It is impossible to discuss the overall tapestry of cybercrime without mentioning the Russian Business Network, or RBN.
The cybercrime world belongs to RBN, all other criminal orgs just party there.
Based out of St. Petersburg, the RBN sets up shell corporations which spawn 'rogue' internet service providers who are responsible for the vast majority of malware and spam on the internet at any given time.
If its ugly and it takes place online, RBN have a finger in the pie, if not an entire fist. One RBN backed crew, called the Rock Group, pulled down $150 million dollars in 2008 through spam/phishing alone. Phishing, btw, is the art of tricking people into thinking they are providing sensitive details regarding their ID or financial details to a trusted source. Clumsy examples of phishing are those emails from your bank requesting you provide your SSN, account details, login, and password despite half the words in the subject line being misspelled. Sophisticated examples of phishing are the ones you dont notice until you notice until your bank account is gutted.
RBN deploys far less subtle means to get your money, however. If youre a business, you might get a polite email requesting a small sum to prevent a denial of service attack. Ignore it, and you indeed get your business dropped from the internet by a huge volume of incoming traffic from RBN botnets, which in and of itself can cost more in bandwidth fees than the original extortion request. Then another email arrives, the price goes up, and the duration of the attack becomes longer. Most people simply pay if they cant afford sophisticated measures to mitigate those attacks.
On a more personal front; perhaps you have been getting popups on your computer, suggesting you have an infection and require a specific security product to address it?
The good news is that its not lying, you do have an infection.
The bad news is that the people who infected you are now selling you security software.
The *very* bad news is that the software they are selling installs even more malicious software on your computer.
All this happens without you needing to install anything, btw. Just viewing a compromised web server can install the rogue software.
Another instant classic; you view a website that tricks your browser into installing rogue security software that quickly encrypts every file in your home directory, and offers to decrypt them for a small sum of money. This attack is becoming increasingly common.
And before you think that the RBN crews are behind all this directly, rest assured that for about $600, you can rent a portion of the RBN's massive fleet of botnets to distribute spam, malware, rogue security software, child pornography, or denial of service attacks from.
The technical sophistication of their network makes it virtually impossible to stamp out any one source of hostile traffic for long.
Recently, the HostExploit.com traced a huge volume of spam to a Silicone Valley ISP called McColo, Inc. Over the course of their investigation, they discovered, incredibly, that *half* the worlds spam, malware, shell corp payment processors, fake security products, and child pornography was being hosted off of botnets controlled or hosted by McColo.
Once Hurricane Electric pulled the plug on McColo, the volume of spam being sent on the internet fell by over 50% within minutes:
What is most telling however is that within weeks, the overall volume of spam on the internet recovered.
And to top it all off, top lawyers are now reaching the startling conclusion that RBN itself *might not even be in violation of any laws*! By "hosting" this content and taking money from "clients" for it, RBN might actually not be liable.
Such is the sophistication of the RBN. When discussing pragmatic security, it pays to understand what one is up against. These people are experts in making money.
If they found a folder in C:\Program Files called PokerStars, how long do you think it would take for them to target you?
These are people who will send out billions of spam and phishing attacks to random email addresses because .001% of them will yield results. They are apex predators and they *will* exploit you given the opportunity, and they will do it in a way that you probably wouldnt even notice. They wont be calling shoves on the river with 10 high. They will simply be that quiet regular you just cant seem to get a winning session against. They wont even need to log into your account, why risk getting the money confis.cated before they can even transfer it off the site?
To understand the nature of RBN is to appreciate the need for vigilance, and for embracing the need to treat online poker like exactly what it is; a financial transaction no less sensitive or tempting as a bank account.
Jun 5 2009, 04:17 PM
