The Russian Business Network Responds
An individual claiming to represent the Russian Business Network has denied media reports (including a Washington Post story I wrote that ran last week) the company provides Web hosting services to numerous cyber criminal operations.
Experts quoted in my story and others, the RBN representative said, were essentially wrong in their assessments. The response via a Wired.com article by Ryan Singel, wherein a guy calling himself Tim Jaret had this to say:
"We can't understand on which basis these organizations have such an opinion about our company," Jaret of the Russian Business Network told Wired in an e-mail interview. "We can say that this is subjective opinion based on these organizations' guesswork."
Jaret told Wired that RBN has made efforts to respond to complaints of wrongdoing on its network. RBN's representative said the organization even tried unsuccessfully to work with anti-spam group Spamhaus, which currently includes all 2,048 of RBN's Internet addresses on its blacklist of known bad guys. Spamhaus says RBN is "noted for continuously hosting child pornography, malware, phishing and cybercrime, and it details information suggesting ties between known spammers and the St. Petersburg-based ISP.
First of all, Spamhaus doesn't so much work with ISPs and known malicious hosting providers as it does eventually de-list those that clean up their act. The fact that RBN's networks have been so prominently listed on Spamhaus' various blacklists for so long suggests that a great deal of malicious activity is still emanating from the organization's various networks.
Faced with such statements, perhaps it makes sense to ask which of the two scenarios seems more likely: That dozens of the world's leading computer crime and Internet security experts are simply wrong in pinning this activity on sites hosted by the Russian Business Network? Or that RBN is simply trying to throw up a smoke screen?
John Bambenek, a security incident handler with the SANS Internet Storm Center, which tracks hacking trends, called RBN's belated defense laughable.
"They're about as misunderstood as a senator soliciting sexual favors in an airport bathroom," Bambenek said. "When most of the world's cyber-miscreants are paying 10 times more for hosting on your network, you don't attract the business by accident"
Bambenek is referring to the starting prices that security giant Verisign said RBN charges for so-called "bulletproof hosting," or Web hosting for illegal sites that remain reachable regardless of the level of legal or technical pressure brought to bear on them. As I noted in my story, $600 is about ten times the amount most legitimate Web hosting providers charge per month for a dedicated Web site.
Jaret from RBN told Wired that the organization in fact "doesn't have any more criminal activity on its network than any other provider, and it responds to abuse reports submitted via e-mail and a telephone hotline. He claims the organization closes criminals' sites down within 24 hours of notification."
Interestingly, a tidbit from my interview with a Verisign analyst that didn't make it into the final story indicates that rather than shutting down domains that generate complaints, RBN has in the past chosen simply to up the price charged to the criminal groups that have rented Web space from the network.
Perhaps the most telling statement from RBN thus far comes at the end of the Wired article, in which Wired News asked RBN to provide the URLs for some legitimate customers. "Jaret says he couldn't oblige -- for legal reasons."
October 16, 2007; 3:45 PM ET
Categories: Fraud , From the Bunker
Save & Share: Previous: Schwarzenegger Vetoes Retail Data Security Bill
Next: The Carrot & Stick Approach to Internet Pollution
Posted by: TJ | October 16, 2007 6:50 PM | Report abuse
Posted by: Steve Ballmer | October 16, 2007 7:50 PM | Report abuse
Posted by: Rick | October 17, 2007 12:57 PM | Report abuse
Posted by: Craig Herberg | October 17, 2007 1:12 PM | Report abuse
Posted by: Pete from Arlington | October 18, 2007 11:55 AM | Report abuse
Posted by: DOS | October 29, 2007 8:54 PM | Report abuse
The comments to this entry are closed.