Page 2 of 2   <      

Shadowy Russian Firm Seen as Conduit for Cybercrime

According to VeriSign, a cyber-criminal who clears these hurdles can rent a dedicated Web site from the Russian Business Network for about $600 a month, or roughly 10 times the monthly fee for a regular dedicated Web site at most legitimate Internet companies.

According to several private-sector security experts, U.S. federal law enforcement agencies have tried unsuccessfully to gain the cooperation of Russian officials in arresting the individuals behind the company and shutting it down.

Officials at Russia's Interior Ministry said last week that they could not discuss the network.

But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult.

"They make money on the services they provide," he said -- the illegal activities are all carried out by groups that buy hosting services. "That's the main problem, because RBN, in fact, does not violate the law. From a legal point of view, they are clean."

In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. "In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation," Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint.

Thomas V. Fuentes, the FBI's assistant director of international operations, declined to answer questions about the Russian Business Network but said the United States has had great success with other countries in investigating cybercrime.

Fuentes added that his agency's requests for law enforcement assistance from foreign governments sometimes conflict with domestic intelligence investigations that may be underway.

"There are times when it appears that action is not happening when in fact the other country is conducting a very sensitive investigation, and we have to take it on the chin," he said. "But that works both ways. That happens with us for requests we sometimes receive where we'd rather not go public with certain information at the time of the request."

Without a diplomatic or legal solution to the Russian Business Network, some Internet service providers have begun walling off their customers from the company.

One security administrator, speaking on condition of anonymity, said that within a few months of blocking the Russian company, his employer found it was saving significant amounts of money by spending less time helping customers clean viruses originating from the Russian Business Network off computers or taking down online scam sites or spam-spewing PCs. "Our instances of spam and infected machines dropped exponentially," he said.

Danny McPherson, chief research officer at Arbor Networks, a Lexington, Mass.-based company that provides network security services to some of the world's largest Internet providers, said most providers shy away from blocking whole networks. Instead, they choose to temporarily block specific problem sites.

"Who decides what the acceptable threshold is for stopping connectivity to an entire network? Also, if you're an AT&T or Verizon and you block access to a sizable portion of the Internet, it's very likely that some consumer rights advocacy group is going to come after you."

The unusually clear-cut case of Russian Business Network, McPherson said, has generated debate between the service providers and the security research community. Many researchers see blocking purely illegal networks as a no-brainer. But blocking problematic networks typically means they merely go to a new place on the Internet, McPherson said.

"At the end of the day," he said, "it only moves the problem somewhere else, when what we really need is for political and regulatory law enforcement to step in."

Growing numbers of security specialists for several U.S. Internet providers and telecommunications companies say they are done waiting for the cavalry to arrive. "There is never going to be an easy and painless way to combat this problem, mainly because it's been ignored for far too long and been allowed to fester," said the security administrator who did not want to be identified.

<       2

© 2007 The Washington Post Company