Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Russian Phishers Moving to China?

Zonk posted more than 6 years ago | from the change-of-scenery dept.

The Internet 67

Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."

cancel ×

67 comments

Sorry! There are no comments related to the filter you selected.

ISR (3, Funny)

eneville (745111) | more than 6 years ago | (#21300191)

I soviet China ... oh wait ...

Re:ISR (0)

Anonymous Coward | more than 6 years ago | (#21300321)

What does Interrupt Service Routine have to do with Soviet China?

Oh.. nevermind

Re:ISR (1)

renegadesx (977007) | more than 6 years ago | (#21303267)

China moves you?

The reason is obvious (0)

antifoidulus (807088) | more than 6 years ago | (#21300193)

the Russian mafia has a serious asian fetish!

Re:The reason is obvious (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21301787)

In Soviet China, sideways goes cuntflaps!

Re:The reason is obvious (1)

BUTT-H34D (840273) | more than 6 years ago | (#21302141)

St Pedosburg, LOL.

Russian Fishers Moving to China? (3, Funny)

colonslashslash (762464) | more than 6 years ago | (#21300203)

Have all their lakes frozen over or something? Damn you global warming! <shakes fist angrily>

Re:Russian Fishers Moving to China? (5, Funny)

Echolima (1130147) | more than 6 years ago | (#21300641)

I hate when Global Warming causes lakes to freeze

Re:Russian Fishers Moving to China? (0)

Anonymous Coward | more than 6 years ago | (#21303139)

Whooooooosh!

Re:Russian Fishers Moving to China? (1)

pipingguy (566974) | more than 6 years ago | (#21305127)

Dummy, it's like that chaos butterfly thingie where anything can cause anything else depending on access to sympathetic mainstream media and grant money. Straighten up and fly right (err...left)!

Re:Russian Fishers Moving to China? (0)

Anonymous Coward | more than 6 years ago | (#21334047)

Good job! You've discovered the punchline!

This is good (0)

Anonymous Coward | more than 6 years ago | (#21300249)

It is common knowledge in the US that one should not consume phish from China.

Re:This is good (1)

chubs730 (1095151) | more than 6 years ago | (#21302653)

phish is properly enjoyed in vermont

Re:This is good (1)

Grimbleton (1034446) | more than 6 years ago | (#21304563)

Just keep away from anything that came from, around, or, realistically, has ever heard of Lake Erie.

Even phishing is being outsourced? (3, Funny)

zappepcs (820751) | more than 6 years ago | (#21300261)

With phishing being outsourced to China, manufacturing being outsourced to China, Can we expect lead based paint recall phishing to come from China soon?

Re:Even phishing is being outsourced? (0)

Anonymous Coward | more than 6 years ago | (#21300703)

I can see it now:

From: aafekfkelalfe@toyrus.fjakjekfje.com
Subject: ATENTION PARENTS!
Text: You child may have toy with lead (Pb)! Lead (Pb) is very dangerous, please click link below and enter credit card information to see if you child toy have lead (Pb)! We then check credit card record to see if you buy toy with lead (Pb)!

Hmmm.. (1)

eniac42 (1144799) | more than 6 years ago | (#21301215)

Lead-based paint? Why, that gives me an idea.. [catandgirl.com]

internet 101 (5, Insightful)

KevMar (471257) | more than 6 years ago | (#21300305)

so they move to a country that restricts what they can access on the internet?

Thats exactly what I would do if I was the ring leader of major internet crime...

Re:internet 101 (1)

TheMeuge (645043) | more than 6 years ago | (#21300397)

It's not about what goes in, but what comes out. And if you grease enough party officials, the Great Firewall of China will turn out to have a lot of trap doors.

Re:internet 101 (0)

Anonymous Coward | more than 6 years ago | (#21303073)

It's not about what goes in, but what comes out. And if you grease enough party officials, the Great Firewall of China will turn out to have a lot of trap doors.

If you grease the wrong party officials they'll open a port in your head instead of the Great Firewall.

Re:internet 101 (5, Insightful)

BadHaggis (1179673) | more than 6 years ago | (#21300557)

Yes, but if the money is flowing into the right pocket(s) certain services/servers can bypass The Great Firewall. I am sure that these esteemed, and apparently resourceful, businessmen can negotiate a profitable relationship with the Chinese Government. Additionally, I'm not convinced that the Chinese Government is as concerned with what goes out of their country as much as they are concerned with what comes in. Certainly, given the all of the product recalls lately, you're aware of the high standards that the Chinese hold to their exports.

Re:internet 101 (2, Interesting)

Deanalator (806515) | more than 6 years ago | (#21302459)

Sorry, but that's not super fair. If you have been following the stories, Chinese toy makers are now suing Mattel for damaging their reputation. The toys that were recalled were built completely to spec with the designs Mattel gave them. When a toy contains many small magnets that can be swallowed, how can you blame the manufacturers, and not the designers?
http://www.chinadaily.com.cn/language_tips/cdaudio/2007-11/06/content_6234061.htm [chinadaily.com.cn]

Also, the latest round of recalls came from Mexico.
http://www.canada.com/reginaleaderpost/news/business_agriculture/story.html?id=6bbd57b0-e1d3-48d9-9a14-ebe3e6b24c04 [canada.com]

China can make high quality electronic equipment, and they can also make low quality toys. You can't really blame them for making what they were paid to make.

Re:internet 101 (2, Interesting)

CharmElCheikh (1140197) | more than 6 years ago | (#21303359)

If you can justify to the national ISP that unmonitored Internet access is a business requirement and are willing to pay your access more expensive you get your unmonitored access. It is not illegal, it is not bribery. I know it, my company does it.

Hmm (1)

orclevegam (940336) | more than 6 years ago | (#21300311)

Pretty soon the only large organized internet crime is going to be the government run kind.

Re:Hmm (0)

Anonymous Coward | more than 6 years ago | (#21300447)

what do you mean - "soon"?

Re:Hmm (1)

Glowing Fish (155236) | more than 6 years ago | (#21300501)

Just remember, there is no "soon"

Re:Hmm (1)

Chris Mattern (191822) | more than 6 years ago | (#21301485)

Why should the internet be different from everywhere else?

Chris Mattern

Laundering (1)

kryten250 (1177211) | more than 6 years ago | (#21300357)

"And they laundered money through more than a dozen Internet gambling sites." Aren't there better ways? I mean this has been done for years and it's part of the reason the US has the $10,000 rule.

Time for a third wife, then (1)

spywhere (824072) | more than 6 years ago | (#21300399)

My first wife was American. Second time around, I married a Russian lawyer. Back to eBay, I guess... How much to ship 110 pounds from China, including airholes?

Re:Time for a third wife, then (2, Funny)

night_flyer (453866) | more than 6 years ago | (#21300523)

Airholes shouldnt weigh too much

Re:Time for a third wife, then (1)

Critical Facilities (850111) | more than 6 years ago | (#21301291)

Hey, don't be an airhole, the guy was trying to make a joke.

Re:Time for a third wife, then (1)

KingOfGod (884633) | more than 6 years ago | (#21303733)

Your's, however, might not catch much air at all.

Re:Time for a third wife, then (0)

Anonymous Coward | more than 6 years ago | (#21305255)

110 pounds? Are you ordering a spare too?

Coming Soon... (1)

SlipperHat (1185737) | more than 6 years ago | (#21300417)

The Great Firewall of China meets the Russian Phishing Pond *in* China!

But will we notice? (1)

Glowing Fish (155236) | more than 6 years ago | (#21300459)

Do you think this will make a noticeable difference in the amount of spam coming through?

I have to say that since 1998, I have really noticed only an increase in the amount of spam, with the only downward swings coming from changing accounts, or my ISP implementing better spam filters. I guess I shouldn't say I haven't noticed any downswings, I have noticed a return to normal levels after a week or so of getting the same spam over and over.

But I don't think we will even notice this for the week or so it takes the spam people to set up shop somewhere else.

Net Blocks Withdrawn? (1)

rel4x (783238) | more than 6 years ago | (#21300469)

According to every single one of the cidr-reports referenced by that spamhaus article, all the blocks of IPs were "withdrawn" Example: http://cidr-report.org/cgi-bin/as-report?as=AS42811 [cidr-report.org]

In Soviet China (0)

Anonymous Coward | more than 6 years ago | (#21300627)

Phishers get THEM!

I mean, phishers get THEM!

Whoops.

Either way they're screwed.

FBI Humor (5, Informative)

handy_vandal (606174) | more than 6 years ago | (#21300631)

FBI Director Robert S. Mueller III sure knows how to slay 'em on the college circuit:

I recently watched a video on YouTube about the impact of the Internet. And before we go any further, I will answer the question of everyone under the age of 25. Yes, those of us over a certain age are allowed to access YouTube.
And he's not alone in his youthful wisecracking -- it looks like the FBI, as an institution, has a wicked sense of humor:

In June of this year, we initiated Operation Bot Roast.
Link [fbi.gov]

-kgj

So.. (5, Funny)

eniac42 (1144799) | more than 6 years ago | (#21300675)

A notice in an office-entrance in St Petersburg reads..

Gone phishing..

Re:So.. (1)

blhack (921171) | more than 6 years ago | (#21301619)

I made a background out of your concept.....

figured it was only fair to share it with you.

Gone Phishing [imageshack.us]

Organized cybercrime (1)

iamacat (583406) | more than 6 years ago | (#21300993)

I am not sure this would be very common, as Internet provides a great deal of anonymity. There is no way to find and eliminate competition and therefore no need to choose a don for protection. Likewise, if you are caught you are not able to rat out your friends besides the nicknames that they use to connect to IRC from hijacked machines. Maybe there is an agreement to perform hacking and DDOS hits on companies that cooperate with authorities to catch someone. But in general, cyber criminals are a bunch of independent agents that are not very organized.

Re:Organized cybercrime (0)

Anonymous Coward | more than 6 years ago | (#21301289)

But in general, cyber criminals are a bunch of independent agents that are not very organized.

Not so. I'm a cyber criminal, and I shop here [organizedliving.com] all the time.

Posting as AC for obvious reasons. You know, being a cyber criminal and all.

Re:Organized cybercrime (1)

Capt. Skinny (969540) | more than 6 years ago | (#21303193)

Damn. I though I was literal-minded.

Moving to china? (1)

Sleeping Kirby (919817) | more than 6 years ago | (#21301209)

Phishers moving to China? I resent that. China doesn't need foreigner phishers, they have their own!!! :p

Firewall the World (3, Interesting)

TFGeditor (737839) | more than 6 years ago | (#21302105)

I know I will get modded into oblivion, but I do not care. This is precisely why I firewall the entire world (other than North America) from my server. None of the users nor myself have any legitimate contacts or interests overseas, so blocking all traffic sourcing anywhere except North America reduces the spam load by 98% and virtually eliminates intrusion attempts.

Offensive to you? Why? What legitimate need do you have to access my server? My company has absolutely nothing to interest you. Therefore, what reason could you possibly have to access my server?

Let the bloodletting begin.

Re:Firewall the World (0)

Anonymous Coward | more than 6 years ago | (#21302381)

Texas Fish & Game Books on Sale! Texas Gun Owner's Guide!
Do even North American users buy anything from you? Oh, and btw your "firewall" sucks, coz I'm able to access it from my work pc here in Sydney.

Re:Firewall the World (1)

TFGeditor (737839) | more than 6 years ago | (#21302433)

Different firewall, dude. The website doesn't count.

Re:Firewall the World (1)

moz25 (262020) | more than 6 years ago | (#21302837)

It seems unlikely that anyone is going to care about you or your site.

Then again, firewalling out high-risk IP blocks such as from China or Russia is not necessarily a bad idea. They can go to the .cn or .ru portal versions!

Re:Firewall the World (1)

TFGeditor (737839) | more than 6 years ago | (#21302951)

Our readers/customers care, hence firewalling the rest of the world.

Re:Firewall the World (1)

moz25 (262020) | more than 6 years ago | (#21303219)

To phrase it more clearly: in spite of the flaming or downmodding you apparently expected, no one is likely to care enough about you or your site to get worked up about it.

You already know that this method is only practical for small sites of little economic consequence and that isolationalist ideas aren't likely to be well-received on an international site like SlashDot.

What's your point then? Are you trolling? It's not exactly a novel or clever idea to use geo-targeted filtering or routing. That's what CDNs do all the time.

Re:Firewall the World (1)

qzulla (600807) | more than 6 years ago | (#21304707)

Yer right. No one outside our country would care about Texas fish and game.

Heck. Why not block the rest of the states? We don't care either.

Are you the webmaster? I wouldn't admit it.

qz

Re:Firewall the World (1)

protobion (870000) | more than 6 years ago | (#21305655)

I presume your walled website is www.fishgame.com . I accessed the site, and it seems I can get through. I even almost ordered the Free Decals. I am definitely not based in North America. So, is your website really walled? Or did you just want to get your website /.-ed.

Firewall the US (1)

andersh (229403) | more than 6 years ago | (#21334187)

blocking all traffic sourcing anywhere except North America reduces the spam load by 98%
I find that very hard to believe since most spam comes from the United States according to Spamhaus [spamhaus.org] . As a European I would block the US, Russia and China to keep the load off my servers.

Re:Firewall the US (1)

TFGeditor (737839) | more than 6 years ago | (#21334313)

Believe what you will. I know it works for me. Opinions/beliefs to the contrary are irrelevant.

Re:Firewall the US (1)

andersh (229403) | more than 6 years ago | (#21334693)

Believe what you will. I know it works for me. Opinions/beliefs to the contrary are irrelevant.

Good luck with that. I'll remember that next time I get another "mortgage offer". It might work for you, but the truth is that the majority of spam is from Americans, for Americans and by Americans.

Don't get me wrong, I'm not anti-American in general, but I hate getting vast amounts of spam for products that I will never buy because I'm in another country. If I blocked every national TLD except my own I would not receive ANY spam, so I see your point. But don't delude yourself about who profits from spam and who it's meant for.

Re:Firewall the US (1)

TFGeditor (737839) | more than 6 years ago | (#21335639)

Regardless of who spam is "from," it invariably is *sent* via spambots. And years of experience is that the majority of spam comes from compormised machines "overseas." The owner of the spamvertized website (which invariably are hosed in China, Russia, India, Mexico, et al) might in fact be American, but for my purposes that, too, is irrelevant.

According to the Spamhaus Register of Known Spam Operations (ROKSO) database: "Many of these spam operations pretend to operate 'offshore' using servers in Asia and South America."

Remember, too, that this conversation is about "*Russian* Phishers."

To Each His Own (1)

andersh (229403) | more than 6 years ago | (#21336167)

And years of experience is that the majority of spam comes from compormised machines "overseas."

Do you have any evidence or links that proves this? Because I would like to point out that the US has quite a large percentage of the worlds computers (and Microsoft Windows). China is obviously the biggest market for PCs nowadays, but they also prefer a cheap Linux OS.

The owner of the spamvertized website ... might in fact be American, but for my purposes that, too, is irrelevant.

Sure, I agree, the ownership is irrelevant for this discussion. But they're still the ones contracting the spam campaigns.

"Many of these spam operations pretend to operate 'offshore' using servers in Asia and South America."

And I should of course have said blocking all of the Americas would solve my problem. Russia and Asia are obviously on the hit list as well. My own country would be enough, just like you. See, I have full sympathy for your situation.

Remember, too, that this conversation is about "*Russian* Phishers."

And who do you think purchases spam advertising from these Russians? Not Russians for sure. The phishing activites are of course a different issue - but we ended up discussing spam...

Of course there's probably a link between purchasing spam ad campaigns, "financing" their bot networks, and ultimately supporting their phishing activities.

Re:To Each His Own (1)

TFGeditor (737839) | more than 6 years ago | (#21336283)

"Of course there's probably a link between purchasing spam ad campaigns, "financing" their bot networks, and ultimately supporting their phishing activities."

Quite correct. DDOS attacks are another element. Bot herders "rent" their botnets to literally anyone, including entities and individuals who wish to DDOS a competitor's or enemy's website, or for extortion schemes. ("Send money and the DDOS attack will stop.") Spammers et al also DDOS Spamhaus, Castle Cops, SpamCops, and other anti-spam/phishing organizations.

Whoever said "crime doesn't pay" didn't know anything about crime--or botnets.

They've already set up shop..... (1)

TW Atwater (1145245) | more than 6 years ago | (#21302121)

...in Panama. inetnum: 81.95.148.0 - 81.95.151.255 netname: RBNET descr: RBusiness Network country: PA admin-c: RNR4-RIPE tech-c: RNR4-RIPE status: ASSIGNED PA mnt-by: RBN-MNT source: RIPE # Filtered role: RBusiness Network Registry address: RBusiness Network address: The Century Tower Building address: Ricardo J. Alfari Avenue address: Panama City address: Republic of Panama

Good Advice For Anyone (2, Insightful)

markus o'farkus (98120) | more than 6 years ago | (#21302401)

You should do what you are good at.

Two things Russians are very good at: hacking and organized crime.

When combined, it's a sight to see.

The good part of the story (1)

caller9 (764851) | more than 6 years ago | (#21303225)

So.... Block these networks. Think I got them all.
194.110.69.0/24
91.198.71.0/24
91.194.140.0/23
91.196.232.0/22
91.195.116.0/23
91.193.40.0/22
91.193.56.0/22
193.33.128.0/23

Re:The good part of the story (1)

djdavetrouble (442175) | more than 6 years ago | (#21333003)

so, how can i just block all of russia and china ?
don't really see anything that I need there....

in soviet russia (1)

sh3l1 (981741) | more than 6 years ago | (#21303415)

In soviet Russia, the internet crimes you!

FBI go home (1)

billcopc (196330) | more than 6 years ago | (#21304157)

As much as I hate (russian|chinese|korean|nigerian) spammers/botnets, I don't see how the FBI could possibly help. I know it's draconian, but I simply block off all access to my servers from a number of IP ranges I deem unfit, and that includes the aforementioned countries. Frankly, that's all the help I need.

Digital racism ? Maybe. It's not that I don't like chinese people, I just like them better when they don't harbor heinous criminals. Heck, I like white folk better when they don't harbor heinous criminals too, and I'm just as quick to ban them if they give me trouble.

It's a free internet, if people don't play nice, I have no obligation to play with them.

Who is using all the IPv4 space? (0)

Anonymous Coward | more than 6 years ago | (#21324101)

Spammers and email marketers.. always looking for virgin IP Addresses.. Be nice to see someone take up the cause of investigating how IPv4 assignments are happening, the rate that they are being picked up for marketing etc.. Too many new IP blocks are coming one line only to be seen to be just used for the purposes of fresh email IP's. In the world of email marketing, I guess IP addresses are cheap :0 Are legitmate users of IP addresses going to be hurt by this practise?

At least the Phishing will be in funny (1)

blueridge (1187481) | more than 6 years ago | (#21329905)

Well, perhaps we will see some humor in the new wave of phishing as they will all be delivered in Chinglish [wikipedia.org] .
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>