Russian Business Network
Encyclopedia
The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime
organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack
and an alleged operator of the Storm botnet
.
The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider
for child pornography
, phishing
, spam
, and malware
distribution physically based in St. Petersburg, Russia
. By 2007, it developed partner and affiliate marketing techniques in many countries to provide a method for organized crime
to target victims internationally.
, RBN was registered as an internet site in 2006.
Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals.
The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year. Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month.
The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.
One increasingly known activity of the RBN is delivery of exploit
s through fake anti-spyware and anti-malware, for the purposes of PC hijacking and personal identity theft
. McAfee SiteAdvisor
tested 279 “bad” downloads from this one site, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper. The user is enticed to use a “free download” to test for spyware
or malware
on their PC; MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. Along with MalwareAlarm, much other rogue software
is linked to and hosted by the RBN.
According to Spamhaus
, RBN is “Among the world's worst spammer, malware
, phishing
and cybercrime
hosting networks. Provides 'bulletproof hosting
', but is probably involved in the crime too”. RBN was the subject of an article in the Washington Post on October 13, 2007, where Symantec
and other security firms claim RBN provides hosting for many illegal activities, including identity theft
and phishing
. The article quotes a spokesman for Kaspersky Lab
s that the owners of RBN might not have directly violated the law as they primarily provide hosting services; their customers are apparently the ones violating laws.
activities, such as the denial of service attacks on Georgia and Azerbaijan in August 2008, may have been co-ordinated by or out-sourced to such an organization. Although this is currently unproven, intelligence estimates suggest this may be the case.
CyberCrime
CyberCrime was an innovative, weekly America television program on TechTV that focused on the dangers facing computer users. Filmed in San Francisco, California, the show was hosted by Alex Wellen and Jennifer London...
organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack
MPack (software)
In computer security, MPack is a PHP-based malware kit produced by Russian crackers. The first version was released in December 2006. Since then a new version is thought to have been released roughly every month. It is thought to have been used to infect up to 160,000 PCs with keylogging software...
and an alleged operator of the Storm botnet
Storm botnet
The Storm botnet or Storm worm botnet is a remotely controlled network of "zombie" computers that have been linked by the Storm Worm, a Trojan horse spread through e-mail spam...
.
The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
for child pornography
Child pornography
Child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child...
, phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
, spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
, and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
distribution physically based in St. Petersburg, Russia
Russia
Russia or , officially known as both Russia and the Russian Federation , is a country in northern Eurasia. It is a federal semi-presidential republic, comprising 83 federal subjects...
. By 2007, it developed partner and affiliate marketing techniques in many countries to provide a method for organized crime
Organized crime
Organized crime or criminal organizations are transnational, national, or local groupings of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for monetary profit. Some criminal organizations, such as terrorist organizations, are...
to target victims internationally.
Activities
According to internet security company VeriSignVeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
, RBN was registered as an internet site in 2006.
Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals.
The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 million in one year. Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month.
The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.
One increasingly known activity of the RBN is delivery of exploit
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
s through fake anti-spyware and anti-malware, for the purposes of PC hijacking and personal identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
. McAfee SiteAdvisor
McAfee SiteAdvisor
SiteAdvisor is a service that reports on the safety of web sites by crawling the web and testing the sites it finds for malware and spam. The service was originally developed by SiteAdvisor, Inc, an MIT startup first introduced at CodeCon on February 10, 2006 and later acquired by McAfee on April...
tested 279 “bad” downloads from this one site, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper. The user is enticed to use a “free download” to test for spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
or malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
on their PC; MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. Along with MalwareAlarm, much other rogue software
Rogue software
Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware...
is linked to and hosted by the RBN.
According to Spamhaus
The Spamhaus Project
The Spamhaus Project is an international organisation to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.-Spamhaus...
, RBN is “Among the world's worst spammer, malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and cybercrime
CyberCrime
CyberCrime was an innovative, weekly America television program on TechTV that focused on the dangers facing computer users. Filmed in San Francisco, California, the show was hosted by Alex Wellen and Jennifer London...
hosting networks. Provides 'bulletproof hosting
Bulletproof hosting
Bulletproof hosting is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute...
', but is probably involved in the crime too”. RBN was the subject of an article in the Washington Post on October 13, 2007, where Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
and other security firms claim RBN provides hosting for many illegal activities, including identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
and phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
. The article quotes a spokesman for Kaspersky Lab
Kaspersky Lab
Kaspersky Lab is a Russian computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering anti-virus, anti-spyware, anti-spam, and anti-intrusion products...
s that the owners of RBN might not have directly violated the law as they primarily provide hosting services; their customers are apparently the ones violating laws.
Organization
The RBN operates under several different names, or what could be regarded as operating divisions. A few of these international operations appear to be based in specific countries.- RBNet
- RBNetwork
- RBusinessNetwork
- iFrame Cash
- SBT Telecom Network (SeychellesSeychellesSeychelles , officially the Republic of Seychelles , is an island country spanning an archipelago of 115 islands in the Indian Ocean, some east of mainland Africa, northeast of the island of Madagascar....
) - Aki Mon Telecom
- 4Stat
- Eexhost
- DefconHost
- Rusouvenirs Ltd.
- TcS Network (PanamaPanamaPanama , officially the Republic of Panama , is the southernmost country of Central America. Situated on the isthmus connecting North and South America, it is bordered by Costa Rica to the northwest, Colombia to the southeast, the Caribbean Sea to the north and the Pacific Ocean to the south. The...
) - Nevcon Ltd. (PanamaPanamaPanama , officially the Republic of Panama , is the southernmost country of Central America. Situated on the isthmus connecting North and South America, it is bordered by Costa Rica to the northwest, Colombia to the southeast, the Caribbean Sea to the north and the Pacific Ocean to the south. The...
), - Micronnet Ltd. (St. Petersburg Russia)
- Too coin Software (UK)
- 76service
- Voze Networks (PanamaPanamaPanama , officially the Republic of Panama , is the southernmost country of Central America. Situated on the isthmus connecting North and South America, it is bordered by Costa Rica to the northwest, Colombia to the southeast, the Caribbean Sea to the north and the Pacific Ocean to the south. The...
) - MalwareAlarm (Czech RepublicCzech RepublicThe Czech Republic is a landlocked country in Central Europe. The country is bordered by Poland to the northeast, Slovakia to the east, Austria to the south, and Germany to the west and northwest....
) - InstallsCash
- Jiangsu Network Co., LTD
Political connections
It has been alleged that the RBN's leader and creator, a 24-year-old known as Flyman, is the nephew of a powerful and well-connected Russian politician. Flyman is alleged to have turned the RBN towards its criminal users. In light of this, it is entirely possible that recent cyber-terrorismCyber-terrorism
Cyberterrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses....
activities, such as the denial of service attacks on Georgia and Azerbaijan in August 2008, may have been co-ordinated by or out-sourced to such an organization. Although this is currently unproven, intelligence estimates suggest this may be the case.
External links
- Spamhaus – Rokso listing and description of RBN activities
- RBN Study - bizeul org - PDF
- Shadowserver - RBN as RBusiness Network AS40898 - Clarifying the guesswork of Criminal Activity - PDF