Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Government Politics

We Know Who's Behind Storm Worm 169

Posted by kdawson from the can-you-spell-rule-of-law dept.
jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"
This discussion has been archived. No new comments can be posted.

We Know Who's Behind Storm Worm More

We Know Who's Behind Storm Worm

Comments Filter:

  • The CIA's been making some noises about 'cyberwar' (Score:2, Interesting)

    by KublaiKhan ( 522918 ) on Tuesday January 29, 2008 @03:16PM (#22225070) Homepage Journal
    Does this count as 'cyberwar'? I see great potential for making lots of money^W^W^W^Wpatriotically serving the country by grafting in a Bureau of Cyberdefence into the Department of Homeland Security...

  • St. Petersburg... (Score:2, Interesting)

    by MiniMike ( 234881 ) on Tuesday January 29, 2008 @03:17PM (#22225114)

    According to Google maps, St. Petersburg is well within 220 miles of international waters...

    If they can get exact coordinates, I can think of a (firing) solution [slashdot.org]

  • Is this cyber warfare? (Score:5, Interesting)

    by RLiegh ( 247921 ) on Tuesday January 29, 2008 @03:18PM (#22225126) Homepage Journal
    Seriously ...could the whole point of this -from the Russian perspective at least, be that they can use or hire their local blackhats to wreak economic and/or civil damage (eg what happened to estonia) pretty much at will?

    I'm not saying that's what Russia is actively doing -but what incentive would Putin have to dismantle a tool that could be used so effectively against his -and russia's- enemies?

  • Re:INVADE (Score:5, Interesting)

    by Quadraginta ( 902985 ) on Tuesday January 29, 2008 @03:33PM (#22225344)
    It's more complicated than that. There are actually pressures that the US could bring to bear on the Russians, but they've chosen not to deploy them in this case, and have chosen to merely rely on asking for cooperation, because it isn't that big a deal to the US economy or other national interests, either.

    Personally, I don't think the solution lies in national-level action. It lies either in economics -- making the business unprofitable -- or if you really want to have James Bond fantasies, in using the very lawlessness of Russia against them. I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment. Certainly within the means of a large community of pissed-off Internet users. It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.

  • Isn't it Kuvayev and company? (Score:4, Interesting)

    by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Tuesday January 29, 2008 @04:13PM (#22225902) Homepage Journal
    I had read through the Wikipedia [wikipedia.org] page on Leo Kuvayev [wikipedia.org] that he may be (one of the?) main guy(s) behind the storm worm botnet.

    Here's the reference to Leo Kuvayev having a role with the storm botnet [securitypronews.com]. Considering the massive amounts of spam that is pumped out for domains that he purchases, it wouldn't surprise me in the least.

    Though according to his Crooked [mouzz.com]Registrar [pacnames.com] Partners [todaynic.com], he apparently lives in Finland. Though I somehow doubt that he really owns an entire Finnish city, as his address would have you believe.

  • Re:Is this cyber warfare? (Score:5, Interesting)

    by moderatorrater ( 1095745 ) on Tuesday January 29, 2008 @04:15PM (#22225950)

    I'm not saying that's what Russia is actively doing
    Actually, I'd go ahead and take that step if I were you. Allofmp3 was shut down by the Russians for doing something that was borderline legal in Russia. We have hackers doing something that (I presume) is illegal in Russia not being shut down by the Russians. While it's possible that it just so happens that a group of hackers working for the Russian mafia just happened to create a worm with great strategic importance to the Russians, great enough to withstand pressure from the international community, I find it more likely that they actively supported it.

  • Re:These sorts of stories... (Score:3, Interesting)

    by jd ( 1658 ) <imipak@yahoGINSBERGo.com minus poet> on Tuesday January 29, 2008 @11:40PM (#22230732) Homepage Journal
    Which is why I said that it does indeed happen. It really does. Government activities, especially, tend to be highly secretive and Governments around the world have all been guilty of crimes. The British Government last year admitted to torturing and murdering German civilians in an undisclosed prison in London shortly after World War II. Notice the "after" bit. At least one political refugee in London has been killed by a poisoned needle on an umbrella. The South African Government provided a journalist's children with poison-soaked t-shorts. (Rest in peace, Donald Woods.) Then there's the drug-dealing that was used to help fund the arms-for-Iran fiasco.

    The idea that a cyber-attack, whether a worm against individuals or an attack on infrastructure, could be Government-based is not therefore absurd. Clearly, Governments do very nasty things, have very few scruples and are not as accountable as they like to claim. But is it reasonable to blame them?

    Not necessarily. Russia is run as much by crime syndicates as by the Government there. Big businesses can hire all kinds of people most would not want to associate with. We can't be sure where the worm comes from - the American Government has admitted it mistook an NMap probe for a Russian attack one time, why should we trust this "knowledge" any more than any of the claims we now know were totally false? And even if the origin was correctly identified, is that the origin of the worm, the hosting country for some zombies, or where someone ssh'ed into?

    Even if someone 'fesses up, the number of exaggerated and fraudulent claims made to boost reputations is countless. We can't trust an admission and more than enough time has passed for someone to reverse-engineer the code, so even asking someone to duplicate the worm wouldn't prove a damn thing other than the person has a good memory... or the interrogator ensured the right answer was given. Easy to do, with subtle hints and the careful application of pain.

    In short, we will never know the truth of the matter. Consensual reality is the only "reality" we can ever be certain of, including the fact that we can be certain that it's not (objectively) real.

    Does it even matter, though? Not really. Better host-level and network-level security would significantly reduce the risks of any future problems. There are plenty of intrusion detection systems that look for abnormal activity and plenty of active HIDS/NIDS that can shut a firewall on an intrusion being detected. Plenty of other ways to keep worms out (or isolate an infected machine).

  • A complex pattern of incentives (Score:3, Interesting)

    by Budenny ( 888916 ) on Wednesday January 30, 2008 @03:02AM (#22231698)
    One imagines there may be a complex pattern of incentives. RBN for these purposes should be considered a deniable branch of the Russian state.

    The incentive to do it is to try out net sabotage techniques for possible later use in a controlled and deniable way. You don't have the potential embarrassment of trying to do it clandestinely and getting caught. You do it openly but deniably.

    The incentive for allowing it is the hope that practice in defense will be more valuable than practice in attack, and that the net will evolve more robust defense systems than if you adopted state measures to prevent it. If you could even find any.

    However, what should be somewhat alarming here is that a regime most of whose officials came out of the Soviet equivalent of the Abwehr or the SS should now be in power and conducting a sort of guerrilla war on the West. Never forget, the organizations these guys came out of murdered several times the numbers the Nazis did and operated a camp network many times the size of the Nazi one.

    They are not people like us.

Slashdot Top Deals

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford

Close