Russian Cybercrooks Adopt Lower Profile
RUSSIA’S CYBERCRIMINALS run some of the most lucrative and best-structured illegal enterprises in the world. Some have even enjoyed a level of official protection that gangsters in many other countries could only dream of. However, there are limits to their impunity, as the fate of Russia’s best-known cybergang, a high-profile outfit that called itself the Russian Business Network (RBN), has shown.
For years, RBN had operated a lucrative business offering high-priced “bulletproof” Web hosting for gangs of phishers, child pornographers, spammers, and identity thieves. The RBN got business through referrals, by frequenting chat rooms used by cybercriminals, and by a network of scouts who prowled the Internet seeking out potential clients.
But RBN dropped from sight at the end of last year after Tiscali, an Italian-owned Internet service provider, cut RBN’s main global Internet conduit. RBN was routing traffic through Tiscali’s London data center. Don Jackson, a researcher at Atlanta-based IT security firm SecureWorks, says Tiscali cut RBN’s connection at the prompting of the U.K.’s Serious Organized Crime Agency.
At first, it appeared that the move wasn’t fatal to RBN, because, like any good business, this renegade operation had a contingency plan. “RBN had a plan in place, and when its upstream connectivity was pulled, it enacted the plan. It had two days’ notice from an insider,” says Jackson. “They registered a block of IP addresses in a Chinese network and were quickly back up.”
But RBN’s new site was no safer. When that network was shut down shortly after, RBN migrated to servers in various countries including Turkey, Saudi Arabia, and India, says Jackson. Then Russian authorities forced St. Petersburg-based RBN to close down altogether.
“Publicity killed [RBN] because it became too high-profile. It got to the point where the Russian government just could not allow it to go on anymore,” says a U.S. Web security analyst working in Russia. The researcher says that RBN’s model worked as long as they could rely on protection and guarantee to their clients that they were not going to be shut down.
RBN’s demise does not signal the end of cybercrime in Russia, however. Russia has become a center of cybercrime because Russian law enforcement has limited resources and lacks enough officers with a technical background. Russian society and officials rarely consider cybercrime to be a serious offense, says Kimberly Zenz, an analyst at IT security consultancy VeriSign.
“Russia is perfect for hackers and cybercriminals,” says Zenz. “There is a large number of highly educated people. If you operate [inconspicuously] and pay bribes, then you are completely protected.”
Few expect a crackdown on cybercrime under incoming President Dmitry Medvedev. “I see this as an endemic problem, and Russia provides an ideal environment for it to happen,” says Peter Sommer, senior research fellow at the London School of Economics’ Information Systems Integrity Group. He says business, crime, and politics in Russia have become so closely enmeshed that it will be hard to separate them.