Russian Phishers Moving to China?

Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."

ISR

[eneville (745111)]

I soviet China ... oh wait ...

Re:

[renegadesx (977007)]

China moves you?

The reason is obvious

[antifoidulus (807088)]

the Russian mafia has a serious asian fetish!

Russian Fishers Moving to China?

[colonslashslash (762464)]

Have all their lakes frozen over or something? Damn you global warming! <shakes fist angrily>

Re:Russian Fishers Moving to China?

[Echolima (1130147)]

I hate when Global Warming causes lakes to freeze

Re:

[pipingguy (566974)]

Dummy, it's like that chaos butterfly thingie where anything can cause anything else depending on access to sympathetic mainstream media and grant money. Straighten up and fly right (err...left)!

Even phishing is being outsourced?

[zappepcs (820751)]

With phishing being outsourced to China, manufacturing being outsourced to China, Can we expect lead based paint recall phishing to come from China soon?

Hmmm..

[eniac42 (1144799)]

Lead-based paint? Why, that gives me an idea.. [catandgirl.com]

internet 101

[KevMar (471257)]

so they move to a country that restricts what they can access on the internet?

Thats exactly what I would do if I was the ring leader of major internet crime...

Re:

[TheMeuge (645043)]

It's not about what goes in, but what comes out. And if you grease enough party officials, the Great Firewall of China will turn out to have a lot of trap doors.

Re:internet 101

[BadHaggis (1179673)]

Yes, but if the money is flowing into the right pocket(s) certain services/servers can bypass The Great Firewall. I am sure that these esteemed, and apparently resourceful, businessmen can negotiate a profitable relationship with the Chinese Government. Additionally, I'm not convinced that the Chinese Government is as concerned with what goes out of their country as much as they are concerned with what comes in. Certainly, given the all of the product recalls lately, you're aware of the high standards that the Chinese hold to their exports.

Re:

[Deanalator (806515)]

Sorry, but that's not super fair. If you have been following the stories, Chinese toy makers are now suing Mattel for damaging their reputation. The toys that were recalled were built completely to spec with the designs Mattel gave them. When a toy contains many small magnets that can be swallowed, how can you blame the manufacturers, and not the designers?
http://www.chinadaily.com.cn/language_tips/cdaudio/2007-11/06/content_6234061.htm [chinadaily.com.cn]

Also, the latest round of recalls came from Mexico.
http://www.canada. [canada.com]

Re:

[CharmElCheikh (1140197)]

If you can justify to the national ISP that unmonitored Internet access is a business requirement and are willing to pay your access more expensive you get your unmonitored access. It is not illegal, it is not bribery. I know it, my company does it.

Hmm

[orclevegam (940336)]

Pretty soon the only large organized internet crime is going to be the government run kind.

Re:

[Chris Mattern (191822)]

Why should the internet be different from everywhere else?

Chris Mattern

Re:

[Glowing Fish (155236)]

Just remember, there is no "soon"

Laundering

[kryten250 (1177211)]

"And they laundered money through more than a dozen Internet gambling sites." Aren't there better ways? I mean this has been done for years and it's part of the reason the US has the $10,000 rule.

Time for a third wife, then

[spywhere (824072)]

My first wife was American. Second time around, I married a Russian lawyer. Back to eBay, I guess... How much to ship 110 pounds from China, including airholes?

Re:

[night_flyer (453866)]

Airholes shouldnt weigh too much

Re:

[Critical Facilities (850111)]

Hey, don't be an airhole, the guy was trying to make a joke.

Re:

[KingOfGod (884633)]

Your's, however, might not catch much air at all.

Coming Soon...

[SlipperHat (1185737)]

The Great Firewall of China meets the Russian Phishing Pond *in* China!

But will we notice?

[Glowing Fish (155236)]

Do you think this will make a noticeable difference in the amount of spam coming through?

I have to say that since 1998, I have really noticed only an increase in the amount of spam, with the only downward swings coming from changing accounts, or my ISP implementing better spam filters. I guess I shouldn't say I haven't noticed any downswings, I have noticed a return to normal levels after a week or so of getting the same spam over and over.

But I don't think we will even notice this for the week or so it tak

Net Blocks Withdrawn?

[rel4x (783238)]

According to every single one of the cidr-reports referenced by that spamhaus article, all the blocks of IPs were "withdrawn" Example: http://cidr-report.org/cgi-bin/as-report?as=AS42811 [cidr-report.org]

FBI Humor

[handy_vandal (606174)]

FBI Director Robert S. Mueller III sure knows how to slay 'em on the college circuit:

I recently watched a video on YouTube about the impact of the Internet. And before we go any further, I will answer the question of everyone under the age of 25. Yes, those of us over a certain age are allowed to access YouTube.

And he's not alone in his youthful wisecracking -- it looks like the FBI, as an institution, has a wicked sense of humor:

In June of this year, we initiated Operation Bot Roast.

Link [fbi.gov]

-kgj

So..

[eniac42 (1144799)]

A notice in an office-entrance in St Petersburg reads..

Gone phishing..

Re:

[blhack (921171)]

I made a background out of your concept.....

figured it was only fair to share it with you.

Gone Phishing [imageshack.us]

Organized cybercrime

[iamacat (583406)]

I am not sure this would be very common, as Internet provides a great deal of anonymity. There is no way to find and eliminate competition and therefore no need to choose a don for protection. Likewise, if you are caught you are not able to rat out your friends besides the nicknames that they use to connect to IRC from hijacked machines. Maybe there is an agreement to perform hacking and DDOS hits on companies that cooperate with authorities to catch someone. But in general, cyber criminals are a bunch of i

Re:

[Capt. Skinny (969540)]

Damn. I though I was literal-minded.

Moving to china?

[Sleeping Kirby (919817)]

Phishers moving to China? I resent that. China doesn't need foreigner phishers, they have their own!!! :p

Firewall the World

[TFGeditor (737839)]

I know I will get modded into oblivion, but I do not care. This is precisely why I firewall the entire world (other than North America) from my server. None of the users nor myself have any legitimate contacts or interests overseas, so blocking all traffic sourcing anywhere except North America reduces the spam load by 98% and virtually eliminates intrusion attempts.

Offensive to you? Why? What legitimate need do you have to access my server? My company has absolutely nothing to interest you. Therefore, what reason could you possibly have to access my server?

Let the bloodletting begin.

Re:

[moz25 (262020)]

It seems unlikely that anyone is going to care about you or your site.

Then again, firewalling out high-risk IP blocks such as from China or Russia is not necessarily a bad idea. They can go to the .cn or .ru portal versions!

Re:

[TFGeditor (737839)]

Our readers/customers care, hence firewalling the rest of the world.

Re:

[moz25 (262020)]

To phrase it more clearly: in spite of the flaming or downmodding you apparently expected, no one is likely to care enough about you or your site to get worked up about it.

You already know that this method is only practical for small sites of little economic consequence and that isolationalist ideas aren't likely to be well-received on an international site like SlashDot.

What's your point then? Are you trolling? It's not exactly a novel or clever idea to use geo-targeted filtering or routing. That's what CD

Re:

[qzulla (600807)]

Yer right. No one outside our country would care about Texas fish and game.

Heck. Why not block the rest of the states? We don't care either.

Are you the webmaster? I wouldn't admit it.

qz

Firewall the US

[andersh (229403)]

blocking all traffic sourcing anywhere except North America reduces the spam load by 98%

I find that very hard to believe since most spam comes from the United States according to Spamhaus [spamhaus.org]. As a European I would block the US, Russia and China to keep the load off my servers.

Re:

[TFGeditor (737839)]

Believe what you will. I know it works for me. Opinions/beliefs to the contrary are irrelevant.

Re:

[andersh (229403)]

Believe what you will. I know it works for me. Opinions/beliefs to the contrary are irrelevant.

Good luck with that. I'll remember that next time I get another "mortgage offer". It might work for you, but the truth is that the majority of spam is from Americans, for Americans and by Americans.

Don't get me wrong, I'm not anti-American in general, but I hate getting vast amounts of spam for products that I will never buy because I'm in another country. If I blocked every national TLD except my own I would no

Re:

[TFGeditor (737839)]

Regardless of who spam is "from," it invariably is *sent* via spambots. And years of experience is that the majority of spam comes from compormised machines "overseas." The owner of the spamvertized website (which invariably are hosed in China, Russia, India, Mexico, et al) might in fact be American, but for my purposes that, too, is irrelevant.

According to the Spamhaus Register of Known Spam Operations (ROKSO) database: "Many of these spam operations pretend to operate 'offshore' using servers in Asia and

To Each His Own

[andersh (229403)]

And years of experience is that the majority of spam comes from compormised machines "overseas."

Do you have any evidence or links that proves this? Because I would like to point out that the US has quite a large percentage of the worlds computers (and Microsoft Windows). China is obviously the biggest market for PCs nowadays, but they also prefer a cheap Linux OS.

The owner of the spamvertized website ... might in fact be American, but for my purposes that, too, is irrelevant.

Sure, I agree, the ownership

Re:

[TFGeditor (737839)]

"Of course there's probably a link between purchasing spam ad campaigns, "financing" their bot networks, and ultimately supporting their phishing activities."

Quite correct. DDOS attacks are another element. Bot herders "rent" their botnets to literally anyone, including entities and individuals who wish to DDOS a competitor's or enemy's website, or for extortion schemes. ("Send money and the DDOS attack will stop.") Spammers et al also DDOS Spamhaus, Castle Cops, SpamCops, and other anti-spam/phishing organ

Re:

[TFGeditor (737839)]

Different firewall, dude. The website doesn't count.

They've already set up shop.....

[TW Atwater (1145245)]

...in Panama. inetnum: 81.95.148.0 - 81.95.151.255 netname: RBNET descr: RBusiness Network country: PA admin-c: RNR4-RIPE tech-c: RNR4-RIPE status: ASSIGNED PA mnt-by: RBN-MNT source: RIPE # Filtered role: RBusiness Network Registry address: RBusiness Network address: The Century Tower Building address: Ricardo J. Alfari Avenue address: Panama City address: Republic of Panama

Good Advice For Anyone

[markus o'farkus (98120)]

You should do what you are good at.

Two things Russians are very good at: hacking and organized crime.

When combined, it's a sight to see.

The good part of the story

[caller9 (764851)]

So.... Block these networks. Think I got them all.
194.110.69.0/24
91.198.71.0/24
91.194.140.0/23
91.196.232.0/22
91.195.116.0/23
91.193.40.0/22
91.193.56.0/22
193.33.128.0/23

Re:

[djdavetrouble (442175)]

so, how can i just block all of russia and china ?
don't really see anything that I need there....

in soviet russia

[sh3l1 (981741)]

In soviet Russia, the internet crimes you!

FBI go home

[billcopc (196330)]

As much as I hate (russian|chinese|korean|nigerian) spammers/botnets, I don't see how the FBI could possibly help. I know it's draconian, but I simply block off all access to my servers from a number of IP ranges I deem unfit, and that includes the aforementioned countries. Frankly, that's all the help I need.

Digital racism ? Maybe. It's not that I don't like chinese people, I just like them better when they don't harbor heinous criminals. Heck, I like white folk better when they don't harbor heinous c

Re:

[chubs730 (1095151)]

phish is properly enjoyed in vermont

Re:

[Grimbleton (1034446)]

Just keep away from anything that came from, around, or, realistically, has ever heard of Lake Erie.