Hotbed of Cybercrime Activity Tracked Down To ISP In Region Where Russia Is Invading Ukraine

An anonymous reader writes: Last week, WordPress security firm WordFence revealed it detected over 1.65 million brute-force attacks originating from an ISP in Ukraine that generated more malicious traffic than GoDaddy, OVH, and Rostelecom, put together. A week later, after news of WordFence's findings came to light, Ukrainian users have tracked down the ISP to a company called SKS-Lugan in the city of Alchevs'k, in an area controlled by pro-Russian forces in eastern Ukraine. All clues point to the fact that the ISP's owners are using the chaos created by the Russian military intervention in Ukraine to host cyber-crime operations on their servers. Some of the criminal activities the ISP hosts, besides servers for launching brute-force attacks, include command-and-control servers for the Locky ransomware, [email, comment, and forum] spam botnets, illegal streaming sites, DDoS stressers, carding sites, several banking trojans (Vawtrack, Tinba), and infostealers (Pony, Neurevt). UPDATE 12/22/16: The headline and summary have been updated to reflect the fact that Ukraine is fighting a Russian invasion, and is not in a "civil war," as mentioned in the source.

Makes sense

[Dan+East]

Any time a country occupies another's territory they will employ its infrastructure and resources to further whatever objectives are profitable for the invading country. In the past it might be industries such as steel production, fuel production, mining of natural resources, plundering of various kinds of stockpiles, utilizing manufacturing to produce weapons and munitions to further increase the power of the invading country. Just because these days those resources can also take the form of technologies (such as internet bandwidth and processing power) it makes them no less valuable or exploitable.

why is it always the russians

[nimbius]

All clues point to the fact that the ISP's owners are using the chaos created by the Ukrainian civil war to host cyber-crime operations on their servers.

or more likely the owners and staff were gunned down or driven off by the civil war, leaving the doors open and business office available for other sundry activities.

Re:why is it always the russians

[Zontar_Thing_From_Ve]

All clues point to the fact that the ISP's owners are using the chaos created by the Ukrainian civil war to host cyber-crime operations on their servers.

or more likely the owners and staff were gunned down or driven off by the civil war, leaving the doors open and business office available for other sundry activities.

Possible, but not "more likely". In the past decade I spent a good amount of time in Ukraine and I've been to a lot of different parts of it, particularly in the Russian speaking parts. In fact, the last city I went to is now completely under control of rebels and airport I flew out of in Donnetsk doesn't exist any more. While I do still have mostly good memories of being there, I can tell you that in general the people in Ukraine are a lot less honest than you'll find by default in Western Europe. This is especially true in Russian speaking regions. I regard it as a holdover legacy of the Soviet Union and its collapse. The Soviet Union essentially legalized bribery by not caring enough to punish people who took bribes. And the collapse of the Soviet Union resulted in a bunch of greedy, low class Communist Party connected individuals who grabbed formerly state run businesses for pennies on the dollar and manipulated those into vast personal fortunes. So a lot of Ukrainians have learned that corruption is everywhere, nobody wants to stop it, and everybody who gets ahead cheated their way to the top. It could be that people who've always lived there are still there and exploiting the situation or it could be new people are exploiting it or this is being done to fund the Russian government sending weapons across the border. All I can say is that with the chaos and anarchy currently in that part of Ukraine that whoever is doing it is probably never going to be stopped by whoever is in charge as they're likely paying those people off.

What about a Kickstarter/GoFundMe campaign?

[Required+Snark]

How much is a delivered Tomahawk with the self guided air delivery option?

Can't be Russia.

LALALALALA cant hear you, Vlad would never do anything like this and wouldn't allow his people to do it either. Wouldnt want to make Vlad or his puppets mad. I wouldnt want to get my tea poisoned with thallium.

Re:About time for some drone stikes

[ISoldat53]

7-11 that's who

Spamhaus Block List has these guys

https://www.spamhaus.org/sbl/query/SBL190623

Just block the whole ISP and call it a day

There is no civil war in Ukraine

[Z_God]

The idea that there's a civil war in Ukraine comes from Russian propaganda. There's actually a war against Russia going on there. The people who initiated it and the people on which it relies today all have Russian citizenship.

There is no civil war in Ukraine, stop lying

[vityok]

UN GA just days ago adopted a resolution finally admitting that Ukraine is a victim of the Russian military agression. Crimea is now an internationally recognized ocuppied region. The war in the eastern parts of the country is also between two nation-states: Ukraine and Russia. Claims about a "civil war" are distilled Fake News, a lie, Kremlin's disinformation.

Explaining Russian-Ukrainian conflict to Yanks

[mi]

UN GA just days ago adopted a resolution finally admitting that Ukraine is a victim of the Russian military aggression.

For better or worse, the part of the United States' electorate, to whom you want to appeal, view the United Nations with skepticism. So, instead of appealing to a questionable authority, try the following argument...

Imagine, Americans, Mexican government declaring Trump's election "a coup", his assemblage of generals — a junta, which placed the Latinophobic Nazi in power, contrary to the wishes of most Americans. Out of concern for the brotherly nation, Mexican government is encouraging volunteers to cross into California, Arizona, and Texas to help the local Spanish-speaking "self-defense" militias protect themselves against the White English-speaking bigots, who've persecuted the Spanish-speaking minority for years. In places stolen from Mexico before, these polite volunteers in military uniforms without any official insignia are already organizing a referendum to leave the US and join Mexico.

Patriotic Americans attempting to resist the invasion are denounced as racists and shot at with military-style efficiency. Although officially Mexico is not a party to this "civil war", its troops are regularly encountered on the battlefields — all of them are then found to have been "on leave" from their units. Artillery bombardment of American forces seems to originate from across the border, but no one can say for sure.

Would you still say, it is a civil war — Americans fighting other Americans?