[15] In light of this, it is entirely possible that recent cyber-terrorism activities, such as the denial of service attacks on Georgia and Azerbaijan in August 2008,[16] may have been co-ordinated by or out-sourced to such an organization. Although this is currently unproven, intelligence estimates suggest this may be the case.[17]

See also

References

  1. ^ Russian Business Network (RBN)
  2. ^ SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
  3. ^ Topical Research Reports - Security Intelligence from VeriSign, Inc
  4. ^ a b Brian Krebs (2007-10-13). "Shadowy Russian Firm Seen as Conduit for Cybercrime". Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461.html. 
  5. ^ Warren, Peter (2007-11-15). "Hunt for Russia's web criminals". The Guardian (London). http://www.guardian.co.uk/technology/2007/nov/15/news.crime. Retrieved 2010-05-23. 
  6. ^ a b c "A walk on the dark side". The Economist. 2007-09-30. http://economist.com/displaystory.cfm?story_id=9723768. 
  7. ^ Cybergang raises fear of new crime wave
  8. ^ Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: The Russian Business Network
  9. ^ malwarealarm.com | Web Safety Ratings from McAfee SiteAdvisor
  10. ^ Russian Business Network (RBN): RBN – The Top 20, fake anti-spyware and anti-malware Tools
  11. ^ http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Russian%20Business%20Network
  12. ^ Krebs, Brian. "Shadowy Russian Firm Seen as Conduit for Cybercrime". The Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461_pf.html. Retrieved 2010-05-23. 
  13. ^ http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7465
  14. ^ http://www.spamhaus.org/sbl/sbl.lasso?query=SBL76241
  15. ^ Warren, Peter (2007-11-15). "Hunt for Russia's web criminals". The Guardian (London). http://www.guardian.co.uk/technology/2007/nov/15/news.crime. Retrieved 2010-05-23. 
  16. ^ RBN-Georgia cyberwarfare (RBNexploit blog)
  17. ^ "The hunt for Russia's web crims". The Age (Melbourne). 2007-12-13. http://www.theage.com.au/news/security/the-hunt-for-russias-web-crims/2007/12/12/1197135470386.html. 

External links