Based on the experience of community-based disruption of the RBN (Russian Business Network), the U.S. Federal Bureau of Investigation (FBI) and the U.K.’s Serious Organised Crime Agency (SOCA) have teamed up to further disrupt organized cybercrime operations.
At the RSA Europe Conference last week, Andy Auld of SOCA and FBI special agent Keith Mularski (famous for the shutdown of CarderPlanet) made a presentation on joint operations to disrupt organized cybercrime.
The duo said organized crime will be squeezed in a clampdown on criminal enterprises operating through the Internet under the guise of legitimate businesses.
Additionally, Auld and Mularski intimated that RIPE NCC, the European and Middle Eastern IP network registry that operates under ICANN, "could be seen as being involved in money laundering offences" for taking money from RBN for IP addresses.
In a press release, RIPE defended its position, saying that “any connection with criminal activity, or RBN itself, is completely unfounded” and that RIPE works “closely with relevant criminal investigation bodies.”
However, RIPE was the entity that provided the RBN with the ASN and IP ranges it used in the first place.
And depending on which definition of RBN you use, the network and its cyber crime “Partnerka” affiliates are very much alive and kicking, albeit in modified or cellular form.
As Auld and Mularski described at RSA last week, the RBN was shielded by its legitimate business fronts -- e.g., St Petersburg Telecom -- and as an accredited local internet registry (LIR) where cybercriminals were able to host illegal sites and run a network of criminal activities ranging from scams, phishing, and malware to child pornography.
All the time, behind the scenes, police and legal authorities in St. Petersburg were being paid to turn a blind eye to illegal operations; and they thwarted any efforts by Western law enforcement to carry out satisfactory investigations.
Western undercover operations did manage to follow the criminal activities of the gang on its local soil for a short time, observing that its preferred method of transport around St. Petersburg was in an armoured Audi8 -- rather suspiciously always accompanied by a Range Rover.
"This was a well organized organization, not a cottage industry,” Auld explained. “RBN was the e-crime component in a wider criminal portfolio.”
So now the big question: Is the noose really tightening around the neck of these criminal gangs?
Well, it’s clear that the most important issue is that linchpins of the Internet infrastructure, such as ICANN, RIPE, and ISPs, must be accountable for their actions. It is reassuring to know that SOCA and the FBI are working with RIPE and ICANN to prevent future allocation of IP addresses to sites hosting illegal content and scams.
Even better, however, is the FBI and SOCA’s intention of bringing to account the payment systems such as WebMoney and Liberty Reserve, which are notorious for openly supporting money laundering for cybercriminal activities.
It is also imperative to bear in mind that, currently, cybercrime operations are run in a hierarchical cell structure. Example: escrow services run by administrators controlling membership and taking a cut from the profits while site management is in the hands of reviewers (capos) who work closely with the hackers, carders, and data thieves. So any action has to be taken at various levels of the cybercrime pyramid simultaneously.
All in all, and reading between the lines of the presentation, this should be viewed as a great step forward, essentially because it was made clear that the FBI and SOCA have realized the inevitable -- i.e., that prosecution of such organized cybercrime groups as RBN is virtually impossible, due to their location. However, they can be disrupted and dismantled piece by piece.
— Jart Armin, Editor of RBNexploit.com, a watch blog on the infamous RBN (Russian Business Network), and HostExploit.com
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
