Slashdot Mirror

← Back to Stories (view on slashdot.org)

We Know Who's Behind Storm Worm

Posted by kdawson on from the can-you-spell-rule-of-law dept.

jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"

36 of 169 comments (clear)

  1. Surely You Jest by rshol · · Score: 5, Insightful

    Corrupt Russian Government officials in collusion with shady Russian underworld types? Who'd a thunk it?

    1. Re:Surely You Jest by Anonymous Coward · · Score: 2, Insightful

      Yeah because by saying "russian government officials corrupt" you deny any other country having corrupt governments. One does not exclude the other, you know.

    2. Re:Surely You Jest by Eunuchswear · · Score: 2, Funny

      Can't seem to remember.

      --
      Watch this Heartland Institute video
  2. cronyism by wealthychef · · Score: 4, Insightful

    Shocking! You mean the criminal friends of powerful politicians don't get prosecuted in Russia? Good thing that never happens here!

    --
    Currently hooked on AMP
  3. INVADE by Bastardchyld · · Score: 5, Insightful
    I say we invade...

    U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia...

    No seriously though. This is no suprise. We can pretend that the US and Russia are the best of friends but in reality these kinds of situations will continue to happen. What is the Russian Governments incentive to take care of this issue. Like it or not it is good for their economy.
    --
    $diff terrorists hippies
    $
    $rm -rf *terrorists *hippies
    1. Re:INVADE by Quadraginta · · Score: 4, Interesting

      It's more complicated than that. There are actually pressures that the US could bring to bear on the Russians, but they've chosen not to deploy them in this case, and have chosen to merely rely on asking for cooperation, because it isn't that big a deal to the US economy or other national interests, either.

      Personally, I don't think the solution lies in national-level action. It lies either in economics -- making the business unprofitable -- or if you really want to have James Bond fantasies, in using the very lawlessness of Russia against them. I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment. Certainly within the means of a large community of pissed-off Internet users. It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.

    2. Re:INVADE by Anonymous Coward · · Score: 2, Insightful

      I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.

      Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.

    3. Re:INVADE by Anonymous Coward · · Score: 2, Funny

      I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.


      Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.


      Perhaps we just need a well trained group of Jihadist Engineers.

      Recuiter: Eugeene. You body may die, but because of your selfless act your soul will rise to heaven where it will find a dedicated T1, and 74 well stocked BT peers.
      Eugeene: Hot digity! Whose this Rus-sian Mofioso you want me to blow up?
  4. Reminds me of the '20s in the US by coolmoose25 · · Score: 2, Insightful

    Except in this case the Federal Gov't doesn't send in Elliot Ness... It sends in... well... nobody.

    --
    Brawndo: It's what plants crave!
  5. The CIA's been making some noises about 'cyberwar' by KublaiKhan · · Score: 2, Interesting

    Does this count as 'cyberwar'? I see great potential for making lots of money^W^W^W^Wpatriotically serving the country by grafting in a Bureau of Cyberdefence into the Department of Homeland Security...

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
  6. Re:In Soviet Russia... by morgan_greywolf · · Score: 2, Insightful

    More like:

    In Soviet Russia, the RBN owns the government!

    --
    My blog
  7. St. Petersburg... by MiniMike · · Score: 2, Interesting

    According to Google maps, St. Petersburg is well within 220 miles of international waters...

    If they can get exact coordinates, I can think of a (firing) solution

  8. Is this cyber warfare? by RLiegh · · Score: 5, Interesting

    Seriously ...could the whole point of this -from the Russian perspective at least, be that they can use or hire their local blackhats to wreak economic and/or civil damage (eg what happened to estonia) pretty much at will?

    I'm not saying that's what Russia is actively doing -but what incentive would Putin have to dismantle a tool that could be used so effectively against his -and russia's- enemies?

    1. Re:Is this cyber warfare? by moderatorrater · · Score: 4, Interesting

      I'm not saying that's what Russia is actively doing Actually, I'd go ahead and take that step if I were you. Allofmp3 was shut down by the Russians for doing something that was borderline legal in Russia. We have hackers doing something that (I presume) is illegal in Russia not being shut down by the Russians. While it's possible that it just so happens that a group of hackers working for the Russian mafia just happened to create a worm with great strategic importance to the Russians, great enough to withstand pressure from the international community, I find it more likely that they actively supported it.
  9. If they know where it is originating from... by bagboy · · Score: 5, Funny

    why not blackhole the source IP blocks?

  10. Re:INVADE - Alternative by Anonymous Coward · · Score: 3, Funny

    1. Provide RBN with Windows Vista
    2. RBN gets slowed down repeatedly clicking "Da, continusky"
    3. Battle over.

  11. These sorts of stories... by jd · · Score: 4, Insightful
    ...are always a little suspicious. Either the person/gang is pretty obviously a very minor fish in a pond filled with Megalodon sharks, or the person/gang is conveniently impossible to reach. Not that this won't happen, but it's pretty much public knowledge that international gangs operate in the US and Europe with impunity. The odds that this one gang only exists in this one place doesn't fit what is known about Russian gangs or, indeed, what is known about cyber organizations of any kind. This sounds far too much like a call to inaction, a bid to avoid doing anything serious.

    (Besides, if a minimum level of computer security was mandated, and critical machines were kept off public networks, cybercrime, worms and viruses would be reduced in quantity and effectiveness. The Government has a position open for Internet Czar - why is it not filled and why isn't it being used to push the importance of network security? Hell, I'd put in for the job if I thought I'd have a whelk's chance in a supernova of either getting it or getting heard afterwards.)

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:These sorts of stories... by PCM2 · · Score: 3, Insightful

      They also have many of the earmarks of urban legends. "We know exactly who is responsible" -- OK, then, what are their names? Where are their photographs? Surely the Russian government wouldn't deny a simple request for criminal conviction records, if we asked nicely. If that's too much to ask, then what are the names of the agents at the FBI and other U.S. law enforcement and intelligence agencies who have information on the perpetrators? Are they unwilling to speak anonymously, even?

      Just because a few people conspired to do something doesn't mean your explanation is not just another conspiracy theory.

      --
      Breakfast served all day!
    2. Re:These sorts of stories... by jd · · Score: 2, Interesting
      Which is why I said that it does indeed happen. It really does. Government activities, especially, tend to be highly secretive and Governments around the world have all been guilty of crimes. The British Government last year admitted to torturing and murdering German civilians in an undisclosed prison in London shortly after World War II. Notice the "after" bit. At least one political refugee in London has been killed by a poisoned needle on an umbrella. The South African Government provided a journalist's children with poison-soaked t-shorts. (Rest in peace, Donald Woods.) Then there's the drug-dealing that was used to help fund the arms-for-Iran fiasco.

      The idea that a cyber-attack, whether a worm against individuals or an attack on infrastructure, could be Government-based is not therefore absurd. Clearly, Governments do very nasty things, have very few scruples and are not as accountable as they like to claim. But is it reasonable to blame them?

      Not necessarily. Russia is run as much by crime syndicates as by the Government there. Big businesses can hire all kinds of people most would not want to associate with. We can't be sure where the worm comes from - the American Government has admitted it mistook an NMap probe for a Russian attack one time, why should we trust this "knowledge" any more than any of the claims we now know were totally false? And even if the origin was correctly identified, is that the origin of the worm, the hosting country for some zombies, or where someone ssh'ed into?

      Even if someone 'fesses up, the number of exaggerated and fraudulent claims made to boost reputations is countless. We can't trust an admission and more than enough time has passed for someone to reverse-engineer the code, so even asking someone to duplicate the worm wouldn't prove a damn thing other than the person has a good memory... or the interrogator ensured the right answer was given. Easy to do, with subtle hints and the careful application of pain.

      In short, we will never know the truth of the matter. Consensual reality is the only "reality" we can ever be certain of, including the fact that we can be certain that it's not (objectively) real.

      Does it even matter, though? Not really. Better host-level and network-level security would significantly reduce the risks of any future problems. There are plenty of intrusion detection systems that look for abnormal activity and plenty of active HIDS/NIDS that can shut a firewall on an intrusion being detected. Plenty of other ways to keep worms out (or isolate an infected machine).

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  12. Paranomocracy: Criminal Rule by Doc+Ruby · · Score: 3, Informative

    "Paranomocracy" is rule by criminals, as first used by Russian Ouspensky in a 1919 letter describing what he also called "kakourgocracy" the new Soviet rule by criminals.

    --

    --
    make install -not war

  13. Gee, imagine that by WindBourne · · Score: 3, Informative

    We have high level gov. officials who are corrupt. Welcome to America^h^h^h^h^h^h^h France^h^h^h^h^h^h China^h^h^h^h^h Russia.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  14. Naah, isolate instead by gorbachev · · Score: 2, Insightful

    I've said this before, so excuse me for sounding like a broken record.

    What needs to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

    The reason why I'm advocating this is because what the Russian cybercriminals are doing is not just criminal, but more importantly threatening the Internet infrastructure itself. There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.

    Since that's unlikely to happen unless the Russian criminals do something extraordinarily stupid (like successfully attacking several Western states directly), the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council, ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.

    The state sponsored welfare program for the benefit of Russian mafia gotta stop. Every year billions and billions of dollars of OUR money is being transferred with the silent blessing of Russian Government to the Russian mafia and other criminal elements in Russia. I don't know what else to call that but a global welfare program.

    --
    In Soviet Russia, I ruled you
    1. Re:Naah, isolate instead by Dogtanian · · Score: 4, Insightful

      What needs [my emphasis] to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

      Really, do you actually think about the practicality or plausibility of implementing your ideas in the real world?

      This not only *won't* happen (as you acknowledge) but *can't* heppen without locking down the US's (or whoever's) part of the Internet so much that the cure will be worse than the disease. Even if you stop direct links to the US net, you won't be able to stop every peering point between Russia and elsewhere. It's going to be impossible to stop indirect traffic. Criminals will just figure a way around your idea of blocking Russian traffic that hides their true location. Since they have access to lots of compromised PCs in numerous countries that's one obvious route. The other obvious solution is to cut a deal- "legal" or "illegal" by whatever measure- with a third party in a third country that isn't blocked. Good luck figuring which connections are legitimate and which are proxies for the criminals.

      And even if you block all *those* countries, they'll do it in two hops via a fourth country- so unless you have a 100% agreement between "good countries" and they have a 100% watertight block against traffic from the "bad" countries, you can't do it.

      I'll tell you now that (a) You won't get such an agreement and (b) If you did, you still wouldn't be able to make sure that those countries' defences were watertight to your standards. So the only way to get what you want is to block all non-US traffic (assuming you live in the US) to an incredible degree. And this still probably won't work.

      Your naivety and the flaw in your argument can be summed up by this phrase:-

      the responsible part of the Internet

      As if the Internet can be obviously (and easily) partitioned off into "responsible" and "irresponsible" parts! Even if it could, so long as either "part" is too big too isolate completely from the other, you can't stop traffic flowing. Therefore, there's only *ONE* Internet.

      And it's not like that; the whole thing is just shades of grey; the US part might be more "responsible" by your measure, but it's still far from perfect.

      There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.

      Yes, and your easier-to-come-up-with-on-Slashdot-than-it-is-to-actually-implement-it idea isn't one of them.

      the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council

      Yeah, it's that simple when you're a tough-talking behind-the-keyboard would-be-diplomat/politician.

      Bottom line, I'm not justifying what Russia is doing, or how they're behaving, but your solutions are naive and clumsy in the extreme. The West isn't going to isolate Russia further (which Putin would probably be quite happy with) and risk escalation of political and military tensions simply to stop some crime which- although admittedly serious and large-scale- still doesn't warrant anything like that risk.

      ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.

      Oh noes!!!!!11111

      And that's why you're neither a diplomat or a politician. You think that such petty retribution would work and Putin would say "You're right! I'll do exactly what you say". Not a bloody chance. This is just the Slashdot equivalent of some guy down the pub/bar saying how he'd put the world to rights.

      Putin would set his face against the West further (wh

      --
      "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
    2. Re:Naah, isolate instead by Dogtanian · · Score: 3, Insightful

      I'm fully aware nothing that I propose is ever going to happen Sorry to break this to you, but whilst political apathy on this issue may be a problem, it's not the main reason your suggestion should (and would) be ignored. It's because it's badly thought out and unworkable.

      You don't have to be 100% successful with cutting them off the net. Just enough so that it's going to be very inconvenient for Russians to access anything outside of Russia. I don't believe that you'll be anywhere near 100% near successful; I believe that you'll just succeed in blocking everyday Russians, and the criminals will pay money to people to get them through.

      Putin and the like will be quite happy to see ordinary Russians cut off from external sources of information; they've already tried to shut down as many dissenting voices as possible, but the Internet is harder to deal with. They'll also be able to paint it as Western aggression and mistreatment when they don't get things their way. Double whammy for them!

      So even if you think that inconveniencing ordinary people in this way will indirectly pressure the Russian government, it won't. Quite the opposite.

      At what point do we stop accepting their harboring of their criminals? There's gotta be a line somewhere. As I said, you assume criticism of your solution == non-acknowledgement of problem. This is not the case.

      My post was a criticism of a transparently bad idea, and I had the gut reaction that it would be taken (by you or someone else) as a rejection of the problem itself.

      Simply going with a bad and workable "solution" simply for the sake of doing something in the absence of a better idea is A Very Bad Thing. As I already pointed out, your solution would be *worse* than the problem anyway.

      I suspect that people have already come up with better ideas than yours, which they (having greater insight into the issues) nevertheless concluded were flawed.
      --
      "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  15. Re:News flash 100 years from now by Teflon_Jeff · · Score: 4, Funny

    In unrelated news, there are troubling reports of a new Storm Worm coming from mars. Random slashdot posts have appeared stating "In soviet Mars, The planet reddens YOU"

    Agents are exploring a correlation. Slashdot has already modded them down as trolls.

    --
    "Teach a man to build a fire, and he's warm for a day. Set a man on fire and he's warm for the rest of his life."
  16. Re:maybe i'm on drugs by moderatorrater · · Score: 4, Insightful

    You mean like this?

    The problem with that thinking is that this ecosystem is entirely created by humans, and that there are no limits on population in the first place. The internet's not like an enclosed valley which can support 300 sheep no matter what. The limits on what the internet can handle are constantly expanding, and so far there's been little to no strain.

    As for whether the worm is cool and impressive, well, that depends on what you think cool and impressive are. It's extremely well built, runs quite well and is hard to catch once it's entrenched. It's a lot like the mafia, and if you're like the rest of the US, that is cool. Also like the mafia, it's really only cool if you're the one running the show or you have little to no experience with it.

  17. Isn't it Kuvayev and company? by damn_registrars · · Score: 3, Interesting

    I had read through the Wikipedia page on Leo Kuvayev that he may be (one of the?) main guy(s) behind the storm worm botnet.

    Here's the reference to Leo Kuvayev having a role with the storm botnet. Considering the massive amounts of spam that is pumped out for domains that he purchases, it wouldn't surprise me in the least.

    Though according to his Crooked Registrar Partners, he apparently lives in Finland. Though I somehow doubt that he really owns an entire Finnish city, as his address would have you believe.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  18. Re:Russian Law? by russ1337 · · Score: 2, Insightful

    Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.
    yet.
  19. Re:Don't be stupid by Quadraginta · · Score: 2, Insightful

    Good grief, don't let's give the geeky profession airs. The FSB has a lot better resources than a few thousand compromised Windoze machines. They're going to spam somebody to death? Raise next year's black budget by running a few dozen phishing scams? Sheesh.

    Besides, this kind of goofball techno stunt isn't the Russian style. They excel at the basic ancient human-centered form of espionage and security compromise. If you think they want to penetrate your bureaucracy, then don't waste your time changing your AOL password weekly or carefully not opening e-mail attachments. Instead, be cautious about that hot blonde at the gym who confessed a lifelong sexual weakness for balding guys trying to work off the desk paunch and who expresses a sweet naivete and engaging curiosity about how, precisely, you do your job.

  20. I know who it was by jrothwell97 · · Score: 2, Funny

    Mrs White didit, with the candlestick, in the drawing room.


    (Or perhaps it was Mr Putin, with the laptop computer, in the server room.

    --
    Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.
  21. Re:What's it like... by Shados · · Score: 3, Funny

    and having the world think you're a bunch of assholes
    Well, technically in America we're familiar with at least THAT one too...
  22. Like the Russians Are the First.... by queenb**ch · · Score: 2, Insightful

    Seriously, how many of you see all kinds of stuff coming out of China, Korea, Nigeria, etc.?

    NONE of them get prosecuted either....

    2 cents,

    QueenB

    --
    HDGary secures my bank :/
    1. Re:Like the Russians Are the First.... by orclevegam · · Score: 2, Insightful

      The reason this is news worthy is it appears to be more of a willful act to block prosecution, where as the ones over in Nigeria (although probably not China) are more a case of the local infrastructure and police not being capable of tracking these people. The other factor is one of organization and impact. Sure, a few Nigerians spam the hell out of people and manage to do some 419 scams, but all in all it's a few individuals doing it and they don't get all that many hits. The Russian group behind Storm on the other hand is a well organized group not random individuals, and they impact hundreds of thousands (millions?) of individuals.

      --
      Curiosity was framed, Ignorance killed the cat.
  23. Re:Don't be stupid by Hatta · · Score: 4, Insightful

    Apparently the Storm worm is the world's fastest supercomputer. And even if it weren't, funneling whatever attacks the FSB might be likely to do through the Storm botnet would provide excellent plausible deniability.

    --
    Give me Classic Slashdot or give me death!
  24. Re:maybe i'm on drugs by Rogue+Pat · · Score: 5, Funny

    You mean like this?
    Man, i need to get a life!! I start to recognize the xkcd cartoons by their number and smile before clicking on the link :/
  25. A complex pattern of incentives by Budenny · · Score: 2, Interesting

    One imagines there may be a complex pattern of incentives. RBN for these purposes should be considered a deniable branch of the Russian state.

    The incentive to do it is to try out net sabotage techniques for possible later use in a controlled and deniable way. You don't have the potential embarrassment of trying to do it clandestinely and getting caught. You do it openly but deniably.

    The incentive for allowing it is the hope that practice in defense will be more valuable than practice in attack, and that the net will evolve more robust defense systems than if you adopted state measures to prevent it. If you could even find any.

    However, what should be somewhat alarming here is that a regime most of whose officials came out of the Soviet equivalent of the Abwehr or the SS should now be in power and conducting a sort of guerrilla war on the West. Never forget, the organizations these guys came out of murdered several times the numbers the Nazis did and operated a camp network many times the size of the Nazi one.

    They are not people like us.