We Know Who's Behind Storm Worm 169
jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"
The CIA's been making some noises about 'cyberwar' (Score:2, Interesting)
St. Petersburg... (Score:2, Interesting)
According to Google maps, St. Petersburg is well within 220 miles of international waters...
If they can get exact coordinates, I can think of a (firing) solution [slashdot.org]
Is this cyber warfare? (Score:5, Interesting)
I'm not saying that's what Russia is actively doing -but what incentive would Putin have to dismantle a tool that could be used so effectively against his -and russia's- enemies?
Re:INVADE (Score:5, Interesting)
Personally, I don't think the solution lies in national-level action. It lies either in economics -- making the business unprofitable -- or if you really want to have James Bond fantasies, in using the very lawlessness of Russia against them. I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment. Certainly within the means of a large community of pissed-off Internet users. It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.
Isn't it Kuvayev and company? (Score:4, Interesting)
Here's the reference to Leo Kuvayev having a role with the storm botnet [securitypronews.com]. Considering the massive amounts of spam that is pumped out for domains that he purchases, it wouldn't surprise me in the least.
Though according to his Crooked [mouzz.com]Registrar [pacnames.com] Partners [todaynic.com], he apparently lives in Finland. Though I somehow doubt that he really owns an entire Finnish city, as his address would have you believe.
Re:Is this cyber warfare? (Score:5, Interesting)
Re:These sorts of stories... (Score:3, Interesting)
The idea that a cyber-attack, whether a worm against individuals or an attack on infrastructure, could be Government-based is not therefore absurd. Clearly, Governments do very nasty things, have very few scruples and are not as accountable as they like to claim. But is it reasonable to blame them?
Not necessarily. Russia is run as much by crime syndicates as by the Government there. Big businesses can hire all kinds of people most would not want to associate with. We can't be sure where the worm comes from - the American Government has admitted it mistook an NMap probe for a Russian attack one time, why should we trust this "knowledge" any more than any of the claims we now know were totally false? And even if the origin was correctly identified, is that the origin of the worm, the hosting country for some zombies, or where someone ssh'ed into?
Even if someone 'fesses up, the number of exaggerated and fraudulent claims made to boost reputations is countless. We can't trust an admission and more than enough time has passed for someone to reverse-engineer the code, so even asking someone to duplicate the worm wouldn't prove a damn thing other than the person has a good memory... or the interrogator ensured the right answer was given. Easy to do, with subtle hints and the careful application of pain.
In short, we will never know the truth of the matter. Consensual reality is the only "reality" we can ever be certain of, including the fact that we can be certain that it's not (objectively) real.
Does it even matter, though? Not really. Better host-level and network-level security would significantly reduce the risks of any future problems. There are plenty of intrusion detection systems that look for abnormal activity and plenty of active HIDS/NIDS that can shut a firewall on an intrusion being detected. Plenty of other ways to keep worms out (or isolate an infected machine).
A complex pattern of incentives (Score:3, Interesting)
The incentive to do it is to try out net sabotage techniques for possible later use in a controlled and deniable way. You don't have the potential embarrassment of trying to do it clandestinely and getting caught. You do it openly but deniably.
The incentive for allowing it is the hope that practice in defense will be more valuable than practice in attack, and that the net will evolve more robust defense systems than if you adopted state measures to prevent it. If you could even find any.
However, what should be somewhat alarming here is that a regime most of whose officials came out of the Soviet equivalent of the Abwehr or the SS should now be in power and conducting a sort of guerrilla war on the West. Never forget, the organizations these guys came out of murdered several times the numbers the Nazis did and operated a camp network many times the size of the Nazi one.
They are not people like us.