Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Russian Hacker Gang Vanishes Again

Posted by kdawson on Mon Nov 12, 2007 11:43 PM
from the now-you-see-'em dept.
Security The Internet IT
Arashtamere writes "The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again. An analyst at VeriSign's iDefense Labs unit said iDefense had tracked RBN's migration earlier in the week from servers based in Russia to ones running in China, after obtaining at least seven net blocks of Chinese IP addresses. As of Wednesday, RBN controlled 5,120 IP addresses assigned to Chinese service providers; known RBN clients were even seen using those addresses that day. But with its China move putting the spotlights of the media and the security community on the organization, RBN suddenly went offline on Thursday. 'They severed connections to six of the seven net blocks on November 8,' the analyst said. RBN as a single organization may be dead and gone; it may even now be breaking up into smaller pieces farmed out to multiple countries' Internet infrastructures."
+ -
story

Related Stories

[+] Profile of the Russian Business Network 180 comments
The Washington Post has an article detailing what is known of the workings of the Russian Business Network, a shadowy entity based in St. Petersburg that hosts a good fraction of the world's spammers, identity thieves, bot herders, and phishers. RBN is not incorporated anywhere and may not technically even be violating Russian law. It provides "bulletproof hosting" for about $600 a month to a wide range of bad guys.The author of the Post story, Brian Krebs, supplements it with two blog posts. One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results. The other post maps some of the RBN's upstream suppliers and details the extent of the RBN's involvement in recent cyber-attacks: "Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers" in the RBN.
[+] Russian Phishers Moving to China? 67 comments
Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."
Submission: Russian hacker gang vanishes once again by Arashtamere (1178557)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Russian Hacker Gang Vanishes Again 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Hunt them down... big blocks of IP space = obvious (Score:5, Insightful)

    by compumike (454538) on Monday November 12 2007, @11:52PM (#21332561) Homepage
    It seems like having all of your traffic on seven well-defined subnets is an easy way to make all of your activity really obvious.

    But hey, at least these guys are being pursued and thwarted. There are way too many hackers and script kiddies out there who need to get their butts kicked one and become productive members of society with their skills. This is an important lesson and it comes at a price, but ultimately we need to convert these people to use their technical knowledge for good. By making it harder and harder for the underworld to survive, the economic benefits of that lifestyle become overshadowed by its risks. This will bring these people out into the light, and hopefully both reduce the economic pain they cause with their mischief, and also let them contribute constructively.

    --
    Educational microcontroller kits for the digital generation. [nerdkits.com]
    • Major! There's something else.

      Six men...wearing US issue Army boots.

      They came in from the west and followed the Russian hacker gang out to the south.

      We move! 5 meter spread...no sound!
    • Isn't it funny? Hackers and social engineers can make 4 times what you or I do as long as they A: Cause a shit storm, B: Get caught. How many other types of criminals can actually get away with this, well, besides politicians? I bet they were never really even in China. These guys obviously know their shit, they could be in Mexico hanging out at Senior Frogs knocking back shooters while controlling a bunch of zombie machines for all we know.
      • A: Just about any other white collar criminal who steals enough to make the maximum fine seem like nothing in comparison. Most major wall street crooks for instance. White collar crime is like that unfortunately.
    • Except people who get caught don't turn to good, they generally get thrown in the prison system for years where they grow even more contempt for humanity than they did before.
    • (AP News) Guanzhou China - 35 unidentified bodies found in a ditch in China's Guangzhou province. The bodies are Caucasian and appear to be of Russian decent. Their are signs of abuse on the bodies, but the local police have no information on the subject.

      ---
      The Chinese are known for quick justice. One possible outcome.
      • I agree, we shouldn't have stopped all those Folding@Home programs they were running. I mean, why else would they need so many computers?

  • Alternative Theory: Russian Mafia Groups (Score:5, Interesting)

    by reporter (666905) on Tuesday November 13 2007, @12:03AM (#21332657) Homepage
    There may be another possibility. With so much unwanted attention in the media, the Russian Business Network (RBN) may voluntarily have broken up into numerous small groups. In much the same fashion, the alumni of the KGB [rferl.org] have broken up into numerous small cliques. Each clique is essentially a mafia gang with a strongman as boss and wields considerable power.

    As the Kremlin moves into cyberspace [slashdot.org], each KGB clique will want a "piece of the action" and has absorbed some alumni of the RBN. In the 21st century, even the Russian mafia needs an online presence.

  • It doesn't take a rocket scientist to figure out that setting up inside China was bound to be a bit of a bad move...

    Might as well hang out a sign... ---> R U S S I A N -- B O T N E T -- M A S T E R S -- H E R E ! ! !

  • Don't be so fast (Score:5, Informative)

    by DNS-and-BIND (461968) on Tuesday November 13 2007, @12:15AM (#21332721) Homepage
    Well, based in China as I am, I can think of another reason the RBN stayed here for a few days and then quit. The internet connection to the outside world is horribly slow! I regularly get modem speeds when using US-based sites such as slashdot. If file transfers go above 10k/s then I'm ecstatic. I can't imagine that spammers would be happy with slow connections. I had a Nordic businessman ask me for some consulting recently. I talked to him, and he said that the internet was too slow between there and Denmark, and could I fix it? I just rolled my eyes and told him to talk to either Hu Jintao or the Ministry of Propaganda and Information...
    • When I moved into an apartment in Shenzhen, the landlord had already initiated internet service. Problem was, it was the entry-level package, and yes, it was slow. If I wanted speed, I had to wait until I went into the office.

      All I had to do was contact China Telecom [chinatelecom.com.cn] and ask to move up to the next tier. Throughput was doubled by the afternoon. And my billing dropped by 30% per year. Much better...
    • I think it's not specific to China, but to many non-developed or semi-developed countries. In Israel outside connection for average home broadband also 10k/s at best. A lot worse usually.

    • Re:Don't be so fast (Score:4, Interesting)

      by Chief Wongoller (1081431) on Tuesday November 13 2007, @01:34AM (#21333167)
      Well, actually I'm in China too. The interesting aspect of internet access in China is that ISPs here always provide much higher upload speeds than download speeds, by a ratio of about 3 or 4 to 1. This is to serve the interests of Chinese exporters, by making Chinese based websites more accesable to the outside world. That is to say the internet in China is more about exporting data -good or bad- rather than importing. So China is rather a logical location for those hackers, especially as policing of the internet here is almost non-existant ( no fears about P-2P downloading here).Incidentally, download speeds, while slower than North America or Europe are not always painfully slow. Speed depends largely on where you live: I live a a modern building in a modern city and can get download speeds of 100k/s no problem.
    • I'm curious, is Slashdot not censored?

      I imagine if you're having to go around that, it might slow things down a bit.

      • Re: (Score:1, Flamebait)

        by kamapuaa (555446)
        No, Slashdot isn't censored in China, it's just a bunch of man-children whining about the RIAA after all. I'm in Shanghai, and I use the lowest-level broadband, and I'm way faster than 10k/ to the US...but yeah, it's not for US sites as actually being in the US.
        • can you access http://rss.slashdot.org/ [slashdot.org] ? i'm in shanghai too on china telecom 512/512 line (can't upgrade without my landlords id card.. i tried the shouting and screaming approach..highly entertaining)

          but to be honest, at a rate of 50rmb/ip/month for a server in china, thats an expensive 7 netblocks! prehaps if you register for a /24's then it isn't that bad, but by ip, its pricey.

        • I would think that this topic [slashdot.org] would contain enough references to democratic thoughts and ideals (occasionally) to be censored, at least partly.

          Also, you're a troll. I almost wish you were censored.

          • Re: (Score:3, Insightful)

            by kamapuaa (555446)
            No, really, it wasn't trolling. I enjoy Slashdot but it boils down to people talking about science-fiction movies, discussing new techie gadgets, constantly whining naively about US laws and cell phone coverage (???) with a pathetic groupthink (well I don't love that part), and various topics that really the Chinese government could care less about. Considering it doesn't block most foreign newspapers, articles like this [msn.com], and is especially lax with foreign-language media, why should the PRC care about Sla
      • I have this hunch that they don't censor foreigners. Taht way those foreigners don't get a bad impression of the country and it's not like they don't have "evil" information in their heads already.
  • While I'm not sure it's a good thing that this hacker network has vanished, I am still pleased with the headline using the term 'hacker' correctly.

    Perhaps we are finally ready to put the misnomer 'cracker' to rest once and for all.

    Now I feel like a bit of cheese...

      • Erm, no. What makes you think that dubious jargon compilation is authorative?

        Hackers are people who use computers to break into other computers. Crackers are traditionally served with cheese.

        Some people who write programs (programmers) like to be called hackers so they can liken aspects of themselves to the cool guys (hackers) but they're still just programmers.

        And don't get me started on white hat vs black hat.
    • Damn straight. A cracker is someone who penetrates tight layers of security to crack (hence the name) vaults containing large deposits of valuables. I never saw the correlation with computer crime, it's just not there.
  • So how has this affected spam and cyber crime? It would be interesting to see if these networks vanishing has any affect.

    • Re: (Score:3, Interesting)

      by Joebert (946227)
      Sure it does, it makes way for competitors.

      Being a botmaster looks alot like being a drug dealer, & that's what happens with drug dealers.
  • Vanishes Again, and continues hacking while invisible -- that's right, just like before, they'll continue hacking. And they're using new IP's!

    How unusual.
  • Hey, Really? No shit. If you are doing a bunch of stuff you don't really want taken notice of, having the mass media saying "Hey look, they're in China and have these netblocks!" could be bad . It also stands a chance of coming to the notice of someone in a position to do something about it - also not good from the hackers' point of view.
  • Apart from how they get on the machine in the first place, I guess these clients all work in similar ways? Central controller sends work out to distributed workers, who do their thing and then report back for more work. I guess botnets are a bit more cunning as they have to hide and can change jobs/controllers/whatever.
  • Can you tell us which 7 netblocks they are (were) using, so that we can block them on our firewalls?

    All that I could find was the fourth comment to this article [washingtonpost.com], in which a /20 block is mentioned. The article itself was previously linked on Slashdot; it's about a sysadmin who decided to block the RBN's address ranges and was rewarded by a noticable drop in compromised customer boxes.

    • Re: (Score:3, Informative)

      by SIGBUS (8236)
      Although the list contains more than just RBN-related netblocks, the Spamhaus DROP List [spamhaus.org] is your friend.
  • That was quick, must've used Atlas Van Lines. Or maybe they just used Brown. They can move stuff FAST!

    Hopefully they will move to Afghanistan or Iraq, they will bomb them.
  • As long as they can find complacent registrars and ISPs to propagate their system. They left Russia when the heat was turned up on their hosting / registration providers there. At least the companies in Russia speak English - or at least admit to knowing enough English to respond to complaints from the US. So then the hacker gang packed up and went to China, where the companies get away with pretending to not speak English, in spite of hosting sites in English and selling domains with English language re
  • They've had wars several times in the 20th century due to border disputes. Right now both sides make lots of money and the friction is way down, but underlying tension may still be there.
    China could close down these business whenever it sees a need.

  • The rules of RBN (Score:3, Funny)

    by Anonymous Coward on Tuesday November 13 2007, @03:49PM (#21341247)
    The first rule of RBN is, you do not talk about RBN.

    The second rule of RBN is, you DO NOT talk about RBN.

    If something says BSOD, goes coredump, logs out, the crack is over.

    Two crackers to a host.

    One crack at a time.

    No GUIs, no frameworks.

    Cracks will go on as long as they have to.

    If this is your first account at RBN, you have to crack.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.