Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

We Know Who's Behind Storm Worm

Posted by kdawson on Tue Jan 29, 2008 02:04 PM
from the can-you-spell-rule-of-law dept.
Security Government Politics
jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"
+ -
story

Related Stories

[+] Why Old SQL Worms Won't Die 64 comments
narramissic writes "In a recent ITworld article, Security researcher Brent Huston ponders how it is that versions of SQL worms dating back to 2002 represent nearly 70% of all malicious traffic on the Internet today. 'I have made a few attempts to backtrack hosts that perform the scans and at first blush many show the signs of common botnet infections. Most are not running exposed SQL themselves, so that means that the code has likely been implemented into many bot-net exploitation frameworks. Perhaps the bot masters have the idea that when they infiltrate a commercial network, the SQL exploits will be available and useful to them? My assessment team says this is pretty true. Even today, they find blank "sa" passwords and other age-old SQL issues inside major corporate clients. So perhaps, that is why these old exploits continue to thrive."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

We Know Who's Behind Storm Worm 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Now we know, it's official:

    S are belogn to us!!!

  • Surely You Jest (Score:5, Insightful)

    by rshol (746340) on Tuesday January 29 2008, @02:10PM (#22224970)
    Corrupt Russian Government officials in collusion with shady Russian underworld types? Who'd a thunk it?
    • Seriously, how many of you see all kinds of stuff coming out of China, Korea, Nigeria, etc.?

      NONE of them get prosecuted either....

      2 cents,

      QueenB

      • Re: (Score:3, Insightful)

        by orclevegam (940336)
        The reason this is news worthy is it appears to be more of a willful act to block prosecution, where as the ones over in Nigeria (although probably not China) are more a case of the local infrastructure and police not being capable of tracking these people. The other factor is one of organization and impact. Sure, a few Nigerians spam the hell out of people and manage to do some 419 scams, but all in all it's a few individuals doing it and they don't get all that many hits. The Russian group behind Storm on

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Yeah because by saying "russian government officials corrupt" you deny any other country having corrupt governments. One does not exclude the other, you know.

  • cronyism (Score:5, Insightful)

    by wealthychef (584778) * on Tuesday January 29 2008, @02:10PM (#22224984)
    Shocking! You mean the criminal friends of powerful politicians don't get prosecuted in Russia? Good thing that never happens here!

  • INVADE (Score:5, Insightful)

    by Bastardchyld (889185) on Tuesday January 29 2008, @02:13PM (#22225026) Homepage Journal
    I say we invade...

    U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia...


    No seriously though. This is no suprise. We can pretend that the US and Russia are the best of friends but in reality these kinds of situations will continue to happen. What is the Russian Governments incentive to take care of this issue. Like it or not it is good for their economy.

    • Re:INVADE - Alternative (Score:3, Funny)

      by Anonymous Coward
      1. Provide RBN with Windows Vista
      2. RBN gets slowed down repeatedly clicking "Da, continusky"
      3. Battle over.

    • Re:INVADE (Score:5, Interesting)

      by Quadraginta (902985) on Tuesday January 29 2008, @02:33PM (#22225344)
      It's more complicated than that. There are actually pressures that the US could bring to bear on the Russians, but they've chosen not to deploy them in this case, and have chosen to merely rely on asking for cooperation, because it isn't that big a deal to the US economy or other national interests, either.

      Personally, I don't think the solution lies in national-level action. It lies either in economics -- making the business unprofitable -- or if you really want to have James Bond fantasies, in using the very lawlessness of Russia against them. I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment. Certainly within the means of a large community of pissed-off Internet users. It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.

        Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.

          Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.

          Perhaps we just need a well trained group of Jihadist Engineers [slashdot.org].

          Recuiter: Eugeene. You body may die, but because of your selfless act your soul will rise to heaven where it will find a d

        • Re: (Score:3, Insightful)

          by Quadraginta (902985)
          Good grief, don't let's give the geeky profession airs. The FSB has a lot better resources than a few thousand compromised Windoze machines. They're going to spam somebody to death? Raise next year's black budget by running a few dozen phishing scams? Sheesh.

          Besides, this kind of goofball techno stunt isn't the Russian style. They excel at the basic ancient human-centered form of espionage and security compromise. If you think they want to penetrate your bureaucracy, then don't waste your time changin
    • I've said this before, so excuse me for sounding like a broken record.

      What needs to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

      The reason why I'm advocating this is because what the Russian cybercriminals are doing is not just criminal, but more importantly threatening the Internet infr

      • Re:Naah, isolate instead (Score:5, Insightful)

        by Dogtanian (588974) on Tuesday January 29 2008, @03:48PM (#22226424) Homepage

        What needs [my emphasis] to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

        Really, do you actually think about the practicality or plausibility of implementing your ideas in the real world?

        This not only *won't* happen (as you acknowledge) but *can't* heppen without locking down the US's (or whoever's) part of the Internet so much that the cure will be worse than the disease. Even if you stop direct links to the US net, you won't be able to stop every peering point between Russia and elsewhere. It's going to be impossible to stop indirect traffic. Criminals will just figure a way around your idea of blocking Russian traffic that hides their true location. Since they have access to lots of compromised PCs in numerous countries that's one obvious route. The other obvious solution is to cut a deal- "legal" or "illegal" by whatever measure- with a third party in a third country that isn't blocked. Good luck figuring which connections are legitimate and which are proxies for the criminals.

        And even if you block all *those* countries, they'll do it in two hops via a fourth country- so unless you have a 100% agreement between "good countries" and they have a 100% watertight block against traffic from the "bad" countries, you can't do it.

        I'll tell you now that (a) You won't get such an agreement and (b) If you did, you still wouldn't be able to make sure that those countries' defences were watertight to your standards. So the only way to get what you want is to block all non-US traffic (assuming you live in the US) to an incredible degree. And this still probably won't work.

        Your naivety and the flaw in your argument can be summed up by this phrase:-

        the responsible part of the Internet

        As if the Internet can be obviously (and easily) partitioned off into "responsible" and "irresponsible" parts! Even if it could, so long as either "part" is too big too isolate completely from the other, you can't stop traffic flowing. Therefore, there's only *ONE* Internet.

        And it's not like that; the whole thing is just shades of grey; the US part might be more "responsible" by your measure, but it's still far from perfect.

        There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.

        Yes, and your easier-to-come-up-with-on-Slashdot-than-it-is-to-actually-implement-it idea isn't one of them.

        the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council

        Yeah, it's that simple when you're a tough-talking behind-the-keyboard would-be-diplomat/politician.

        Bottom line, I'm not justifying what Russia is doing, or how they're behaving, but your solutions are naive and clumsy in the extreme. The West isn't going to isolate Russia further (which Putin would probably be quite happy with) and risk escalation of political and military tensions simply to stop some crime which- although admittedly serious and large-scale- still doesn't warrant anything like that risk.

        ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.

        Oh noes!!!!!11111

        And that's why you're neither a diplomat or a politician. You think that such petty retribution would work and Putin would say "You're right! I'll do exactly what you say". Not a bloody chance. This is just the Slashdot equivalent of some guy down the pub/bar saying how he'd put the world to rights.

        Putin would set his face against the West further (wh

          • Re:Naah, isolate instead (Score:4, Insightful)

            by Dogtanian (588974) on Tuesday January 29 2008, @05:29PM (#22227868) Homepage

            I'm fully aware nothing that I propose is ever going to happen
            Sorry to break this to you, but whilst political apathy on this issue may be a problem, it's not the main reason your suggestion should (and would) be ignored. It's because it's badly thought out and unworkable.

            You don't have to be 100% successful with cutting them off the net. Just enough so that it's going to be very inconvenient for Russians to access anything outside of Russia.
            I don't believe that you'll be anywhere near 100% near successful; I believe that you'll just succeed in blocking everyday Russians, and the criminals will pay money to people to get them through.

            Putin and the like will be quite happy to see ordinary Russians cut off from external sources of information; they've already tried to shut down as many dissenting voices as possible, but the Internet is harder to deal with. They'll also be able to paint it as Western aggression and mistreatment when they don't get things their way. Double whammy for them!

            So even if you think that inconveniencing ordinary people in this way will indirectly pressure the Russian government, it won't. Quite the opposite.

            At what point do we stop accepting their harboring of their criminals? There's gotta be a line somewhere.
            As I said, you assume criticism of your solution == non-acknowledgement of problem. This is not the case.

            My post was a criticism of a transparently bad idea, and I had the gut reaction that it would be taken (by you or someone else) as a rejection of the problem itself.

            Simply going with a bad and workable "solution" simply for the sake of doing something in the absence of a better idea is A Very Bad Thing. As I already pointed out, your solution would be *worse* than the problem anyway.

            I suspect that people have already come up with better ideas than yours, which they (having greater insight into the issues) nevertheless concluded were flawed.
  • Except in this case the Federal Gov't doesn't send in Elliot Ness... It sends in... well... nobody.
  • Does this count as 'cyberwar'? I see great potential for making lots of money^W^W^W^Wpatriotically serving the country by grafting in a Bureau of Cyberdefence into the Department of Homeland Security...

  • According to Google maps, St. Petersburg is well within 220 miles of international waters...

    If they can get exact coordinates, I can think of a (firing) solution [slashdot.org]

  • Is this cyber warfare? (Score:5, Interesting)

    by RLiegh (247921) on Tuesday January 29 2008, @02:18PM (#22225126) Homepage Journal
    Seriously ...could the whole point of this -from the Russian perspective at least, be that they can use or hire their local blackhats to wreak economic and/or civil damage (eg what happened to estonia) pretty much at will?

    I'm not saying that's what Russia is actively doing -but what incentive would Putin have to dismantle a tool that could be used so effectively against his -and russia's- enemies?

    • Re:Is this cyber warfare? (Score:5, Interesting)

      by moderatorrater (1095745) on Tuesday January 29 2008, @03:15PM (#22225950)

      I'm not saying that's what Russia is actively doing
      Actually, I'd go ahead and take that step if I were you. Allofmp3 was shut down by the Russians for doing something that was borderline legal in Russia. We have hackers doing something that (I presume) is illegal in Russia not being shut down by the Russians. While it's possible that it just so happens that a group of hackers working for the Russian mafia just happened to create a worm with great strategic importance to the Russians, great enough to withstand pressure from the international community, I find it more likely that they actively supported it.
  • why not blackhole the source IP blocks?
      • At this point it's not about stopping existing malware, it's about getting the Russian government's attention. When Putin's mistress can't buy her bling on ebay. She won't be happy. When Putin's mistress isn't happy, nobody's happy. Multiply this by 10,000,000.
  • ...are always a little suspicious. Either the person/gang is pretty obviously a very minor fish in a pond filled with Megalodon sharks, or the person/gang is conveniently impossible to reach. Not that this won't happen, but it's pretty much public knowledge that international gangs operate in the US and Europe with impunity. The odds that this one gang only exists in this one place doesn't fit what is known about Russian gangs or, indeed, what is known about cyber organizations of any kind. This sounds far too much like a call to inaction, a bid to avoid doing anything serious.

    (Besides, if a minimum level of computer security was mandated, and critical machines were kept off public networks, cybercrime, worms and viruses would be reduced in quantity and effectiveness. The Government has a position open for Internet Czar - why is it not filled and why isn't it being used to push the importance of network security? Hell, I'd put in for the job if I thought I'd have a whelk's chance in a supernova of either getting it or getting heard afterwards.)

    • Re:These sorts of stories... (Score:4, Insightful)

      by PCM2 (4486) on Tuesday January 29 2008, @03:38PM (#22226302) Homepage
      They also have many of the earmarks of urban legends. "We know exactly who is responsible" -- OK, then, what are their names? Where are their photographs? Surely the Russian government wouldn't deny a simple request for criminal conviction records, if we asked nicely. If that's too much to ask, then what are the names of the agents at the FBI and other U.S. law enforcement and intelligence agencies who have information on the perpetrators? Are they unwilling to speak anonymously, even?

      Just because a few people conspired to do something doesn't mean your explanation is not just another conspiracy theory.

        • Re: (Score:3, Interesting)

          by jd (1658)
          Which is why I said that it does indeed happen. It really does. Government activities, especially, tend to be highly secretive and Governments around the world have all been guilty of crimes. The British Government last year admitted to torturing and murdering German civilians in an undisclosed prison in London shortly after World War II. Notice the "after" bit. At least one political refugee in London has been killed by a poisoned needle on an umbrella. The South African Government provided a journalist's
  • Now we know where Jack Bauer's headed next. Unfortunately, there's a lot of vodka available there. Hmmm. Dangerous! Just Jack's style.

  • Paranomocracy: Criminal Rule (Score:4, Informative)

    by Doc Ruby (173196) on Tuesday January 29 2008, @02:25PM (#22225236) Homepage Journal
    "Paranomocracy" is rule by criminals, as first used by Russian Ouspensky [wikipedia.org] in a 1919 letter describing what he also called "kakourgocracy" the new Soviet rule by criminals.
  • Russia is pretty much telling the US and everyone else to go F*** themselves these days. There was that slight glimmer of hope that things would work out not too long ago, but alas that didn't come to pass. Hey, but at least we both believe in having a strong President who wields unlimited power. That's a good thing, right?

  • Gee, imagine that (Score:4, Informative)

    by WindBourne (631190) on Tuesday January 29 2008, @02:27PM (#22225262) Journal
    We have high level gov. officials who are corrupt. Welcome to America^h^h^h^h^h^h^h France^h^h^h^h^h^h China^h^h^h^h^h Russia.
  • 100 years in the future:

    The Freedom of Information Act has finally made available the reason by the mysterious disappearence of the Storm Worm Botnet. We learned today that operatives from the CIA, the Navy Seals and Mossad took down the Russians responsible for the botnet; all without Russia ever knowing. How this feat was accomplished is even more amazing then the fact that it was. More at 11.

    • Re:News flash 100 years from now (Score:4, Funny)

      by Teflon_Jeff (1221290) on Tuesday January 29 2008, @02:52PM (#22225566)
      In unrelated news, there are troubling reports of a new Storm Worm coming from mars. Random slashdot posts have appeared stating "In soviet Mars, The planet reddens YOU"

      Agents are exploring a correlation. Slashdot has already modded them down as trolls.
  • your computer GIVES viruses!
  • I'm sure I read recently that most of the machines infected by the worm were in the US. So trying to cut off Russia isn't just stupid, it's not going to fix the problem.

    But malware is not like drugs - no user of an infected machine is hooked or needs malware. So they have a direct incentive to fix the problem. Especially if their ISP started to get heavy with them. We can kill this off at source.

    For sure, zero day exploits are another matter. But one thing at a time.

  • Redmond was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation...
  • Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.
    • Damn! Preview THEN submit.....

      Just because something is against the law in the U.S. doesn't mean it's illegal everywhere in the world.

    • Re: (Score:3, Insightful)

      by russ1337 (938915)

      Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.
      yet.
  • If the US government took down the people controlling Storm, wouldn't the US government then be in control of Storm?

    *gulp*

  • Isn't it Kuvayev and company? (Score:4, Interesting)

    by damn_registrars (1103043) on Tuesday January 29 2008, @03:13PM (#22225902) Journal
    I had read through the Wikipedia [wikipedia.org] page on Leo Kuvayev [wikipedia.org] that he may be (one of the?) main guy(s) behind the storm worm botnet.

    Here's the reference to Leo Kuvayev having a role with the storm botnet [securitypronews.com]. Considering the massive amounts of spam that is pumped out for domains that he purchases, it wouldn't surprise me in the least.

    Though according to his Crooked [mouzz.com]Registrar [pacnames.com] Partners [todaynic.com], he apparently lives in Finland. Though I somehow doubt that he really owns an entire Finnish city, as his address would have you believe.

  • A complex pattern of incentives (Score:3, Interesting)

    by Budenny (888916) on Wednesday January 30 2008, @02:02AM (#22231698)
    One imagines there may be a complex pattern of incentives. RBN for these purposes should be considered a deniable branch of the Russian state.

    The incentive to do it is to try out net sabotage techniques for possible later use in a controlled and deniable way. You don't have the potential embarrassment of trying to do it clandestinely and getting caught. You do it openly but deniably.

    The incentive for allowing it is the hope that practice in defense will be more valuable than practice in attack, and that the net will evolve more robust defense systems than if you adopted state measures to prevent it. If you could even find any.

    However, what should be somewhat alarming here is that a regime most of whose officials came out of the Soviet equivalent of the Abwehr or the SS should now be in power and conducting a sort of guerrilla war on the West. Never forget, the organizations these guys came out of murdered several times the numbers the Nazis did and operated a camp network many times the size of the Nazi one.

    They are not people like us.
    • It's very cool in a museum, but in real life it's not that fun to be stomped down by one. So yes worms and carnivores as massive as these are pretty cool, at a distance.

    • Re:maybe i'm on drugs (Score:5, Insightful)

      by moderatorrater (1095745) on Tuesday January 29 2008, @03:07PM (#22225824)
      You mean like this [xkcd.com]?

      The problem with that thinking is that this ecosystem is entirely created by humans, and that there are no limits on population in the first place. The internet's not like an enclosed valley which can support 300 sheep no matter what. The limits on what the internet can handle are constantly expanding, and so far there's been little to no strain.

      As for whether the worm is cool and impressive, well, that depends on what you think cool and impressive are. It's extremely well built, runs quite well and is hard to catch once it's entrenched. It's a lot like the mafia, and if you're like the rest of the US, that is cool. Also like the mafia, it's really only cool if you're the one running the show or you have little to no experience with it.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.