The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted

cybercrime Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or Computer network, networks. It has been variously defined as "a crime committed on a computer network, especially the Internet"; Cyberc ...

organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of the PHP-based

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

kit MPack and an alleged operator of the now defunct Storm botnet. The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an

Internet service provider An Internet service provider (ISP) is an organization that provides a myriad of services related to accessing, using, managing, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, no ...

for

child pornography Child pornography (also abbreviated as CP, also called child porn or kiddie porn, and child sexual abuse material, known by the acronym CSAM (underscoring that children can not be deemed willing participants under law)), is Eroticism, erotic ma ...

phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...

spam Spam most often refers to: * Spam (food), a consumer brand product of canned processed pork of the Hormel Foods Corporation * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ...

, and

distribution physically based in St. Petersburg,

Russia Russia, or the Russian Federation, is a country spanning Eastern Europe and North Asia. It is the list of countries and dependencies by area, largest country in the world, and extends across Time in Russia, eleven time zones, sharing Borders ...

. By 2007, it developed partner and

affiliate marketing Affiliate marketing is a marketing arrangement in which Affiliate (commerce), affiliates receive a wiktionary:commission, commission for each visit, signup or sale they generate for a merchant. This arrangement allows businesses to Outsourcing, ...

techniques in many countries to provide a method for

organized crime Organized crime is a category of transnational organized crime, transnational, national, or local group of centralized enterprises run to engage in illegal activity, most commonly for profit. While organized crime is generally thought of as a f ...

to target victims internationally.

Activities

According to internet security company VeriSign, RBN was registered as an

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and Internet access to a wide range of criminal and objectionable activities, with individual activities earning up to $150 million in one year. Businesses that take active stands against such attacks are sometimes targeted by

denial of service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...

attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month. The

business Business is the practice of making one's living or making money by producing or Trade, buying and selling Product (business), products (such as goods and Service (economics), services). It is also "any activity or enterprise entered into for ...

is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions. One increasingly known activity of the RBN is delivery of exploits through fake anti-spyware and anti-malware, for the purposes of PC hijacking and personal

identity theft Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. ...

. McAfee SiteAdvisor tested 279 “bad” downloads from malwarealarm.com, mentioned in the Dancho Danchev referenced article, and found that MalwareAlarm is an update of the fake anti-spyware Malware Wiper. The user is enticed to use a “free download” to test for

spyware Spyware (a portmanteau for spying software) is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's securit ...

on their PC; MalwareAlarm then displays a warning message of problems on the PC to persuade the unwary web site visitor to purchase the paid version. In addition to MalwareAlarm, numerous instances of rogue software are linked to and hosted by the RBN. According to a since closed Spamhaus report, RBN is “Among the world's worst spammer,

and

hosting networks. Provides ' bulletproof hosting', but is probably involved in the crime too”. Another Spamhaus report states, "Endless Russian/Ukrainian funded cybercrime hosting t this network" October 13, 2007, RBN was the subject of a ''

Washington Post ''The Washington Post'', locally known as ''The'' ''Post'' and, informally, ''WaPo'' or ''WP'', is an American daily newspaper published in Washington, D.C., the national capital. It is the most widely circulated newspaper in the Washington m ...

'' article, in which Symantec and other security firms claim RBN provides hosting for many illegal activities, including

and

Routing operations

The RBN operates (or operated) on numerous Internet Service Provider (ISP) networks worldwide and resides (resided) on specific IP addresses, some of which have Spamhaus blocklist reports.

Political connections

It has been alleged that the RBN's leader and creator, a 24-year-old known as Flyman, is the nephew of a powerful and well-connected Russian politician. Flyman is alleged to have turned the RBN towards its criminal users. In light of this, it is entirely possible that past cyber-terrorism activities, such as the denial of service attacks on Georgia and Azerbaijan in August 2008, may have been co-ordinated by or out-sourced to such an organization. Although this is currently unproven, intelligence estimates suggest this may be the case.

References

External links

Spamhaus
– Rokso listing and description of RBN activities
RBN Study
- bizeul org - PDF
Shadowserver
- RBN as RBusiness Network AS40898 - Clarifying the guesswork of Criminal Activity - PDF {{Hacking in the 2000s Computer security in Russia Cybercrime Internet fraud Rogue security software Factions of the Russian Mafia Spammers

Activities

Routing operations

Political connections

See also

References

External links