The Russian Cybermafia: RBN & the RBS WorldPay attack

The long view of security strategies for your network.

The paper written by Cadet Bradley Guinen of Norwich University for his CJ341 Cyberlaw & Cybercrime class provided the basis for this series of articles. Cadet Guinen and Mich Kabay collaborated closely in converting Guinen's essay into a series of articles for Network World Security Strategies.

The Russian cybermafia: Beginnings

The Russian Cybermafia: Boa Factory & CarderPlanet

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The paper written by Cadet Bradley Guinen of Norwich University for his CJ341 Cyberlaw & Cybercrime class provided the basis for this series of articles. Cadet Guinen and Mich Kabay collaborated closely in converting Guinen's essay into a series of articles for Network World Security Strategies.

The Russian cybermafia: Beginnings

The Russian Cybermafia: Boa Factory & CarderPlanet

* * *
The Russian Business Network (RBN) is infamous for its involvement in malicious software, distributed DoS attacks, hacking, child pornography, and spam. Much like other Russian cybercrime syndicates the Russian Business Network had its roots in the old fashion selling hacking tools and services that could even penetrate many U.S. government systems.

Since then the RBN has scaled up its operations to include the creation of a program called Black Energy, which is a tool used to control a botnet, a large group of infected computers, which in turn are used in an assault on a targeted Web site to paralyze it and shut the site down.

In a report by Siobhan Gorman and Evan Perez in December 2009, the Wall Street Journal published claims that the FBI was "probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang." The  report implied that Black Energy was being used in the attack. However, within hours of publication, "Citigroup and a federal law enforcement source … refuted a claim that the bank's customers lost millions of dollars in an advanced cyber heist over the summer, leaving lingering questions over details of the alleged attack."

Even though that particular attack turned out to be illusory, the RBN really did organize an extraordinary attack known as the RBS WorldPay scam in November 2008. Eastern European criminals were able to hack past WorldPay's sophisticated encryption system used on payroll debit cards and extract information pertaining to these cards. They used the stolen data to create hundreds of fake automated teller machine (ATM) debit cards. Then simultaneously around the world, the organized crime group used these fake ATM cards to withdraw the maximum amounts permitted. They stole about $9 million from more than 2,100 ATMs in over 280 cities, in countries such as the United States, Russia, Ukraine, Estonia, Italy, China, Japan and Canada in 12 hours. A year later, eight men were indicted by a federal grand jury in Atlanta.

In August 2010, one of the accused, Sergei Tšurikov, 26, of Tallinn, Estonia, was successfully extradited to the United States to stand trial. Unfortunately, in Russia, the alleged leader of the gang involved in the scheme, Victor Pleschuk, 28, was merely given a four-year suspended sentence (probation) and ordered to pay restitution of $8.9 million to RBS WorldPay. Readers can estimate for themselves the likelihood that Pleschuk will ever successfully repay this amount.

[Mich Kabay adds:] In my opinion, international cybercrime will continue to grow. With many countries in the world governed by corrupt bureaucrats and jurists ready to accept bribes to overlook or even support criminal groups that bring revenue into their countries – and their personal pockets – it is unlikely that we will see a significant reduction in such activities in the foreseeable future. And just wait until the People's Republic of China gets more heavily involved: a totalitarian country with no discernable rule of law but with the largest population on the planet is already a significant source of enormous cyber-criminality. The cyberfraud epidemic is only going to get worse.
* * *

Bradley Guinen is due to graduate from Norwich University in 2013 with a BSc in Computer Security and  Information Assurance. He is a proud member of the US Army Reserve Officer Training Corps at Norwich University, home of the ROTC.

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.