Russian Business Network (RBN): The Dark Hackers

Russian Business Network

Russian Business Network

The Internet has always been presented like a two face coin. One faces the brighter side of the Internet, and other the darker side. The brighter side is the one which see normally like the pace and growth in economy as well knowledge sharing. But the darker side, slowly and steadily got back into pace and is spreading like a plague in the cyber world. And now this darker side has turned into much better stealth and organized cyber crime. Cyber criminals have formed their networks, their own networks of darker things. Identity theft including credit card details, online shopping details, self and social networking identity, etc are on extreme heights these days. Today we will uncover before you one such that the world knows. This network runs organized cyber crime. The network has been named Russian Business Network or RBN. Today we will uncover you the underground world of cyber crooks, what’s it’s all about and how they commit these crimes.

The Russian Business Network registered itself as an internet company since on 2006. The company worked honestly and most of its offerings were legitimate and trustful. But they also soon got caught into the roots of organized cyber crime. The company started offering services to cyber criminals. Today this company provides hosting services to all crime based activities and criminals. The hosting has all unethical content which is used to carry out cyber crimes and make the black money. The estimated turnover is expected to be around somewhat $ 150 million. The earning can be more than this. This is just a rough estimation. Even after all this, the operations are carried out very silently and calmly. The business and the operations are untraceable or difficult to trace. It is not even a registered company, and so its domains are registered to anonymous addresses. Its owners don’t have such any proven identity and are known only by nicknames. They also do not advertise, and trades only in untraceable electronic transactions. These extra abilities make them untraceable and they are successful in making big black earnings. Few ISPs said to provide network to RBN are, SBT Telecom, Aki Mon Telecom and Nevacon LTD. There attacks have ranged widely and have also reached Indian cyber boundaries. The famous Bank Of India website compromised was also said to be carried out under RBN’s hood. The BOI attack was carried out using MPack, a PHP base malware kit created by the cyber criminals. This was an exploit consisting of various browser based exploit. Once the victim visits the infected website, the exploit were send to the victim browser. After successful exploitation, the victim system configured with password stealing software, hence leading into identity theft. This was a small depiction of how this gang operated successfully. Porn, explicit content hosting is also said to be associated with this network. The Storm Botnet is also said to be a part of RBN operation. This botnet had a strong network of 50 million infected systems. It spread through malicious mail. Thus, RBNs small know operations are enough to depict how strong the network is.

The office of RBN is said to be located at 12 Levashovskiy Prospect,197110 Saint-Petersburg, Russia. They have been blamed as the “worst of the worst” and are said to be involved in 60% cyber crimes over the internet. Fake Anti-virus, software like audio codec extra has been primary weapons of RBN to infect machines and gain access to personal information. Law enforcement agencies say these kinds of Internet companies are able to thrive in countries where the rule of law is poorly established. Weak cyber law and no proper law enforcement actions make this network more strong and hence the carry out attack very easily. The network has no official Web site of its own; those who want to buy its services must contact its operators via instant-messaging services or obscure, Russian-language online forums. Customers also must have to prove that they are not law enforcement investigators pretending to be criminals. Most often this proof is taken from the form of demonstrating active involvement in the theft of consumers’ financial and personal data. A cyber-criminal who clears these hurdles can rent a dedicated Web site from the Russian Business Network for about $600 a month. According to several private-sector security experts, U.S. federal law enforcement agencies have tried unsuccessfully to gain the cooperation of Russian officials in arresting the individuals behind the company and shutting it down.

A bring reason behind this could be political involvement in RBN. Bribing and money offering at bureaucracy level has well backed and help these kinds of campaigns to evolve and carry out their operations. It’s said, that RBN is run by a Russian person named “Flyman”. He is believed to be the nephew of a powerful and well-connected Russian politician. This connection reveals how big this network could be when we think about it in-terms of cyber terrorism and cyber warfare. It is said that RBN could have been involved in cyber attacks on South Ossetia, Georgia, and Azerbaijan. These attacks were carried out during the famous 2008 attack where the human conflict took turn and got notification in cyber space too.  In the past, security experts from US have tried to stop and block this network. Put the effort seems to be endless because of wide spread hosting and numerous attacks becoming stealth day by day. Perhaps the solution lies not in broad, sweeping restrictions such as blocking protocols or prohibiting certain types of technical behavior. It lays in providing more user-centric controls that give users more power to protect themselves without restricting access.

 Author: Prashant Uniyal

Originally published in Hacker5 Magazine.