Russian Business Network – Organized Cyber Crime HQ

There was a post recently to the StopBadware group by Jart regarding this threat to computer and Internet security.  In my Bulletproof Computer Security class, I discuss how the nature of the security threat has moved from loosely knit groups of kiddie scripters and teenage computer crackers to a highly organized and professionally trained cadre of criminal software writers.  This post, repeated below, also contains links to articles on BlogSpot and Wikipedia.

Jarts post follows:

I hope all have seen the article below, thanks to Verisign / iDefense
(version from Economist) – at last a major has started to "do
something" about these guys, at least inform.  To all webmasters here,
by any estimate the RBN are responsible for maybe 60% of exploits to
"your" website. The more "we" all inform anyone we can get to the

Also for added info go to:

ACCORDING to VeriSign, one of the world’s largest internet security
companies, RBN, an internet company based in Russia’s second city, St
Petersburg, is "the baddest of the bad". In a report seen by The
Economist, VeriSign’s investigators unpick an extraordinary story of
blatant cybercrime that implies high-level political backing.

In one sense, RBN (Russian Business Network) does not exist. It has no
legal identity; it is not registered as a company; its senior figures
are anonymous, known only by their nicknames. Its web sites are
registered at anonymous addresses with dummy e-mails. It does not
advertise for customers. Those who want to use its services contact it
via internet messaging services and pay with anonymous electronic

But the menace it poses certainly exists. "RBN is a for-hire service
catering to large-scale criminal operations," says the report. It
hosts cybercriminals, ranging from spammers to phishers, bot-herders
and all manner of other fraudsters and wrongdoers from the venal to
the vicious. Just one big scam, called Rock Phish (where gullible
internet users were tricked into entering personal financial
information such as bank account details) made $150m last year,
VeriSign estimates.

Despite the attention it is receiving from Western law enforcement
agencies, RBN is not on the run. Its users are becoming more
sophisticated, moving for example from simple phishing (using fake e-
mails) to malware known as "Trojans" that sit inside a victim’s
computer collecting passwords and other sensitive information and
sending them to their criminal masters.

A favorite trick is to by-pass the security settings of a victim’s
browser by means of an extra piece of content injected into a
legitimate website. An unwary user enters his password or account
number into what looks like the usual box on his log-in page, and
within minutes a program such as Corpse’s Nuclear Grabber, OrderGun
and Haxdoor has passed it to a criminal who can empty his bank
account. When VeriSign managed to hack into the RBN computer running
the scam, it found accumulated data representing 30,000 such
infections. "Every major Trojan in the last year links to RBN" says a
VeriSign sleuth.

RBN even fights back. In October 2006, the National Bank of Australia
took active measures against Rock Phish, both directly and via a
national anti-phishing group to which the bank’s security director
belonged. RBN-based cybercriminals replied by crashing the bank’s home-
page for three days.

What can be done? VeriSign has tracked down the physical location of
RBN’s servers. But Western law enforcement officers have so far tried
in vain to get their Russian counterparts to pursue the investigation
vigorously. "RBN feel they are strongly politically protected. They
pay a huge amount of people. They know they are being watched. They
cover their tracks," says VeriSign. The head of RBN goes under the
internet alias "Flyman". Repeated e-mails to RBN’s purported contact
addresses asking for comment have gone unanswered.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.