Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Version 1.0.1<br />
RBN <strong>study</strong> – before and after<br />
David Bizeul<br />
• Alexei Bakhtiarov: As Vladimir Kuznetsov, Alexei Bakhtiarov is one of the two most important members<br />
of Infobox. Alexei is also very involved in whois registration because we can find 100 domains where he<br />
is registrant. Whole Datapoint address range has been registered by Alexei Bakhtiarov. This guy may be<br />
the Datapoint CTO as we can see an interview from him about a DDOS attack [ 46 ].<br />
• Stepan Kucherenko : Stepan Kucherenko is supposed to be the technical guy. He may lead the IT staff.<br />
He has also be mentioned in the network whois of TwoCoinsSoftware (81.95.144.0/22). He may be one<br />
of the RBN leaders. Stepan Kucherenko may also have some personal relations into Peterstar that are<br />
used to get easier Internet access.<br />
• Flyman: According to iDefense/Verisign [ 47 ], flyman is the main RBN leader. He could be the real brain of<br />
this complex <strong>org</strong>anization. He is well known by law enforcement because of child pornography. Although<br />
pursues have already been attempted against him, he has very strong political protection that can offer<br />
him to continue to develop its traffic without being worried by polices.<br />
Multiple skills<br />
RBN has been created by people strongly involved in cybercrime activities and used to counterfeit data. As it has been<br />
explained above, many people can be blamed for participating in RBN but some of them have special skills or relations.<br />
All together, they form an <strong>org</strong>anized and efficient team:<br />
• <strong>Network</strong> skills: some people master BGP routing and network architecture.<br />
• System skills: some RBN employees have good IT skills. They manage the IT infrastructure and offer<br />
boxes to customers that can be configured remotely.<br />
• Internet understanding: The best RBN strength may be the understanding they’ve acquired on the<br />
whole Internet <strong>org</strong>anization and processes. They have succeeded in counterfeiting most of RBN public<br />
related data while getting official support from trusted companies or internet regulators.<br />
UPDATE : for sure, RBN will be able to come back on the Internet soon because of this skill.<br />
• Cybercrime relations: RBN would not exist if cybercrime was unprofitable. Indeed, some people<br />
involved are supposed to be closely related with cybercrime activities and they may have worked together<br />
to offer an adapted hosting service.<br />
• Legitimate companies relations: RBN may have trusted contacts in several legitimate companies. This<br />
contact points allow them to route IP address ranges or get internet connectivity.<br />
• Law enforcement corruption: It is hard to believe that RBN could not have been worried without having<br />
paid or corrupt local law enforcement authorities to prevent pursues.<br />
46 http://www.spiegel.de/international/world/0,1518,497841,00.html<br />
47<br />
http://www.theage.com.au/news/business/from-russia-with-malice-a-criminal-isp/2007/07/23/1185043032049.html<br />
40
Change language