Shadowy Russian Firm Seen as Conduit for Cybercrime
Saturday, October 13, 2007
An Internet business based in St. Petersburg has become a world hub for Web sites devoted to child pornography, spamming and identity theft, according to computer security experts. They say Russian authorities have provided little help in efforts to shut down the company.
The Russian Business Network sells Web site hosting to people engaged in criminal activity, the security experts say.
Groups operating through the company's computers are thought to be responsible for about half of last year's incidents of "phishing" -- ID-theft scams in which cybercrooks use e-mail to lure people into entering personal and financial data at fake commerce and banking sites.
One group of phishers, known as the Rock Group, used the company's network to steal about $150 million from bank accounts last year, according to a report by VeriSign of Mountain View, Calif., one of the world's largest Internet security firms.
In another recent report, the Cupertino, Calif.-based security firm Symantec said that the Russian Business Network is responsible for hosting Web sites that carry out a major portion of the world's cybercrime and profiteering.
The company "is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations," Symantec analysts wrote in a report. "It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials."
The Russian Business Network did not respond to requests for comment e-mailed to an address listed on its Internet address records. Other efforts to communicate with its organizers through third parties were not successful.
Law enforcement agencies say these kinds of Internet companies are able to thrive in countries where the rule of law is poorly established. "It is clear that organized cybercrime has taken root in countries that don't have response mechanisms, laws, infrastructure and investigative support set up to respond to the threat quickly," said Ronald K. Noble, secretary general of Interpol, an organization that facilitates transnational law enforcement cooperation. He declined to discuss the Russian Business Network specifically.
The company isn't a mainstream Internet service provider, as Comcast and Verizon are. Rather, it specializes in offering Web sites that will remain reachable on the Internet regardless of efforts to shut them down by law enforcement officials -- so-called bulletproof hosting.
Though there are thousands of Web sites that bear the Russian Business Network name on registration records, the company is unchartered and has no legal identity, computer security firms say.
The network has no official Web site of its own; those who want to buy its services must contact its operators via instant-messaging services or obscure, Russian-language online forums, said Don Jackson, a researcher at Atlanta-based SecureWorks.
Potential customers also must prove that they are not law enforcement investigators pretending to be criminals, Jackson said. Most often, he said, this "proof" takes the form of demonstrating active involvement in the theft of consumers' financial and personal data.