Russian Hacker Gang Vanishes Again

← Back to Stories (view on slashdot.org)

Russian Hacker Gang Vanishes Again

Posted by kdawson on Monday November 12, 2007 @06:35PM from the now-you-see-'em dept.

Arashtamere writes "The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again. An analyst at VeriSign's iDefense Labs unit said iDefense had tracked RBN's migration earlier in the week from servers based in Russia to ones running in China, after obtaining at least seven net blocks of Chinese IP addresses. As of Wednesday, RBN controlled 5,120 IP addresses assigned to Chinese service providers; known RBN clients were even seen using those addresses that day. But with its China move putting the spotlights of the media and the security community on the organization, RBN suddenly went offline on Thursday. 'They severed connections to six of the seven net blocks on November 8,' the analyst said. RBN as a single organization may be dead and gone; it may even now be breaking up into smaller pieces farmed out to multiple countries' Internet infrastructures."

64 comments

Hunt them down... big blocks of IP space = obvious by compumike · 2007-11-12 16:52 · Score: 4, Insightful

It seems like having all of your traffic on seven well-defined subnets is an easy way to make all of your activity really obvious.

But hey, at least these guys are being pursued and thwarted. There are way too many hackers and script kiddies out there who need to get their butts kicked one and become productive members of society with their skills. This is an important lesson and it comes at a price, but ultimately we need to convert these people to use their technical knowledge for good. By making it harder and harder for the underworld to survive, the economic benefits of that lifestyle become overshadowed by its risks. This will bring these people out into the light, and hopefully both reduce the economic pain they cause with their mischief, and also let them contribute constructively.

--
Educational microcontroller kits for the digital generation.
Alternative Theory: Russian Mafia Groups by reporter · 2007-11-12 17:03 · Score: 5, Interesting

There may be another possibility. With so much unwanted attention in the media, the Russian Business Network (RBN) may voluntarily have broken up into numerous small groups. In much the same fashion, the alumni of the KGB have broken up into numerous small cliques. Each clique is essentially a mafia gang with a strongman as boss and wields considerable power.
As the Kremlin moves into cyberspace, each KGB clique will want a "piece of the action" and has absorbed some alumni of the RBN. In the 21st century, even the Russian mafia needs an online presence.
nice... by djupedal · 2007-11-12 17:03 · Score: 1

It doesn't take a rocket scientist to figure out that setting up inside China was bound to be a bit of a bad move...

Might as well hang out a sign... ---> R U S S I A N -- B O T N E T -- M A S T E R S -- H E R E ! ! !
1. Re:nice... by renegadesx · 2007-11-12 17:21 · Score: 0, Offtopic
  
  Well in Soviet China the sign would read....
  
  Botnet Masters...
  
  Oh, nevermind
  
  --
  Make SELinux enforcing again!
Re:You never know.... by insertwackynamehere · 2007-11-12 17:11 · Score: 2, Insightful

dapper.. AW HELL NO theyre using outdated ubuntu distros just when we thought this couldn't get any worse
Don't be so fast by DNS-and-BIND · 2007-11-12 17:15 · Score: 5, Informative

Well, based in China as I am, I can think of another reason the RBN stayed here for a few days and then quit. The internet connection to the outside world is horribly slow! I regularly get modem speeds when using US-based sites such as slashdot. If file transfers go above 10k/s then I'm ecstatic. I can't imagine that spammers would be happy with slow connections. I had a Nordic businessman ask me for some consulting recently. I talked to him, and he said that the internet was too slow between there and Denmark, and could I fix it? I just rolled my eyes and told him to talk to either Hu Jintao or the Ministry of Propaganda and Information...

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
1. Re:Don't be so fast by S3D · 2007-11-12 18:00 · Score: 1
  
  I think it's not specific to China, but to many non-developed or semi-developed countries. In Israel outside connection for average home broadband also 10k/s at best. A lot worse usually.
2. Re:Don't be so fast by Chief+Wongoller · 2007-11-12 18:34 · Score: 4, Interesting
  
  Well, actually I'm in China too. The interesting aspect of internet access in China is that ISPs here always provide much higher upload speeds than download speeds, by a ratio of about 3 or 4 to 1. This is to serve the interests of Chinese exporters, by making Chinese based websites more accesable to the outside world. That is to say the internet in China is more about exporting data -good or bad- rather than importing. So China is rather a logical location for those hackers, especially as policing of the internet here is almost non-existant ( no fears about P-2P downloading here).Incidentally, download speeds, while slower than North America or Europe are not always painfully slow. Speed depends largely on where you live: I live a a modern building in a modern city and can get download speeds of 100k/s no problem.
3. Re:Don't be so fast by DNS-and-BIND · 2007-11-12 20:32 · Score: 1
  
  Yeah...100k/s to sites inside China. I'm talking about overseas.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
4. Re:Don't be so fast by Anonymous Coward · 2007-11-13 06:04 · Score: 0
  
  Very true. I live in Algeria, D: 128kB U: ~355kB !
5. Re:Don't be so fast by Anonymous Coward · 2007-11-13 14:23 · Score: 0
  
  They went on Vacation - They are setting up house in South Korea or India.
Re:Hunt them down... big blocks of IP space = obvi by djupedal · 2007-11-12 17:21 · Score: 1

Major! There's something else.

Six men...wearing US issue Army boots.

They came in from the west and followed the Russian hacker gang out to the south.

We move! 5 meter spread...no sound!
Applauds headline by Trogre · 2007-11-12 17:24 · Score: 1, Funny

While I'm not sure it's a good thing that this hacker network has vanished, I am still pleased with the headline using the term 'hacker' correctly.

Perhaps we are finally ready to put the misnomer 'cracker' to rest once and for all.

Now I feel like a bit of cheese...

--
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
1. Re:Applauds headline by Nazlfrag · 2007-11-13 01:55 · Score: 1
  
  Damn straight. A cracker is someone who penetrates tight layers of security to crack (hence the name) vaults containing large deposits of valuables. I never saw the correlation with computer crime, it's just not there.
Not that bad if you know who to ask... by djupedal · 2007-11-12 17:31 · Score: 2, Informative

When I moved into an apartment in Shenzhen, the landlord had already initiated internet service. Problem was, it was the entry-level package, and yes, it was slow. If I wanted speed, I had to wait until I went into the office.

All I had to do was contact China Telecom and ask to move up to the next tier. Throughput was doubled by the afternoon. And my billing dropped by 30% per year. Much better...
Re:You never know.... by Zorque · 2007-11-12 17:34 · Score: 0, Offtopic

Diaper sap?
Re:Hunt them down... big blocks of IP space = obvi by gordgekko · 2007-11-12 17:37 · Score: 1

There's something out there waiting for us, and it ain't no man. We're all gonna die.

--
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
yeah? by dropadrop · 2007-11-12 17:45 · Score: 1

So how has this affected spam and cyber crime? It would be interesting to see if these networks vanishing has any affect.
1. Re:yeah? by Joebert · 2007-11-12 18:03 · Score: 2, Interesting
  
  Sure it does, it makes way for competitors.
  
  Being a botmaster looks alot like being a drug dealer, & that's what happens with drug dealers.
  
  --
  Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Re:Alternative Theory: Russian Mafia Groups by Xachariah · 2007-11-12 18:06 · Score: 2, Funny

The internet is a dangerous place. You don't pay your protection money and things could happen. Packets get dropped all the time you know.
Use their skills? by XNine · 2007-11-12 18:08 · Score: 1

Isn't it funny? Hackers and social engineers can make 4 times what you or I do as long as they A: Cause a shit storm, B: Get caught. How many other types of criminals can actually get away with this, well, besides politicians? I bet they were never really even in China. These guys obviously know their shit, they could be in Mexico hanging out at Senior Frogs knocking back shooters while controlling a bunch of zombie machines for all we know.

--
Never monkey with another monkey's monkey.
1. Re:Use their skills? by bombastinator · 2007-11-12 19:59 · Score: 2
  
  A: Just about any other white collar criminal who steals enough to make the maximum fine seem like nothing in comparison. Most major wall street crooks for instance. White collar crime is like that unfortunately.
Re:Hunt them down... big blocks of IP space = obvi by cHiphead · 2007-11-12 18:46 · Score: 1

Rawn! Get too tha choppahhhh!

--

This is my sig. There are many like it, but this one is mine.
Curious... by SanityInAnarchy · 2007-11-12 19:14 · Score: 2, Interesting

I'm curious, is Slashdot not censored?

I imagine if you're having to go around that, it might slow things down a bit.

--
Don't thank God, thank a doctor!
1. Re:Curious... by kamapuaa · 2007-11-12 19:29 · Score: 0, Flamebait
  
  No, Slashdot isn't censored in China, it's just a bunch of man-children whining about the RIAA after all. I'm in Shanghai, and I use the lowest-level broadband, and I'm way faster than 10k/ to the US...but yeah, it's not for US sites as actually being in the US.
  
  --
  Slashdot: providing anti-social weirdos a soapbox, since 1997.
2. Re:Curious... by nihaopaul · 2007-11-12 20:58 · Score: 1
  
  can you access http://rss.slashdot.org/ ? i'm in shanghai too on china telecom 512/512 line (can't upgrade without my landlords id card.. i tried the shouting and screaming approach..highly entertaining)
  
  but to be honest, at a rate of 50rmb/ip/month for a server in china, thats an expensive 7 netblocks! prehaps if you register for a /24's then it isn't that bad, but by ip, its pricey.
3. Re:Curious... by EugeneK · 2007-11-12 22:52 · Score: 0, Offtopic
  
  it's just a bunch of man-children whining about the RIAA after all
  
  i lol'ed. kudos sir! hen hao.
4. Re:Curious... by SanityInAnarchy · 2007-11-13 05:12 · Score: 1
  
  I would think that this topic would contain enough references to democratic thoughts and ideals (occasionally) to be censored, at least partly.
  
  Also, you're a troll. I almost wish you were censored.
  
  --
  Don't thank God, thank a doctor!
5. Re:Curious... by kamapuaa · 2007-11-13 05:37 · Score: 2, Insightful
  
  No, really, it wasn't trolling. I enjoy Slashdot but it boils down to people talking about science-fiction movies, discussing new techie gadgets, constantly whining naively about US laws and cell phone coverage (???) with a pathetic groupthink (well I don't love that part), and various topics that really the Chinese government could care less about. Considering it doesn't block most foreign newspapers, articles like this, and is especially lax with foreign-language media, why should the PRC care about Slashdot?
  
  --
  Slashdot: providing anti-social weirdos a soapbox, since 1997.
6. Re:Curious... by KDR_11k · 2007-11-13 07:13 · Score: 1
  
  I have this hunch that they don't censor foreigners. Taht way those foreigners don't get a bad impression of the country and it's not like they don't have "evil" information in their heads already.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
MOD PARENT DOWN by Anonymous Coward · 2007-11-12 19:57 · Score: 0

for muddying the waters

hacker means someone who writes software
cracker means a computer based criminal

i think there's a difference...
1. Re:MOD PARENT DOWN by Trogre · 2007-11-13 11:27 · Score: 1
  
  Erm, no. What makes you think that dubious jargon compilation is authorative?
  
  Hackers are people who use computers to break into other computers. Crackers are traditionally served with cheese.
  
  Some people who write programs (programmers) like to be called hackers so they can liken aspects of themselves to the cool guys (hackers) but they're still just programmers.
  
  And don't get me started on white hat vs black hat.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Uh oh, Russian Hacker Gang... by adatepej · 2007-11-12 20:36 · Score: 1

Vanishes Again, and continues hacking while invisible -- that's right, just like before, they'll continue hacking. And they're using new IP's!

How unusual.
MOD PARENT DOWN by Alphager · 2007-11-12 20:41 · Score: 0

While I'm not sure it's a good thing that this hacker network has vanished, I am still pleased with the headline using the term 'hacker' correctly.

Perhaps we are finally ready to put the misnomer 'cracker' to rest once and for all.

Quit being an assclown and re-learn your vocabulary: hacker: http://www.catb.org/jargon/html/H/hacker.html cracker: http://www.catb.org/jargon/html/C/cracker.html
Re:Alternative Theory: Russian Mafia Groups by Anonymous Coward · 2007-11-12 20:43 · Score: 2, Interesting
You have already established yourself as a Pole. You post surprisingly much anti-Russian fud on /. for a single person:
- The Space Race is a Rich Nation's Game
- Russians in the West Remain Russians
- Russian Police Psychiatry: Scarier than Halloween
- An American Episode of Russian Fascism
- Bloomberg: Why is Russia in the G-8?
- Controlling the Russian Beast
(BTW, all of these posts show how little you know about Russia)
Do you have an agenda or something?
Or are Poles so stuck in history that it's their new fetish now: ruining US/EU relationships with Russia?
alll your... by cheekyboy · 2007-11-12 21:01 · Score: 0, Offtopic

Russian bases belonga to Kazakhstan, the greatest kuntry on a Earth.

Hi Five.

Yakshi Mash.

--
Liberty freedom are no1, not dicks in suits.
Duh. by gnn_geeknotnerd · 2007-11-12 21:32 · Score: 1

Hey, Really? No shit. If you are doing a bunch of stuff you don't really want taken notice of, having the mass media saying "Hey look, they're in China and have these netblocks!" could be bad . It also stands a chance of coming to the notice of someone in a position to do something about it - also not good from the hackers' point of view.

--
That is not dead which can eternal lie, And with strange aeons even death may die.
Botnets/SETI/Folding@Home by ThirdPrize · 2007-11-12 21:40 · Score: 1

Apart from how they get on the machine in the first place, I guess these clients all work in similar ways? Central controller sends work out to distributed workers, who do their thing and then report back for more work. I guess botnets are a bit more cunning as they have to hide and can change jobs/controllers/whatever.

--
I have excellent Karma and I am not afraid to Troll it.
Which netblocks? by Cow+Jones · 2007-11-12 23:49 · Score: 1

Can you tell us which 7 netblocks they are (were) using, so that we can block them on our firewalls?

All that I could find was the fourth comment to this article, in which a /20 block is mentioned. The article itself was previously linked on Slashdot; it's about a sysadmin who decided to block the RBN's address ranges and was rewarded by a noticable drop in compromised customer boxes.

--

Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
1. Re:Which netblocks? by SIGBUS · 2007-11-13 01:44 · Score: 2, Informative
  
  Although the list contains more than just RBN-related netblocks, the Spamhaus DROP List is your friend.
  
  --
  Oh, no! You have walked into the slavering fangs of a lurking grue!
Re:Alternative Theory: Russian Mafia Groups by Anonymous Coward · 2007-11-13 00:25 · Score: 0

Packets? I believe you mean "internets."
Re:Alternative Theory: Russian Mafia Groups by mikael · 2007-11-13 01:16 · Score: 3, Funny

That's a nice set of shiny tubes you have there sonny, We wouldn't want anything to happen to them now, would we?

--
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Re:Hunt them down... big blocks of IP space = obvi by Anonymous Coward · 2007-11-13 01:21 · Score: 0

Who says they're not using it for good, already...? What is "good"?
Re:Hunt them down... big blocks of IP space = obvi by Pichu0102 · 2007-11-13 01:49 · Score: 1

Except people who get caught don't turn to good, they generally get thrown in the prison system for years where they grow even more contempt for humanity than they did before.
Again? by dasroot · 2007-11-13 02:00 · Score: 1

That was quick, must've used Atlas Van Lines. Or maybe they just used Brown. They can move stuff FAST!

Hopefully they will move to Afghanistan or Iraq, they will bomb them.
Re:Hunt them down... big blocks of IP space = obvi by argiedot · 2007-11-13 03:00 · Score: 1

I agree, we shouldn't have stopped all those Folding@Home programs they were running. I mean, why else would they need so many computers?
The game continues... by damn_registrars · 2007-11-13 03:09 · Score: 1

As long as they can find complacent registrars and ISPs to propagate their system. They left Russia when the heat was turned up on their hosting / registration providers there. At least the companies in Russia speak English - or at least admit to knowing enough English to respond to complaints from the US. So then the hacker gang packed up and went to China, where the companies get away with pretending to not speak English, in spite of hosting sites in English and selling domains with English language registration data.

Exactly what drove this most recent move I don't know yet. It will be interesting to see where they pop up next. I wouldn't be surprised if they even just decided to take a little "cooling off" period, and we'll see them there again shortly.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
russia and china arent friends by peter303 · 2007-11-13 04:07 · Score: 1

They've had wars several times in the 20th century due to border disputes. Right now both sides make lots of money and the friction is way down, but underlying tension may still be there.
China could close down these business whenever it sees a need.
Re:MOD PARENT HUMOURLESS by Mister+Whirly · 2007-11-13 04:29 · Score: 1

*Whoosh!*

Look into this.

--
"But this one goes to 11!"
The rules of RBN by Anonymous Coward · 2007-11-13 08:49 · Score: 3, Funny

The first rule of RBN is, you do not talk about RBN.

The second rule of RBN is, you DO NOT talk about RBN.

If something says BSOD, goes coredump, logs out, the crack is over.

Two crackers to a host.

One crack at a time.

No GUIs, no frameworks.

Cracks will go on as long as they have to.

If this is your first account at RBN, you have to crack.
Re:Hunt them down... big blocks of IP space = obvi by Buran · 2007-11-13 15:27 · Score: 1

What's that from?

--
i am a soviet space shuttle
So We Moved To China... by Anonymous Coward · 2007-11-13 21:59 · Score: 0

To get increased upload speeds or to create a distraction..? Maybe they just got fed up of the Russian winter and went on holiday!
Re:Hunt them down... big blocks of IP space = obvi by gordgekko · 2007-11-14 11:29 · Score: 1

Predator

--
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
In other news... by LINM · 2007-11-15 03:20 · Score: 1

(AP News) Guanzhou China - 35 unidentified bodies found in a ditch in China's Guangzhou province. The bodies are Caucasian and appear to be of Russian decent. Their are signs of abuse on the bodies, but the local police have no information on the subject.

---
The Chinese are known for quick justice. One possible outcome.

--
Hunger is the best sauce.