Profile of the Russian Business Network

The Washington Post has an article detailing what is known of the workings of the Russian Business Network, a shadowy entity based in St. Petersburg that hosts a good fraction of the world's spammers, identity thieves, bot herders, and phishers. RBN is not incorporated anywhere and may not technically even be violating Russian law. It provides "bulletproof hosting" for about $600 a month to a wide range of bad guys.The author of the Post story, Brian Krebs, supplements it with two blog posts. One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results. The other post maps some of the RBN's upstream suppliers and details the extent of the RBN's involvement in recent cyber-attacks: "Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers" in the RBN.

I've been away

[42Penguins]

are we for or against data havens these days?

Re:I've been away

[RsG]

Depends on what they're a haven to, now, doesn't it?

Put another way, anonymity and secrecy can be used for good - anyone living in an oppressive country can attest to that. Or it can be used to send "3n1arg3 y00r p3nis" spam en masse. I think we can agree on the idea that the existence of data havens is a potential godsend, but the misuse of those havens is a huge headache.

Re:I've been away

[Anonymous+Brave+Guy]

I think we can agree on the idea that the existence of data havens is a potential godsend, but the misuse of those havens is a huge headache.

I'm not sure I'd even agree with that. I am pretty much a pragmatist when it comes to on-line anonymity: I think it is, on balance, overwhelmingly a bad thing. Much the same arguments apply to data havens.

Sure, these things can theoretically protects discourse, investigative journalism, whistle-blowing and such in an undemocratic society. However, practice is a long way from theory, and on-line "anonymity" is a long way from on-line anonymity. Does anyone really believe, despite the fact that I post under an alias here, that from a technical perspective my government could not track a post back to me if it really had sufficient motivation to do so? Does anyone really believe that if I had sufficiently sensitive information and stored it on a system hosted in one of these less legally restrictive regimes that the Powers That Be could not track it down and take steps to contain it?

Meanwhile, we have spammers, phishy types such as identity thieves and credit card fraudsters, deceptive folk like inside traders and corporate PR plants, copyright infringers, and countless other people basically abusing a near-anonymous Internet identity and data centres like the one in this article to further their own interests, often at the expense of others... and getting away with it, because no-one has the resources to stop them all reliably.

For what it's worth, I don't like this position. I appreciate the value of free communications, and I'm well aware of the inhibition imposed by having to put your name to something, and the damage this can do in extreme cases. But I also appreciate the value of privacy, and of being left to mind your own business without constantly having to defend yourself from attacks. Until society grows up, learns not to trust information or offers from anonymous sources, and learns to respect sensitive information — and it has a very long way to go to reach that point — I think we'll do a lot better if people on the Internet are not effectively placed above the law and not held accountable for their actions.

Re:I've been away

[superwiz]

Umm, a "copyright infringer" might argue that our copyright laws have been hijacked by private interests and are no longer serving the public good (as the Constitution mandates). Thus he might argue that an anonymous copyright infringement might be an act of civil disobedience. So he would view the ability to do it anonymously precisely as an act of opposing an oppressive government.

Re:I've been away

[Em+Adespoton]

I'm sorry, but civil disobedience usually involves getting intentionally caught and punished for doing something that should not be wrong, thereby bringing public attention to the issue. Anonymity is useful for practising freedoms denied by your government, but it doesn't enable true civil disobedience.

Re:I've been away

[superwiz]

Of course it's not. The default is that something you can't control afterwards (the no copyright case) is worth whatever a single patron is prepared to pay for it, as indeed happened for hundreds of years. If you introduce an alternative economic mechanism through which the costs can be shared, then the product is worth whatever the sum of the individual contributions would be. In either case, if the value of the work at market rates is less than what the work costs to do, allowing for a profit the artist is prepared to accept, then the work won't get done. Naturally, this is wrong. Since it doesn't even explore the current economic model in which the government guarantees producers of content near-perpetual ownership of distribution rights. A system in which "the costs can be shared" as you put it is the one that exists for some blank media in the US but it is certainly not the prevailing system of compensating content producers. But my point was that there are gradations to how much compensation the content producers would be able to achieve through the market forces. These gradations are established by the government through establishing lengths of copyrights, patents, etc. This is why what you said is an absolute rubbish. There isn't 2 possible systems. There are many. Depending on which position the government takes, the market place will establish the price point for the compensation for the value of a particular content. Therefore, the establishment is the ruling force in setting the price on the creative work and the market place is a secondary force in this process.

That is an economic nonsense, and the number of people who repeat it on Slashdot does not change this. We can readily demonstrate this by the fact that if everyone ignored copyrights in this way and the artists received no compensation at all, then the actions of the artists most certainly would change. Your argument holds only as long as a substantial number of people do honour copyright, at which point those who do not are simply freeloaders taking advantage of those who do.

Naturally, this is wrong. You fail to understand the subtlety of the argument. Your argument amounts to "one votes with one's wallet" type of argument. And these arguments always fail when taken to the extreme of "what if everyone did it". The phrase "taking advantage" implies taking proactive steps to secure a situation in which the actions of the counter-party have greater utility than the utility exchanged for them. The pro-active part is where your argument breaks down. Your language implies an intent to force to perform a certain amount work -- the intent which is very likely not there. That's why an individual who (for whatever reason) is not honoring copyright is not "taking advantage" of a content producer, but is rather "not compensating a content-distribution-rights-owner at the level the content-distribution-rights-owner is demanding" -- a much more neutral phrase.

In light of the answer to the previous quote, not honoring the compensation demands made by a content-distribution-rights-owner may very well be an act of everyday civil disobedience (sort of like driving above the speed limit) rather than an act of freeloading (sort of like taking apples from pay-what-you-will basket and not paying).

Re:I've been away

[Anonymous+Brave+Guy]

Naturally, this is wrong. Since it doesn't even explore the current economic model in which the government guarantees producers of content near-perpetual ownership of distribution rights. A system in which "the costs can be shared" as you put it is the one that exists for some blank media in the US but it is certainly not the prevailing system of compensating content producers.

On the contrary. I think one of the main advantages of the copyright idea, perhaps even the most important one, is precisely that it makes it commercially viable for an artist to produce a work that takes a lot of time, wouldn't be worth enough for any single patron to commission it, but is worth a small amount to many people. You can argue, very reasonably, that if copyright is an economic instrument and the value it is generating for the artist is far greater than what would be necessary for them to produce and distribute the work then the balance of the copyright bargain should be adjusted, but this isn't an argument against the principle, it's an argument against the specifics.

By the way, stating that I'm wrong, talking rubbish, and missing the "subtleties of the argument" doesn't really advance the discussion in any useful way. Proof-by-stating-as-fact is a very childlike debating tactic, and I guarantee you it won't cut any ice over here.

You've written quite a lot in reply to my second point, but as far as I can see you haven't said anything that actually counters the basic principle: if you're getting something for free, and others are paying for it, and the only reason you can get it for free is because those others are paying for it, then it is a logical fallacy to argue that because you can have it for free, no-one needs to pay for it. Economics just doesn't work like that. As you say, 'these arguments always fail when taken to the extreme of "what if everyone did it"'. But that is exactly the point! Your argument only works as long as only some people do it, and the work is supported in real financial terms by others. Now, you can call that whatever you like, but it's still taking advantage.

RBL-XBL

[flyingfsck]

It makes a lot of sense to use the Spamhaus RBL to block things in a firewall. If a site is black listed for sending spam, then I don't want any traffic from that site, not email, not web traffic, anything. However, I am not aware of a system that ties an iptables DROP rule to an RBL.

Re:Service provides "shy away" from blocking nets.

[Torvaun]

Like I want AT&T to be able to decide what parts of the internet are "off-limits" to me? Like there's any reasonable way of doing this anyway? The Internet was developed with the goal of routing around broken segments in mind. This is not a problem with a market solution. This is a problem where the U.N. tells Russia to get its shit together, and stop these guys from doing things that piss off the rest of the world. Nigeria can get the same treatment. If there's some other group behind all the foreign lottery scams that are apparently being sent out by botnet, then I'd like to get them locked down too.

As I see it...

[SIGBUS]

IMO, I'd rather do the blocking myself than have AT&T do it for me. That being said, I don't hesitate to block RBN traffic.

I have seen the future.

[superwiz]

There is a good line in Dune -- "You control a mentat by controlling his information." The religious crowd is easily aroused by "think of the children." Apparently, the slashdot crowd needs to hear "think of the spam." This is how the world network for all-to-free an exchange of information will be fractured. You just need to find a hot-button issue for every crowd and they'll scream for the separation along national borders on their own (thinking it's their own idea).

A good number of the posts so far propose blocking Russia altogether. Because there is no "business" done with Russia. Aha. But that means no Russian news. No access to chats with Americans for Russians. Hell, the new Russian order couldn't dream of a better situation. Not only do they get not to have their citizens interact with Americans freely, but they also don't have to be the bad guys in it. The Jefferson quote states that giving up freedom for a little bit of security will cause one to lose both. But why go that far? "little bit of security" is not even necessary as the price. Apparently a little bit of expediency is enough.

It's censorship and xenophobia even if you can make a Yakov Smirnoff joke of it. Sorry, but this time, the boogie man is you!

Re:One Nuke

[JoshJ]

Actually, a bomb blowing up the entire Microsoft complex, killing everyone involved in Windows (but nobody else) would produce a massive demand for jobs in the IT sector, programming sector, pretty much every technical field you can think of. Apple, Red Hat, Sun, Oracle, Novell, and so on would see massive gains in profits. The Rest Of The World (TM) would take relatively small hits- those who are still on XP would stay on XP (and start a Mac or Linux migration plan instead of a Vista one), those who have finished their Vista migration would be in good shape for a few years until it's time for their next hardware upgrade, and those who are in the middle of a switchover to Vista may well get totally fucked, depending on how they're doing it. It wouldn't be pretty in the short term, but it'd be survivable, and it's likely that replacing the monoculture with diversity would result in long-term economic gains due to competition. I actually think gaming companies would get hit the hardest, I have no idea how hard it is to take a game coded for Vista/360 and port it to another console. It's probably still a drop in the bucket of the greater economy. The biggest hit would probably be Wall Street investment bankers and so forth, but that's a single immediate hit, and not something that has a long-lasting effect. (A long-lasting effect would be something like a calamitous food shortage, sudden oil shortage, whatever; that results in an immediate hit followed by a long period of economic inefficiency because of a lack of resources for other industries to continue their business.)

Re:One Nuke

[setagllib]

That's pretty optimistic. We're talking about a software industry where it takes many companies years just to update their compiler version, saying nothing of their entire operating platform, not even considering migrating to a completely different platform (Linux, MacOSX, whatever) which Microsoft deliberately stays incompatible with. So an optimistic estimation for Linux to replace Windows, if it's the only way to survive at all, would take a good 5 years or so.

In the meantime you'd have a bunch of half-assed ports using winelibs and Mono and similar rubbish, which makes the situation even worse than a Windows-dominant one. Some companies would bomb entirely, although that's just good old natural selection. And unlike the current legacy software which is being replaced, some of the half-assed solutions may stay 'good enough' to never be replaced at all, much like how the Windows platform is dominated now. Windows Vista still has the kernel hook to cmd.exe for chrissakes. Is this an industry that could survive a bomb?

The alternative is to fix the patent system, impose anti-monopoly restrictions on Microsoft, and other regulatory changes to allow competition to take over naturally, and let the market adapt on its own. This is the sort of evolution that led to such strong competition in the PC hardware industry, without any bombs and without long gaps of horrible inefficiency and regression.

Re:One Nuke

[h4rm0ny]

That's a variant on the broken window fallacy. The idea that breaking somebody's windows is a good thing because it creates work for the glazier, the police, etc. It only works from an internal viewpoint that is based on the relative distribution of wealth. Taking a broad overview of society as a whole, it's pretty plain to see that the total wealth has gone down. It's the same sort of protectionism as farm subsidies. It may keep people in work but its at the cost of having an inefficient, bloated economy. Far better than to create jobs through needless destruction and inefficiency, is to create jobs by aiming higher and achieving more as a society.

Re:Czar (wannabe) Putin had better . . .

[superwiz]

Because we are not talking about taking out a spam shop. After he learns how to take out an ISP for the purposes of stopping spam he will use the same expertise to take out ISP that enable his opposition. I just don't see how an expertly tyrant is better than an incompetent one.

RBN not just for spammers

[madsheep]

I have see a few posts that seem to zero in on RBN and SPAM. Unfortunately, if you read the article or at a slightly familiar with RBN, you would know it's a whole lot worse than that. An extremely large and extremely disproportionate amount of the hosts in the RBN ranges house malware, virues, trojans, command and control sites (for bots), and child pornography -- in addition to the SPAM issues. It really is a bad place on the Internet; one of if not he worst. If you are at an organization where you can block them, you should if not at least check your logs and see if your hosts are going there and why.

Re:Just block Russia

[Reaperducer]

How many of us have to do business with Russian sites?

You might be surprised. I know I was.

I started blocking Russian, Nigerian, and other addresses from one of the forums I run. It's just a community forum for people in Houston, Texas. In a matter of hours I started getting complaints from regular users who I didn't realize were expat oil execs and workers in Russia, Nigeria, etc... who used my forum to keep up on things going on at home.

The lesson I learned is that even if I can't imagine why someone would want something doesn't mean it isn't something someone would want.