News Security

Russian Police And Internet Registry Accused Of Aiding Cybercrime

  • October 21, 2009
  • By Andrew Donoghue

Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency

Amsterdam-based Internet registry organisation RIPE NCC has been singled out for its involvement with notorious criminal network provider Russian Business Network (RBN) by the UK’s Serious Organised Crime Agency.

The registrar took money from the well-known criminal organisation, and subsequently, corruption in the Russian police allowed the network’s organisers to escape SOCA’s clutches according to Andy Auld, head of intelligence for the agency’s e-crime department, speaking at the RSA Conference Europe security event this week in London.

RIPE NCC denies any wrong-doing and Auld explained that the registrar wasn’t actually being investigated for its involvement with RBN – but as the registry body had accepted payment from the Russian criminal organisation, it could be seen by some as having been complicit in criminal activities, he said.

“An entity like Russian Business Network – a criminal ISP and recognised as such by just about every media outlet worldwide that covers these things – RBN was registered as local internet registry with RIPE, the European body allocating IP resources to industry,” explained Auld.

The SOCA officer argued that any company that does business with a known cyber-criminal organisation such as RBN could itself be open to accusations of acting illegally.

“RIPE was being paid by RBN for that service, for its IP allocation,” he said. “Essentially what you have – and I make no apologies for saying this is – if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences,” said Auld.

Serious organised crime – not a cottage industry

RBN’s systems were used to host child pornography and at its peak, according to SOCA, the organisation hosted around one third of all the “pay-per-view” child pornography in the world. The rest of the illegal network was devoted to malware including systems to control botnets.

“What we are tallking about is a purpose-built criminal ISP – built for and used by criminals and a highly profitable organisation at that,” said Auld. “This is organised crime. Don’t be confused with the idea that is a hobby industry or cottage industry, this was a proper organised crime syndicate that just so happened to have an e-crime component to its crimial portfolio.

As well as SOCA, the FBI and Dutch and German law-enforcement groups were involved in the investigation of RBN last year. However as the investigation continued the group behind RBN set up a “disaster recovery plan” to ensure that it could continue operating if its existing systems were shut down. This plan was set in motion in November 2008 but according to SOCA it was able to shut-down the new systems before RBN was able to migrate over to them.

“All we could get there was a disruption, we weren’t able to get a prosecution in Russia,” admitted Auld. “Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news.”

Auld added that other registries also had some connection to RBN which could similarly be construed as illegal – although he admitted that SOCA preferred to work with these companies than seek to prosecute them.

“We are not actually treating it [RIPE] that way but if you want to interpret it that way the same would apply to both ARIN [American Registry for Internet Numbers] APNIC [Asia-Pacific registry], AFRINIC [African registry] and so on,” he said.

According to SOCA, it is actively working with internet registry organisations to make sure that they don’t, whether intentionally or unintentionally, end up aiding criminals and harming consumers.

“Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. “So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals,” added Auld.

RBN looked legitimate, says RIPE NCC

In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs.

“The RBN was accepted as an LIR based on our checklists,” he said.” Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide.”

Renek maintained that RIPE has had a good relationship with SOCA and other law-enforcement organisations. “We have always cooperated with SOCA, and continue to work very closely with relevant criminal investigation bodies to ensure investigations can be carried out as swiftly and efficiently as possible in order to ensure best practice Internet governance is adhered to and criminal activity is identified and dealt with in the appropriate manner,” he added.

Russian “corruption”

SOCA also attributed some of the blame for failing to prosecute any members of RBN as being down to corruption on the part of police in St.Petersburg who, Auld alleged, appeared to have agreed to protect the criminal gangs behind the network.

“We strongly believe that this organisation had not only the local police but the local judiciary and local government in St. Petersbeg firmly in its pocket that meant when we tried to investigate RBN we met significant hurdles – quite obvious hurdles – when trying to deal with Russian law enforcement to tackle the operation,” said Auld.

Earlier this month, US law enforcement agencies got much better international co-operation in shutting down a phishing ring based in Egypt.


IBM Releases More Cloud Computing Tech

At its analyst conference, IBM announced three more additions to its Project Blue Cloud

It took a little while for IBM to define its corporate approach to cloud computing during the last few years, but now that it has one, the world’s largest IT company is going all out in the sector.

On 6 Oct at its Information Infrastructure Analyst Summit in Boston, the company introduced three more additions to its Project Blue Cloud bag of goodies: a new software infrastructure specifically aimed at the building of private cloud systems, an online information archive and — you’ve guessed it — a slew of new consulting services to go with both.

“This is really the next instance in the continuing drumbeat of IBM delivering enterprise-ready cloud services,” IBM Cloud CTO Kristof Kloeckner told eWEEK. “We’re putting a great deal of corporate time and effort into this.”

Cloud computing, or utility computing, serves up computing power, data storage or applications from one data center location over a grid to thousands or millions of users on a subscription basis. This general kind of cloud—examples include the services provided online by Amazon EC2, Google Apps and—is known as a public cloud, because any business or individual can subscribe.

Last June, IBM launched three cloud models: IBM Smart Business Test Cloud, a private cloud behind the client’s firewall, with hardware, software and services supplied by IBM; Smart Business Development & Test and Smart Business Application Development & Test, which use Rational Software Delivery Services on IBM’s existing global cloud system; and IBM CloudBurst, a preintegrated set of hardware, storage, virtualisation and networking options, with a built-in service management system.

The underpinnings of these are Tivoli Provisioning Manager 7.1 and the new Tivoli Service Automation Manager, which automates the deployment and management of computing clouds. The same foundations will power the new packages.

“The intent of this private storage cloud offering is to serve customers efficiently with their active, file-based data — the term would be near-line storage, meaning it’s not direct-attached storage, but not remote archival storage, either,” Kloeckner said. “The scenarios would include any information-rich enterprise that needs frequently accessed data in a file format.”

Everybody is seeing increasing amounts of data being created in collaborative environments, made by creative processes and devices, Kloeckner said. IBM believes that an automated cloud computing approach to handle this overflow of information is one that makes sense for a good many enterprises.

“We see this as one element of making information pay off for the enterprise, so to speak,” Kloeckner said. “Digital media, medical imaging, Web content, analytics, geospacial data, engineering modeling data, are just some of the use cases. We all know that the interconnection of devices creates a huge amount of data that needs to be managed efficiently, accessed, stored and secured in order to be analysed.

This is all designed for file-based storage — it is not block-based or individual record-based storage, or what is contained in a database, Kloeckner said.

Right now, the private cloud software is available in a beta release only. It should be available for full production in a few weeks, Kloeckner said.

IBM is in the process of preparing a public cloud offering, but Kloeckner did not want to speculate on when that might be available for beta testing.

Tivoli and IBM System Storage are the foundations for the new Information Archive, which uses hard disks and tape machines within a single pool. It features deduplication and compression techniques to optimise storage capacity, Kloeckner said.

“When using the archive, a user can designate whether he or she wants to store the files on disk or on tape, and the tape can be stored wherever they want,” Kloeckner said.

The hardware-and-software archive uses Big Blue’s General Parallel File System, Tivoli Storage Manager and IBM’s Enhanced Tamper Protection in an IBM array of the user’s choice.

The IBM Information Archive is the first offering announced as part of IBM’s unified archiving strategy, called IBM Smart Archive. The archive, available now as a preview, offers long-term storage for any kind of digital file, such as e-mail, images, databases, applications, instant messages, account records, contracts or insurance claim documents, logs, and others.

The archive can be organized into separate collections within a single system, and each collection can be configured with different retention policies and protection levels to meet specific needs — including business, legal, or regulatory, Kloeckner said.

Finally, IBM’s enhanced Cloud Consulting Services are available now to support the new software and hardware packages.