Categories: RegulationSecurity

Russian Police And Internet Registry Accused Of Aiding Cybercrime

Amsterdam-based Internet registry organisation RIPE NCC has been singled out for its involvement with notorious criminal network provider Russian Business Network (RBN) by the UK’s Serious Organised Crime Agency.

The registrar took money from the well-known criminal organisation, and subsequently corruption in the Russian police allowed the network’s organisers to escape SOCA’s clutches according to Andy Auld, head of intelligence for the agency’s e-crime department, speaking at the RSA Conference Europe security event this week in London.

RIPE NCC denies any wrong-doing and Auld explained that the registrar wasn’t actually being investigated for its involvement with RBN – but as the registry body had accepted payment from the Russian criminal organisation, it could be seen by some as having been complicit in criminal activities, he said.

“An entity like Russian Business Network – a criminal ISP and recognised as such by just about every media outlet worldwide that covers these things – RBN was registered as local internet registry with RIPE, the European body allocating IP resources to industry,” explained Auld.

The SOCA officer argued that any company that does business with a known cyber-criminal organisation such as RBN could itself be open to accusations of acting illegally.

“RIPE was being paid by RBN for that service, for its IP allocation,” he said. “Essentially what you have – and I make no apologies for saying this is – if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences,” said Auld.

Serious organised crime – not a cottage industry

RBN’s systems were used to host child pornography and at its peak, according to SOCA, the organisation hosted around one third of all the “pay-per-view” child pornography in the world. The rest of the illegal network was devoted to malware including systems to control botnets.

“What we are tallking about is a purpose-built criminal ISP – built for and used by criminals and a highly profitable organisation at that,” said Auld. “This is organised crime. Don’t be confused with the idea that is a hobby industry or cottage industry, this was a proper organised crime syndicate that just so happened to have an e-crime component to its crimial portfolio.

As well as SOCA, the FBI and Dutch and German law-enforcement groups were involved in the investigation of RBN last year. However as the investigation continued the group behind RBN set up a “disaster recovery plan” to ensure that it could continue operating if its existing systems were shut down. This plan was set in motion in November 2008 but according to SOCA it was able to shut-down the new systems before RBN was able to migrate over to them.

“All we could get there was a disruption, we weren’t able to get a prosecution in Russia,” admitted Auld. “Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news.”

Auld added that other registries also had some connection to RBN which could similarly be construed as illegal – although he admitted that SOCA preferred to work with these companies than seek to prosecute them.

“We are not actually treating it [RIPE] that way but if you want to interpret it that way the same would apply to both ARIN [American Registry for Internet Numbers] APNIC [Asia-Pacific registry], AFRINIC [African registry] and so on,” he said.

According to SOCA, it is actively working with internet registry organisations to make sure that they don’t, whether intentionally or unintentionally, end up aiding criminals and harming consumers.

“Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. “So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals,” added Auld.

RBN looked legitimate, says RIPE NCC

In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs.

“The RBN was accepted as an LIR based on our checklists,” he said.” Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide.”

Renek maintained that RIPE has had a good relationship with SOCA and other law-enforcement organisations. “We have always cooperated with SOCA, and continue to work very closely with relevant criminal investigation bodies to ensure investigations can be carried out as swiftly and efficiently as possible in order to ensure best practice Internet governance is adhered to and criminal activity is identified and dealt with in the appropriate manner,” he added.

Russian “corruption”

SOCA also attributed some of the blame for failing to prosecute any members of RBN as being down to corruption on the part of police in St.Petersburg who, Auld alleged, appeared to have agreed to protect the criminal gangs behind the network.

“We strongly believe that this organisation had not only the local police but the local judiciary and local government in St. Petersbeg firmly in its pocket that meant when we tried to investigate RBN we met significant hurdles – quite obvious hurdles – when trying to deal with Russian law enforcement to tackle the operation,” said Auld.

Earlier this month, US law enforcement agencies got much better international co-operation in shutting down a phishing ring based in Egypt.

Andrew Donoghue

View Comments

  • I'd suggest that Mr.Auld first takes a look at how the Internet registry system works before opening his mouth. His comments are completely wrong.

  • When a country and its people understands that their whole country is run by a mafia (the communists) then the old world mafia represents democracy. So today everything is run by the "mafia" in Russia, old or new.

    Nothing else works.

    And deep down Russians do not consider making money cheating, a crime at all.

    It is just part of the everyday game to get along.

    Much like Somalia with this toll on passing, and stupidly free and unprotected, ships

  • That stupid cop openly admits he can't do his job, and wants RIPE NNC to do it. What I don't get is why RIPE NNC guys replied in such manner that it sounds like they are trying to excuse. Why didn't they tell him to f*ck off?

  • Hi greeting. if some one has been diuped by somebody in Russia what should i do to trap down the person am a Cameroonian and some one hes taken my passport 600dollars and up to date he is not picking my calls. i have all evidence to prof.

Recent Posts

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

19 hours ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

20 hours ago

US Supreme Court Agrees To Hear TikTok Appeal

US Supreme Court says it will hear appeal of TikTok and parent ByteDance against ban…

20 hours ago

Japanese Space Start-Up Destroys Second Rocket After Launch

Japanese start-up Space One destroys Kairos rocket for second time shortly after launch, as country…

21 hours ago

CATL Aims To Massively Expand EV Battery-Swap Infrastructure

World's biggest EV battery maker CATL aims to build 1,000 battery-swap stations next year, rising…

21 hours ago

Facebook ‘Restricted’ Palestinian News Content

Facebook has 'severely restricted' news content from Palestinian outlets since October 2023 amidst bias concerns,…

22 hours ago