We Know Who's Behind Storm Worm

← Back to Stories (view on slashdot.org)

We Know Who's Behind Storm Worm

Posted by kdawson on Tuesday January 29, 2008 @07:04AM from the can-you-spell-rule-of-law dept.

jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"

21 of 169 comments (clear)

Min score:

Reason:

Sort:

Surely You Jest by rshol · 2008-01-29 07:10 · Score: 5, Insightful

Corrupt Russian Government officials in collusion with shady Russian underworld types? Who'd a thunk it?
1. Re:Surely You Jest by Anonymous Coward · 2008-01-29 07:59 · Score: 2, Insightful
  
  Yeah because by saying "russian government officials corrupt" you deny any other country having corrupt governments. One does not exclude the other, you know.
cronyism by wealthychef · 2008-01-29 07:10 · Score: 4, Insightful

Shocking! You mean the criminal friends of powerful politicians don't get prosecuted in Russia? Good thing that never happens here!

--
Currently hooked on AMP
INVADE by Bastardchyld · 2008-01-29 07:13 · Score: 5, Insightful

I say we invade...

U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia...

No seriously though. This is no suprise. We can pretend that the US and Russia are the best of friends but in reality these kinds of situations will continue to happen. What is the Russian Governments incentive to take care of this issue. Like it or not it is good for their economy.

--
$diff terrorists hippies
$
$rm -rf *terrorists *hippies
1. Re:INVADE by Anonymous Coward · 2008-01-29 07:38 · Score: 2, Insightful
  
  I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.
  
  Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.
Reminds me of the '20s in the US by coolmoose25 · 2008-01-29 07:15 · Score: 2, Insightful

Except in this case the Federal Gov't doesn't send in Elliot Ness... It sends in... well... nobody.

--
Brawndo: It's what plants crave!
It's Russia !! What do you expect !! by Anonymous Coward · 2008-01-29 07:16 · Score: 0, Insightful

It's Russia !! What do you expect !! American ideals and values ?? It's full of wussies looking for their daily bread, and couldn't care less about anything but that !!
Re:In Soviet Russia... by morgan_greywolf · 2008-01-29 07:17 · Score: 2, Insightful

More like:

In Soviet Russia, the RBN owns the government!

--
My blog
These sorts of stories... by jd · 2008-01-29 07:23 · Score: 4, Insightful

...are always a little suspicious. Either the person/gang is pretty obviously a very minor fish in a pond filled with Megalodon sharks, or the person/gang is conveniently impossible to reach. Not that this won't happen, but it's pretty much public knowledge that international gangs operate in the US and Europe with impunity. The odds that this one gang only exists in this one place doesn't fit what is known about Russian gangs or, indeed, what is known about cyber organizations of any kind. This sounds far too much like a call to inaction, a bid to avoid doing anything serious.
(Besides, if a minimum level of computer security was mandated, and critical machines were kept off public networks, cybercrime, worms and viruses would be reduced in quantity and effectiveness. The Government has a position open for Internet Czar - why is it not filled and why isn't it being used to push the importance of network security? Hell, I'd put in for the job if I thought I'd have a whelk's chance in a supernova of either getting it or getting heard afterwards.)

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
1. Re:These sorts of stories... by PCM2 · 2008-01-29 08:38 · Score: 3, Insightful
  
  They also have many of the earmarks of urban legends. "We know exactly who is responsible" -- OK, then, what are their names? Where are their photographs? Surely the Russian government wouldn't deny a simple request for criminal conviction records, if we asked nicely. If that's too much to ask, then what are the names of the agents at the FBI and other U.S. law enforcement and intelligence agencies who have information on the perpetrators? Are they unwilling to speak anonymously, even?
  
  Just because a few people conspired to do something doesn't mean your explanation is not just another conspiracy theory.
  
  --
  Breakfast served all day!
Naah, isolate instead by gorbachev · 2008-01-29 07:39 · Score: 2, Insightful

I've said this before, so excuse me for sounding like a broken record.

What needs to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

The reason why I'm advocating this is because what the Russian cybercriminals are doing is not just criminal, but more importantly threatening the Internet infrastructure itself. There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.

Since that's unlikely to happen unless the Russian criminals do something extraordinarily stupid (like successfully attacking several Western states directly), the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council, ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.

The state sponsored welfare program for the benefit of Russian mafia gotta stop. Every year billions and billions of dollars of OUR money is being transferred with the silent blessing of Russian Government to the Russian mafia and other criminal elements in Russia. I don't know what else to call that but a global welfare program.

--
In Soviet Russia, I ruled you
1. Re:Naah, isolate instead by Dogtanian · 2008-01-29 08:48 · Score: 4, Insightful
  
  What needs [my emphasis] to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.
  Really, do you actually think about the practicality or plausibility of implementing your ideas in the real world?
  
  This not only *won't* happen (as you acknowledge) but *can't* heppen without locking down the US's (or whoever's) part of the Internet so much that the cure will be worse than the disease. Even if you stop direct links to the US net, you won't be able to stop every peering point between Russia and elsewhere. It's going to be impossible to stop indirect traffic. Criminals will just figure a way around your idea of blocking Russian traffic that hides their true location. Since they have access to lots of compromised PCs in numerous countries that's one obvious route. The other obvious solution is to cut a deal- "legal" or "illegal" by whatever measure- with a third party in a third country that isn't blocked. Good luck figuring which connections are legitimate and which are proxies for the criminals.
  
  And even if you block all *those* countries, they'll do it in two hops via a fourth country- so unless you have a 100% agreement between "good countries" and they have a 100% watertight block against traffic from the "bad" countries, you can't do it.
  
  I'll tell you now that (a) You won't get such an agreement and (b) If you did, you still wouldn't be able to make sure that those countries' defences were watertight to your standards. So the only way to get what you want is to block all non-US traffic (assuming you live in the US) to an incredible degree. And this still probably won't work.
  
  Your naivety and the flaw in your argument can be summed up by this phrase:-
  
  the responsible part of the Internet
  As if the Internet can be obviously (and easily) partitioned off into "responsible" and "irresponsible" parts! Even if it could, so long as either "part" is too big too isolate completely from the other, you can't stop traffic flowing. Therefore, there's only *ONE* Internet.
  
  And it's not like that; the whole thing is just shades of grey; the US part might be more "responsible" by your measure, but it's still far from perfect.
  
  There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.
  Yes, and your easier-to-come-up-with-on-Slashdot-than-it-is-to-actually-implement-it idea isn't one of them.
  
  the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council
  Yeah, it's that simple when you're a tough-talking behind-the-keyboard would-be-diplomat/politician.
  
  Bottom line, I'm not justifying what Russia is doing, or how they're behaving, but your solutions are naive and clumsy in the extreme. The West isn't going to isolate Russia further (which Putin would probably be quite happy with) and risk escalation of political and military tensions simply to stop some crime which- although admittedly serious and large-scale- still doesn't warrant anything like that risk.
  
  ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.
  Oh noes!!!!!11111
  
  And that's why you're neither a diplomat or a politician. You think that such petty retribution would work and Putin would say "You're right! I'll do exactly what you say". Not a bloody chance. This is just the Slashdot equivalent of some guy down the pub/bar saying how he'd put the world to rights.
  
  Putin would set his face against the West further (wh
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
2. Re:Naah, isolate instead by Dogtanian · 2008-01-29 10:29 · Score: 3, Insightful
  
  I'm fully aware nothing that I propose is ever going to happen Sorry to break this to you, but whilst political apathy on this issue may be a problem, it's not the main reason your suggestion should (and would) be ignored. It's because it's badly thought out and unworkable.
  You don't have to be 100% successful with cutting them off the net. Just enough so that it's going to be very inconvenient for Russians to access anything outside of Russia. I don't believe that you'll be anywhere near 100% near successful; I believe that you'll just succeed in blocking everyday Russians, and the criminals will pay money to people to get them through.
  
  Putin and the like will be quite happy to see ordinary Russians cut off from external sources of information; they've already tried to shut down as many dissenting voices as possible, but the Internet is harder to deal with. They'll also be able to paint it as Western aggression and mistreatment when they don't get things their way. Double whammy for them!
  
  So even if you think that inconveniencing ordinary people in this way will indirectly pressure the Russian government, it won't. Quite the opposite.
  At what point do we stop accepting their harboring of their criminals? There's gotta be a line somewhere. As I said, you assume criticism of your solution == non-acknowledgement of problem. This is not the case.
  
  My post was a criticism of a transparently bad idea, and I had the gut reaction that it would be taken (by you or someone else) as a rejection of the problem itself.
  
  Simply going with a bad and workable "solution" simply for the sake of doing something in the absence of a better idea is A Very Bad Thing. As I already pointed out, your solution would be *worse* than the problem anyway.
  
  I suspect that people have already come up with better ideas than yours, which they (having greater insight into the issues) nevertheless concluded were flawed.
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Don't be stupid by Anonymous Coward · 2008-01-29 07:59 · Score: 1, Insightful

If I were FSB and I knew the identities of the Storm botnet herders, there's little doubt that I would simply take over the botnet. Perhaps even employ the guys if they were not the staffers to begin with. Very large botnet is an EXTREMELY valuable data mining resource. It just makes zero sense to any intelligence agency, Russian or not, to shut the botnet down if you can take over it.
1. Re:Don't be stupid by Quadraginta · 2008-01-29 08:48 · Score: 2, Insightful
  
  Good grief, don't let's give the geeky profession airs. The FSB has a lot better resources than a few thousand compromised Windoze machines. They're going to spam somebody to death? Raise next year's black budget by running a few dozen phishing scams? Sheesh.
  
  Besides, this kind of goofball techno stunt isn't the Russian style. They excel at the basic ancient human-centered form of espionage and security compromise. If you think they want to penetrate your bureaucracy, then don't waste your time changing your AOL password weekly or carefully not opening e-mail attachments. Instead, be cautious about that hot blonde at the gym who confessed a lifelong sexual weakness for balding guys trying to work off the desk paunch and who expresses a sweet naivete and engaging curiosity about how, precisely, you do your job.
2. Re:Don't be stupid by Hatta · 2008-01-29 09:32 · Score: 4, Insightful
  
  Apparently the Storm worm is the world's fastest supercomputer. And even if it weren't, funneling whatever attacks the FSB might be likely to do through the Storm botnet would provide excellent plausible deniability.
  
  --
  Give me Classic Slashdot or give me death!
Re:It's Russia !! What do you expect !! by Anonymous Coward · 2008-01-29 08:04 · Score: 1, Insightful

It's Russia !! What do you expect !! American ideals and values ?? It's full of wussies looking for their daily bread, and couldn't care less about anything but that !! Funny, I thought those were American values and ideals. Although, to be fair, here in America we expect circuses with our bread.
Re:maybe i'm on drugs by moderatorrater · 2008-01-29 08:07 · Score: 4, Insightful

You mean like this?

The problem with that thinking is that this ecosystem is entirely created by humans, and that there are no limits on population in the first place. The internet's not like an enclosed valley which can support 300 sheep no matter what. The limits on what the internet can handle are constantly expanding, and so far there's been little to no strain.

As for whether the worm is cool and impressive, well, that depends on what you think cool and impressive are. It's extremely well built, runs quite well and is hard to catch once it's entrenched. It's a lot like the mafia, and if you're like the rest of the US, that is cool. Also like the mafia, it's really only cool if you're the one running the show or you have little to no experience with it.
Re:Russian Law? by russ1337 · 2008-01-29 08:29 · Score: 2, Insightful

Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.
yet.
Like the Russians Are the First.... by queenb**ch · 2008-01-29 09:03 · Score: 2, Insightful

Seriously, how many of you see all kinds of stuff coming out of China, Korea, Nigeria, etc.?

NONE of them get prosecuted either....

2 cents,

QueenB

--
HDGary secures my bank :/
1. Re:Like the Russians Are the First.... by orclevegam · 2008-01-29 09:09 · Score: 2, Insightful
  
  The reason this is news worthy is it appears to be more of a willful act to block prosecution, where as the ones over in Nigeria (although probably not China) are more a case of the local infrastructure and police not being capable of tracking these people. The other factor is one of organization and impact. Sure, a few Nigerians spam the hell out of people and manage to do some 419 scams, but all in all it's a few individuals doing it and they don't get all that many hits. The Russian group behind Storm on the other hand is a well organized group not random individuals, and they impact hundreds of thousands (millions?) of individuals.
  
  --
  Curiosity was framed, Ignorance killed the cat.