A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be building a new home for itself elsewhere on the Web.
The Russian Business Network, an ISP and Web hosting provider long based in St. Petersburg, Russia, this week relinquished most of its allocated Internet addresses after a number of its main upstream Internet providers severed ties with the group.
The disappearance of RBN comes less than a month after I wrote a series of stories detailing the organization and history of the shadowy ISP. That series examined RBN's infamy as a world hub for Web sites devoted to child pornography, spamming and identity theft, a so-called "bulletproof hosting" provider to some of the most sophisticated cyber criminal networks in operation today.
Within 24 hours of that Oct. 13 story, RBN's biggest upstream provider -- Tiscali.uk -- began refusing to route Internet traffic for RBN, according to several security experts. Days later, the second of RBN's three main upstream providers -- C4l -- dropped the Russian ISP as a customer.
Then, on Nov. 4, nearly all of the most troublesome Web sites on RBN's network went dark. The following day, RBN relinquished control over Internet space that hosted thousands of domains connected to countless fraud schemes over the years.
While RBN may appear to have been vanquished, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. If Spamhaus's assumptions are correct, RBN's new home would include several times more additional Web hosting capacity than its previous location in Russia.
Not everyone is willing as yet to attribute the Chinese address registrations to RBN. Matthew Richard, director of the rapid response team for iDefense, a security company owned by Verisign, said it's too soon to draw that connection definitively. But according to Richard, RBN's customers began preparations for moving to other providers shortly after The Post published my RBN story.-----------------
We might be winning the battle, but the war is far from over....
No comments:
Post a Comment