Russian hacker gang vanishes again, day after moving to China

Latest RBN vanishing act leaves researchers scratching their heads

The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again, researchers said late Friday.

The latest disappearing act of the Russian Business Network (RBN) has left researchers scratching their heads. "Where have they gone, that's the question," said an analyst at VeriSign's iDefense Labs unit who wanted to remain anonymous, leery of retribution from the gang. "What's really interesting is how fast they shut everything down."

IDefense had tracked RBN's migration earlier in the week from servers based in Russia to ones running in China. On Tuesday, RBN's Russian servers went dark as the group relinquished control of its assigned IP addresses, effectively severing its connection to the Internet. By Wednesday, however, RBN had relocated to China and Taiwan after obtaining at least seven net blocks of Chinese IP addresses, said iDefense. According to the security intelligence firm, as of Wednesday, RBN controlled 5,120 IP addresses assigned to Chinese service providers; known RBN clients were even seen using those addresses that day.

But with its China move putting media and security community spotlights on the organization, RBN suddenly went offline on Thursday, said the analyst. "They severed connections to six of the seven net blocks on November 8," the analyst said.

The analyst speculated that while RBN's operators might dismiss the unflattering stories as attacks meant to discredit Russia and its president, Vladimir Putin, the attention was definitely unwelcome. "If their clients are afraid to use them," said the analyst, "it becomes a real issue of finances for RBN."

Security professionals have long alleged that RBN's clients are almost exclusively spammers, hackers, identity thieves, money mule operators, child pornographers and other criminals who have used its network to host malicious Web sites packed with malware or as the launching pad for spam campaigns and denial-of-service attacks. "These people don't like attention," said the analyst.

RBN has tried to deflect that attention before. In mid-October, the group spoke with a Western news organization for the first time when it told Wired that it was a legitimate business and that it was considering suing The Spamhaus Project, a well-known antispam organization, for blacklisting its IP addresses. Two days later, CNews Russia ran a story within the country that claimed the RBN allegations were fabrications meant to smear Putin.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: ACT, iDefense, PLUS, VeriSign
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers

4 things to do now to get ready for the Internet of Things

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia