четверг, 8 ноября 2007 г.

Russian Business Network: Down, But Not Out

A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be building a new home for itself elsewhere on the Web.

The Russian Business Network, an ISP and Web hosting provider long based in St. Petersburg, Russia, this week relinquished most of its allocated Internet addresses after a number of its main upstream Internet providers severed ties with the group.

The disappearance of RBN comes less than a month after I wrote a series of stories detailing the organization and history of the shadowy ISP. That series examined RBN's infamy as a world hub for Web sites devoted to child pornography, spamming and identity theft, a so-called "bulletproof hosting" provider to some of the most sophisticated cyber criminal networks in operation today.

Within 24 hours of that Oct. 13 story, RBN's biggest upstream provider -- Tiscali.uk -- began refusing to route Internet traffic for RBN, according to several security experts. Days later, the second of RBN's three main upstream providers -- C4l -- dropped the Russian ISP as a customer.

Then, on Nov. 4, nearly all of the most troublesome Web sites on RBN's network went dark. The following day, RBN relinquished control over Internet space that hosted thousands of domains connected to countless fraud schemes over the years.

While RBN may appear to have been vanquished, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. If Spamhaus's assumptions are correct, RBN's new home would include several times more additional Web hosting capacity than its previous location in Russia.

Not everyone is willing as yet to attribute the Chinese address registrations to RBN. Matthew Richard, director of the rapid response team for iDefense, a security company owned by Verisign, said it's too soon to draw that connection definitively. But according to Richard, RBN's customers began preparations for moving to other providers shortly after The Post published my RBN story.

About a week ago, Adobe released a security update to fix a dangerous security hole in its software that allowed criminals to foist malicious software on people who clicked on links in spam e-mails blasted out to millions. Richard said while much of the malware in that attack was downloaded from Web sites hosted at RBN, the criminals behind that attack established backup download sites at two other other bulletproof hosting providers.

"In that attack, it was clear that RBN's customers were already hedging their bets," he said. "Not only did RBN know that the writing was on the wall, but so did their customers."

The apparent flight of RBN came on the eve of a lengthy cybercrime speech by FBI Director Robert Mueller. Speaking at Penn State on Tuesday, Mueller addressed the internationalization of cyber crime and its threat to the political and economic stability of the United States.

"Increasingly, cyber threats originate outside of our borders. And as more people around the world gain access to computer technology, new dangers will surface," Mueller said. "The Internet has opened up thousands of new roads for each of us--new ideas and information, new sights and sounds, new people and places. But the invaders--those whose intent is not enlightenment, but exploitation and extremism--are marching right down those same roads to attack us in multiple ways."

http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.html

Комментариев нет: