This was published 16 years ago
From Russia with malice: criminals trawl the world
By Nick Miller
IF IT weren't true, it would be the script for the next Bond movie.
The mission: to eliminate a man. Codename: "flyman". Elite hacker. Suspected head of the so-called "Russian Business Network", a hotbed of cyber-fraud, child pornography and malicious "bot-nets" that wreaks havoc across the internet from its St Petersburg base.
"We don't know who he is," admits Rick Howard, director of intelligence at Virginia-based internet security company VeriSign. "We don't know if it's a hierarchical organisation or a loose confederation of similar groups. But it's organised.
"They are making millions of dollars a year. They are not greedy — they take a few dollars here and there and move on to the next victim. And we think their main guy has connections to the (Russian) Government, and is protected by them."
Mr Howard sips his macchiato — percolated, not stirred — as he reveals the details of VeriSign's latest research into cyber-fraud.
The RBN manages networks of phishing sites and Trojan programs, designed to steal banking passwords. The targets are individuals but the ultimate victims are the banks, who still compensate their customers for cyber-fraud losses.
Mr Howard is head of the "iDefense" labs at VeriSign, hired by "three-letter agencies" and financial institutions in the US, Canada and Australia to test their online defences.
Controversially, it pays "cash for vulnerabilities" — funding the search for security holes in software such as Microsoft's Windows or Oracle databases.
It also tracks the bad guys. Internet viruses and other malware used to be the realm of the amateur. But now it is a profession, Mr Howard says.
"Their code targets a particular banking system," he says. "They get an intricate knowledge of how that system works and then write code that goes against it."
Once a user's banking details are won, money is siphoned out and the computer is enslaved to a "botnet" used for spam distribution, or in mass denial-of-service attacks against a corporate network or web server.
Late last month VeriSign published a 50-page report into the activities of the RBN, which it describes as "a criminal internet service provider".
It's not quite SPECTRE, but VeriSign believes it owns a 155 megabit-per-second fibre-optic link from Russia to London to quickly process its transactions. "Flyman", its head, is rumoured to be the nephew of a powerful St Petersburg politician. RBN's sites are vipers' nests of child pornography servers, phishing sites designed to fool visitors into handing over their banking details, and repositories of Trojan code and other malware.
"VeriSign iDefense believes that RBN is a for-hire service catering to large-scale criminal operations," the report says. "Some of these criminals, who may also belong to the RBN circle, are taking advantage of the services provided by the organisation they created."
Phishing attacks on Westpac, National Australia Bank and Commonwealth Bank have all been traced to the RBN sites.
In October 2006, NAB took active measures against RBN's Rock Phish project, the report says. RBM botnets launched a major DDoS (distributed denial of service) attack against the bank, rendering its homepage inaccessible for three days.
However, Mr Howard says Australian banks are generally well protected. "They are world class," he says. "When we talk to your financial sector they are articulate, opinionated and know what they're talking about. They always have the best questions."
He is in town to talk to banks and government bodies about the online latest threats — and predict future threats.
China is a worry. "Traditionally their attacks are patriotic," Mr Howard says. "Last year a Chinese group launched a significant attack on US Government offices." The attack used a vulnerability in Microsoft Office to steal millions of unclassified documents.
"This looks like espionage," Mr Howard says. "But they were 12 guys, hackers for hire. They have the capability to branch out (into monetary cybercrime) and they are probably going to."
VeriSign is also preparing a report on "disruptive" new technology such as online worlds and internet-enabled mobile phones, which could radically change the battleground for the bad guys, and the people who fight them.
But that's another movie.