Friday, August 15, 2008

Georgia and the RBN

The RBNexploit blog has been relaying messages from the Georgian government while their webservers came under sustained DDOS (distributed denial of service) attack during the Russian offensive. This post also explored the status of this cyber attack and investigated its sources.

The Russian Business Network (RBN) has been called the "baddest of the bad". Spamhaus describes them as follows:

Among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks. Provides "bulletproof hosting", but is probably involved in the crime too.
More than half of all internet related crime is linked to this shadowy organisation. A detailed, 70 page, study by David Bizeul can be downloaded from here (pdf, 1.5MB).

The RBN began as a legitimate business and was set up by computer science graduates, not career criminals. Originally based in St Petersburg, the RBN has been expanding and shifting during the past year as efforts have been made to shut down their upstream bandwidth - one supplier of connectivity was the UK based Tiscali.

RBNexploit's tracing focused on a domain called ‘stopgeorgia.ru’, also using ‘stopgeorgia.info’ as a redirect. Though primarily hosted by a company called Softlayer, in Plano, Texas (said to be a hosting organisation associated with malware), the domain registrations are associated with the following address: 29 Kompozitorov St., Saint Petersburg, RU. For observers of the RBN, this address rings a bell.

Dancho Danchev doubts that the RBN is directly responsible for the attacks on Georgia, sensing instead both widespread Russian 'hacktivism' and also what he described in a piece at ZDNet, in the context of the defacement of the Georgian President's website, as "a three letter intelligence agency’s propaganda arm".

Clearly, attribution will be difficult to prove. But there are significant possible implications, beyond further proof that cyber warfare is becoming a part of mainstream international conflict.

The RBN has been linked, vaguely, to Russian politics, partly on the basis that, it has been argued, they could not operate in Russia as they have were it not for mainstream political support, and partly because there have been suggestions that the founder of RBN is the nephew of a prominent Russian politician.

In the other direction, even without formal RBN involvement, these cyber attacks against Georgia have included people using tools developed and distributed by the RBN, and Danchev was implying, at ZDNet, that a state intelligence agency played at least some part in the campaign.

This means there are suggestions that most of the world's cyber crime shelters beneath some form of Russian political protection, and that some cyber attacks conducted by or in support of the Russian state have been facilitated by the world's worst cyber criminals.

Discussion about the legitimacy of the actions of the Russian government in Georgia might benefit from a broader consideration of the question: what sort of state interacts with cyber crime in these ways, and to this degree?

1 comment:

Anonymous said...

you really should provide some references for an 'article' like this. without those the statements are just ignored.