Forgot your password?
typodupeerror
Security The Internet IT

Russian Hacker Gang Vanishes Again 64

Posted by kdawson
from the now-you-see-'em dept.
Arashtamere writes "The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again. An analyst at VeriSign's iDefense Labs unit said iDefense had tracked RBN's migration earlier in the week from servers based in Russia to ones running in China, after obtaining at least seven net blocks of Chinese IP addresses. As of Wednesday, RBN controlled 5,120 IP addresses assigned to Chinese service providers; known RBN clients were even seen using those addresses that day. But with its China move putting the spotlights of the media and the security community on the organization, RBN suddenly went offline on Thursday. 'They severed connections to six of the seven net blocks on November 8,' the analyst said. RBN as a single organization may be dead and gone; it may even now be breaking up into smaller pieces farmed out to multiple countries' Internet infrastructures."
This discussion has been archived. No new comments can be posted.

Russian Hacker Gang Vanishes Again

Comments Filter:
  • by compumike (454538) on Tuesday November 13, 2007 @12:52AM (#21332561) Homepage
    It seems like having all of your traffic on seven well-defined subnets is an easy way to make all of your activity really obvious.

    But hey, at least these guys are being pursued and thwarted. There are way too many hackers and script kiddies out there who need to get their butts kicked one and become productive members of society with their skills. This is an important lesson and it comes at a price, but ultimately we need to convert these people to use their technical knowledge for good. By making it harder and harder for the underworld to survive, the economic benefits of that lifestyle become overshadowed by its risks. This will bring these people out into the light, and hopefully both reduce the economic pain they cause with their mischief, and also let them contribute constructively.

    --
    Educational microcontroller kits for the digital generation. [nerdkits.com]
    • Major! There's something else.

      Six men...wearing US issue Army boots.

      They came in from the west and followed the Russian hacker gang out to the south.

      We move! 5 meter spread...no sound!
    • Isn't it funny? Hackers and social engineers can make 4 times what you or I do as long as they A: Cause a shit storm, B: Get caught. How many other types of criminals can actually get away with this, well, besides politicians? I bet they were never really even in China. These guys obviously know their shit, they could be in Mexico hanging out at Senior Frogs knocking back shooters while controlling a bunch of zombie machines for all we know.
      • A: Just about any other white collar criminal who steals enough to make the maximum fine seem like nothing in comparison. Most major wall street crooks for instance. White collar crime is like that unfortunately.
    • Except people who get caught don't turn to good, they generally get thrown in the prison system for years where they grow even more contempt for humanity than they did before.
    • (AP News) Guanzhou China - 35 unidentified bodies found in a ditch in China's Guangzhou province. The bodies are Caucasian and appear to be of Russian decent. Their are signs of abuse on the bodies, but the local police have no information on the subject.

      ---
      The Chinese are known for quick justice. One possible outcome.
  • by reporter (666905) on Tuesday November 13, 2007 @01:03AM (#21332657) Homepage
    There may be another possibility. With so much unwanted attention in the media, the Russian Business Network (RBN) may voluntarily have broken up into numerous small groups. In much the same fashion, the alumni of the KGB [rferl.org] have broken up into numerous small cliques. Each clique is essentially a mafia gang with a strongman as boss and wields considerable power.

    As the Kremlin moves into cyberspace [slashdot.org], each KGB clique will want a "piece of the action" and has absorbed some alumni of the RBN. In the 21st century, even the Russian mafia needs an online presence.

  • It doesn't take a rocket scientist to figure out that setting up inside China was bound to be a bit of a bad move...

    Might as well hang out a sign... ---> R U S S I A N -- B O T N E T -- M A S T E R S -- H E R E ! ! !
  • Don't be so fast (Score:5, Informative)

    by DNS-and-BIND (461968) on Tuesday November 13, 2007 @01:15AM (#21332721) Homepage
    Well, based in China as I am, I can think of another reason the RBN stayed here for a few days and then quit. The internet connection to the outside world is horribly slow! I regularly get modem speeds when using US-based sites such as slashdot. If file transfers go above 10k/s then I'm ecstatic. I can't imagine that spammers would be happy with slow connections. I had a Nordic businessman ask me for some consulting recently. I talked to him, and he said that the internet was too slow between there and Denmark, and could I fix it? I just rolled my eyes and told him to talk to either Hu Jintao or the Ministry of Propaganda and Information...
    • When I moved into an apartment in Shenzhen, the landlord had already initiated internet service. Problem was, it was the entry-level package, and yes, it was slow. If I wanted speed, I had to wait until I went into the office.

      All I had to do was contact China Telecom [chinatelecom.com.cn] and ask to move up to the next tier. Throughput was doubled by the afternoon. And my billing dropped by 30% per year. Much better...
    • by S3D (745318)
      I think it's not specific to China, but to many non-developed or semi-developed countries. In Israel outside connection for average home broadband also 10k/s at best. A lot worse usually.
    • Re:Don't be so fast (Score:4, Interesting)

      by Chief Wongoller (1081431) on Tuesday November 13, 2007 @02:34AM (#21333167)
      Well, actually I'm in China too. The interesting aspect of internet access in China is that ISPs here always provide much higher upload speeds than download speeds, by a ratio of about 3 or 4 to 1. This is to serve the interests of Chinese exporters, by making Chinese based websites more accesable to the outside world. That is to say the internet in China is more about exporting data -good or bad- rather than importing. So China is rather a logical location for those hackers, especially as policing of the internet here is almost non-existant ( no fears about P-2P downloading here).Incidentally, download speeds, while slower than North America or Europe are not always painfully slow. Speed depends largely on where you live: I live a a modern building in a modern city and can get download speeds of 100k/s no problem.
    • Curious... (Score:3, Interesting)

      I'm curious, is Slashdot not censored?

      I imagine if you're having to go around that, it might slow things down a bit.
      • Re: (Score:1, Flamebait)

        by kamapuaa (555446)
        No, Slashdot isn't censored in China, it's just a bunch of man-children whining about the RIAA after all. I'm in Shanghai, and I use the lowest-level broadband, and I'm way faster than 10k/ to the US...but yeah, it's not for US sites as actually being in the US.
        • by nihaopaul (782885)
          can you access http://rss.slashdot.org/ [slashdot.org] ? i'm in shanghai too on china telecom 512/512 line (can't upgrade without my landlords id card.. i tried the shouting and screaming approach..highly entertaining)

          but to be honest, at a rate of 50rmb/ip/month for a server in china, thats an expensive 7 netblocks! prehaps if you register for a /24's then it isn't that bad, but by ip, its pricey.

        • I would think that this topic [slashdot.org] would contain enough references to democratic thoughts and ideals (occasionally) to be censored, at least partly.

          Also, you're a troll. I almost wish you were censored.
          • Re: (Score:3, Insightful)

            by kamapuaa (555446)
            No, really, it wasn't trolling. I enjoy Slashdot but it boils down to people talking about science-fiction movies, discussing new techie gadgets, constantly whining naively about US laws and cell phone coverage (???) with a pathetic groupthink (well I don't love that part), and various topics that really the Chinese government could care less about. Considering it doesn't block most foreign newspapers, articles like this [msn.com], and is especially lax with foreign-language media, why should the PRC care about Sla
      • by KDR_11k (778916)
        I have this hunch that they don't censor foreigners. Taht way those foreigners don't get a bad impression of the country and it's not like they don't have "evil" information in their heads already.
  • While I'm not sure it's a good thing that this hacker network has vanished, I am still pleased with the headline using the term 'hacker' correctly.

    Perhaps we are finally ready to put the misnomer 'cracker' to rest once and for all.

    Now I feel like a bit of cheese...

    • by Nazlfrag (1035012)
      Damn straight. A cracker is someone who penetrates tight layers of security to crack (hence the name) vaults containing large deposits of valuables. I never saw the correlation with computer crime, it's just not there.
  • So how has this affected spam and cyber crime? It would be interesting to see if these networks vanishing has any affect.
    • Re: (Score:3, Interesting)

      by Joebert (946227)
      Sure it does, it makes way for competitors.

      Being a botmaster looks alot like being a drug dealer, & that's what happens with drug dealers.
  • Vanishes Again, and continues hacking while invisible -- that's right, just like before, they'll continue hacking. And they're using new IP's!

    How unusual.
  • Hey, Really? No shit. If you are doing a bunch of stuff you don't really want taken notice of, having the mass media saying "Hey look, they're in China and have these netblocks!" could be bad . It also stands a chance of coming to the notice of someone in a position to do something about it - also not good from the hackers' point of view.
  • Apart from how they get on the machine in the first place, I guess these clients all work in similar ways? Central controller sends work out to distributed workers, who do their thing and then report back for more work. I guess botnets are a bit more cunning as they have to hide and can change jobs/controllers/whatever.
  • Can you tell us which 7 netblocks they are (were) using, so that we can block them on our firewalls?

    All that I could find was the fourth comment to this article [washingtonpost.com], in which a /20 block is mentioned. The article itself was previously linked on Slashdot; it's about a sysadmin who decided to block the RBN's address ranges and was rewarded by a noticable drop in compromised customer boxes.
    • Re: (Score:3, Informative)

      by SIGBUS (8236)
      Although the list contains more than just RBN-related netblocks, the Spamhaus DROP List [spamhaus.org] is your friend.
  • That was quick, must've used Atlas Van Lines. Or maybe they just used Brown. They can move stuff FAST!

    Hopefully they will move to Afghanistan or Iraq, they will bomb them.
  • As long as they can find complacent registrars and ISPs to propagate their system. They left Russia when the heat was turned up on their hosting / registration providers there. At least the companies in Russia speak English - or at least admit to knowing enough English to respond to complaints from the US. So then the hacker gang packed up and went to China, where the companies get away with pretending to not speak English, in spite of hosting sites in English and selling domains with English language re
  • They've had wars several times in the 20th century due to border disputes. Right now both sides make lots of money and the friction is way down, but underlying tension may still be there.
    China could close down these business whenever it sees a need.
  • by Anonymous Coward on Tuesday November 13, 2007 @04:49PM (#21341247)
    The first rule of RBN is, you do not talk about RBN.

    The second rule of RBN is, you DO NOT talk about RBN.

    If something says BSOD, goes coredump, logs out, the crack is over.

    Two crackers to a host.

    One crack at a time.

    No GUIs, no frameworks.

    Cracks will go on as long as they have to.

    If this is your first account at RBN, you have to crack.

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...