Russian hacker gang goes dark to relocate; may be moving to China
Infamous Russian Business Network 'down, not out,' says researcher
Computerworld - The Russian Business Network (RBN), a notorious hacker and malware hosting organization that operates out of St. Petersburg, Russia, has gone off the air, security researchers said today.
According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they've been voluntarily withdrawn.
"This is not the result of someone, such as their ISP, blackholing their traffic," Ferguson continued. "This was done voluntarily." Another report, however, on The Washington Post's Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.
By relinquishing control of the IP blocks it had been allocated, RBN essentially cut ties to the Internet and made it impossible for its domains -- which number in the thousands -- to access the Web or for users to reach those domains. "Where once there might have been 22 feasible paths for data to take to their IP blocks, now there are none," Ferguson said.
He speculated that RBN is simply shifting to new digs, diversifying its considerable back-end infrastructure, trying to lay low or all of the above. "No one knows why they've done this, but I think they're down, not out," he said.
Jamz Yaneza, a Trend Micro research project manager, agreed. "We're seeing signs of RBN-like activity elsewhere, in Turkey, Taiwan and China. RBN may be moving to places even more inaccessible to the law [than Russia]. Everyone knows they were in St. Petersburg, but now they're changing houses, changing addresses."
RBN has been fingered as the source of a multitude of attacks, including last month's rigged-PDF blitz that used a vulnerability in Windows to drop malware on unsuspecting users who opened specially-crafted PDF-formatted documents. In September, security researchers blamed the gang for infecting customers of the Bank of India with a wide variety of malicious code when they visited the bank's hacked site.
But while RBN may be diversifying its assets -- "piecemealing," Ferguson called it -- it's unlikely to be gone long. "I can't believe they'd walk away from the money. Thinking that they're shutting shop is just naive."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The value of smarter oil and gas fields With global energy requirements continuing to rise, the exploration, development and production of new oil and gas resources are shifting to increasingly challenging...
- Smarter Environmental Analytics Solutions: Offshore Oil and Gas Installations Example This IBM Redbooks® Solution Guide describes a solution for implementing smarter environmental monitoring and analytics for oil and gas industries. The solution implements...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Cybercrime and Hacking White Papers | Webcasts