Network News

X My Profile
View More Activity

The Russian Business Network Responds

An individual claiming to represent the Russian Business Network has denied media reports (including a Washington Post story I wrote that ran last week) the company provides Web hosting services to numerous cyber criminal operations.

Experts quoted in my story and others, the RBN representative said, were essentially wrong in their assessments. The response via a Wired.com article by Ryan Singel, wherein a guy calling himself Tim Jaret had this to say:

"We can't understand on which basis these organizations have such an opinion about our company," Jaret of the Russian Business Network told Wired in an e-mail interview. "We can say that this is subjective opinion based on these organizations' guesswork."

Jaret told Wired that RBN has made efforts to respond to complaints of wrongdoing on its network. RBN's representative said the organization even tried unsuccessfully to work with anti-spam group Spamhaus, which currently includes all 2,048 of RBN's Internet addresses on its blacklist of known bad guys. Spamhaus says RBN is "noted for continuously hosting child pornography, malware, phishing and cybercrime, and it details information suggesting ties between known spammers and the St. Petersburg-based ISP.

First of all, Spamhaus doesn't so much work with ISPs and known malicious hosting providers as it does eventually de-list those that clean up their act. The fact that RBN's networks have been so prominently listed on Spamhaus' various blacklists for so long suggests that a great deal of malicious activity is still emanating from the organization's various networks.

Faced with such statements, perhaps it makes sense to ask which of the two scenarios seems more likely: That dozens of the world's leading computer crime and Internet security experts are simply wrong in pinning this activity on sites hosted by the Russian Business Network? Or that RBN is simply trying to throw up a smoke screen?

John Bambenek, a security incident handler with the SANS Internet Storm Center, which tracks hacking trends, called RBN's belated defense laughable.

"They're about as misunderstood as a senator soliciting sexual favors in an airport bathroom," Bambenek said. "When most of the world's cyber-miscreants are paying 10 times more for hosting on your network, you don't attract the business by accident"

Bambenek is referring to the starting prices that security giant Verisign said RBN charges for so-called "bulletproof hosting," or Web hosting for illegal sites that remain reachable regardless of the level of legal or technical pressure brought to bear on them. As I noted in my story, $600 is about ten times the amount most legitimate Web hosting providers charge per month for a dedicated Web site.

Jaret from RBN told Wired that the organization in fact "doesn't have any more criminal activity on its network than any other provider, and it responds to abuse reports submitted via e-mail and a telephone hotline. He claims the organization closes criminals' sites down within 24 hours of notification."

Interestingly, a tidbit from my interview with a Verisign analyst that didn't make it into the final story indicates that rather than shutting down domains that generate complaints, RBN has in the past chosen simply to up the price charged to the criminal groups that have rented Web space from the network.

Perhaps the most telling statement from RBN thus far comes at the end of the Wired article, in which Wired News asked RBN to provide the URLs for some legitimate customers. "Jaret says he couldn't oblige -- for legal reasons."

By Brian Krebs  |  October 16, 2007; 3:45 PM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Schwarzenegger Vetoes Retail Data Security Bill
Next: The Carrot & Stick Approach to Internet Pollution

Comments

Yah, sounds like RBN is claiming the "wide stance" defense! The evidence speaks for itself.

"If it walks like a duck and quacks like a duck, I would call it a duck."

Posted by: TJ | October 16, 2007 6:50 PM | Report abuse

What did you expect them to do? They are criminals.

Posted by: Steve Ballmer | October 16, 2007 7:50 PM | Report abuse

'Tim Jaret' sounds neither Panamanian nor Russian. ;)

Posted by: Rick | October 17, 2007 12:57 PM | Report abuse

If RBN's claims are true, they are onto the world's greatest marketing magic -- charging ten times the going rate for a network that is blacklisted world-wide. With RBN in charge of real estate marketing in the US, every homeowner would become an instant millionaire!

Posted by: Craig Herberg | October 17, 2007 1:12 PM | Report abuse

It appears you may have hit a nerve. Good job, BK!! On the other hand, I'd be watching my back, if I were you. Sounds to me like millions may be at stake here. In DC, as you know, folks are whacked merely for their tenny-runners.

Posted by: Pete from Arlington | October 18, 2007 11:55 AM | Report abuse

I block all 4096 of RBN'S addresses from both inward and outward directions. I quess that I just don't believe what they say about themselves. I don't intend to get caught up in their activity in any way!

Posted by: DOS | October 29, 2007 8:54 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company