The Russian Business Network, or RBN, has been described as “the baddest of the bad”. Based in St. Petersburg Russia, it offers web hosting services and Internet access to all kinds of criminal organizations who conduct objectionable activities such as (but not limited to) spamming, child pornography, malware, software piracy vaults, phishing, and yes, identify theft. More recently it has developed partner and affiliate marketing techniques in many countries to provide a method for organized crime to target victims internationally. For as little as $600 per month, it will host any criminal organization willing to pay for the service and in return, offers them “bulletproof hosting”. Its global cybercrime activities are estimated by the US Treasury to be worth more than the global illegal drugs trade – more than $100 billion a year. Businesses and security firms that take active stands against such attacks are immediately targeted by denial of service attacks originating in the RBN network. It is believed that even our virus and security software companies are terrified of their retributions.
Going back several years (RBN has previously gone under the names TooCoin Software, ValueDot, SBT Telecom Network, Russian Business Network, Aki Mon Telecom, Rusouvenirs Ltd., Too coin Software Limited, TcS Network, First Connect Telecom Limited Inc., WDC Communications), the business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses (and in many cases change dynamically every hour). Its owner is known only by nickname (aka “Flyman”). It does not advertise, and trades only in untraceable electronic transactions. And most notably, it has intimate ties to the Russian government – the owners of the RBN are known to have close relatives in prominent positions within the Russian government.
The Storm Network
One of the most interesting components of RBN is its “Storm network” made possible by the Storm worm software and its components. This truly terrifying entity is thought to be more powerful than all the supercomputers on the planet put together, a fact that must surely cause great concern for United States security officials. The powerful network of bots has already proven its worth by knocking entire countries offline (after a prominent Russian statue was removed against the public’s wishes) and even the University of California network (after UC began investigating the Storm network). Researchers have noted that any sort of online investigative work into their activities, results in an almost immediate “automated” Internet attack in return.
That the Storm network is operated by RBN is inarguable, but U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. Dmitri Alperovitch, director of intelligence analysis and hosted security for San Jose, Calif.-based Secure Computing,, blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. “The right people now know who the Storm worm authors are,” Alperovitch said. “It’s incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.”
The Storm botnet or Storm worm botnet is a botnet, a group of “zombie” computers controlled remotely by the “bad guys”. In September 2007, it was estimated to run on as many as 1 to 50 million computer systems linked by the Storm Worm, a Trojan horse that has spread through E-mail spam throughout the years. The Storm botnet was first identified around January 2007, with the Storm worm at one point accounting for 8% of all malware on Microsoft Windows computers.
The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, and is estimated to be able to potentially execute more instructions per second than some of the world’s top supercomputers. Used in a variety of criminal activities, the Storm botnet has displayed defensive behaviors, that indicated its controllers were actively protecting the botnet against attempts at tracking and disabling it. The botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the botnet. It was revealed by one security expert, Joe Stewart, that in late 2007 and early 2008, the operators of the botnet began to further decentralize their operations, in possible plans to sell portions of the Storm botnet to other operators. The United States Federal Bureau of Investigation considers the botnet a major risk to increase bank fraud, identity theft, and other cyber crimes.
Having no official web site, this unchartered company gains new customers through discrete online forums. New customers must prove they are not government officials acting in disguise, by proving that they are criminal. Most often, this “proof” takes the form of demonstrating active involvement in the theft of consumers’ financial and personal data. Once a person sets up a criminal RBN site, they are free to operate as they see fit, under the complete protection of the RBN company.
It was noted in early 2008 that RBN activities made it appear that they may be moving or reorganizing operations. Whether this is a physical move (some surmise they may move operations to China) or a logistical change in operations is not yet known.