The Russian Business Network is a notorious cyber crime organization sometimes refered to as untraceable and also the proud creators of the Storm Botnet.
Based in St. Petersburg; Russia, they sneaked into the cyber world masquerading as internet service providers for spam, malware, phishing and child pornography. Over the years the crime syndicate has developed partnerships and marketing formulas all over the globe, thus giving them a much larger target. The RBN caters exclusively to all the 'wannabe' cyber criminals out there, specializing in offering web hosting services and internet access, making an average profit of $150,000,000 per year. Last year Symantec reported that approximately half of the world's phishing attacks were traced back to servers run by the RBN.
So why haven't these criminals been locked up already? Tracking down the RBN is a mission and a half! First off, all the company is not registered and all its domains are registered to anonymous addresses. Secondly, the owners of the business are known only by their nicknames. An last but no least the company no form of advertising, and only trades in untraceable electronic transactions. Talk about a covering your tracks!
In the past business have tried to make an active stand against RBN attacks but soon realized it would be better to just not get involved when the RBN turned on then with Denial of service attacks (DoS attack), this is when the targeted company's internet site or service is prevented from functioning effectively. The RBN's latest method of attack is through the advertising of fake, free anti-spy and malware. Unsuspecting users then click on download unknowingly giving the attackers full access to their PC, many times resulting in Identity theft.
Internet providers that provided services to RBN, included Tiscali.uk, SBT Telecom, Aki Mon Telecom and Nevacon LTD. This is not to say that the service providers were aware of or condone any illegal activity by RBN or RBN's customers. Users soon began to add already identified IP addresses of RBN and partners on their firewalls in order to block them from entering their PC's. below are a few of the said IP addresses.
Russian Business Network:
81.94.144.94
81.94.155.6 80/tcp
81.94.144.6
SBT Telecom, Nevacon & Tiscali.uk:
81.95.156.34
194.146.204.6 80/tcp
89.149.186.77
By the 7th of November 2007, the RBN officially went of the air. From the early days of the month of Oct. RBN slowly crept out of the picture as each of it's upstream providers, one by one, stopped routing internet traffic for them. Then out of the blue RBN discarded all control it had over the IP blocks it was allocated making it impossible for anyone to access their domains. Some believe that the RBN went under cover out of fear, after the FBI director Robert Mueller spoke about the internationalization of cyber crime and its threat to the political and economic stability of the United States. But alas, it seems, this is not the end of the RBN as it seems they have simply relocated to... China?!
Investigators assisting the Georgian government recently admitted that many network attacks, military network attacks included, are coming from China. They suspect RBN are involved because the attacks have used the IP addresses and servers that belong to ISPs like RTCOMM, which were previously employed by the RBN. Never-the-less we are unable to verify if the RBN is really involved, because they stopped using those servers in 2007. Will the RBN ever resurface again? Only time will tell.
User Comments