<html>
<body>
the response of the Russians:<br><br>
<br>
<a href="http://blog.washingtonpost.com/securityfix/2007/10/russian_business_network_respo.html?nav=rss_blog" eudora="autourl">
http://blog.washingtonpost.com/securityfix/2007/10/russian_business_network_respo.html?nav=rss_blog<br>
<br>
<br>
</a>An individual claiming to represent the <b>Russian Business
Network</b> has denied media reports (including
<a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461.html">
a Washington Post story I wrote that ran last week</a>) the company
provides Web hosting services to numerous cyber criminal operations.
<br><br>
Experts quoted in my story and others, the RBN representative said, were
essentially wrong in their assessments. The response via a
<a href="http://www.wired.com/politics/security/news/2007/10/russian_network">
Wired.com article</a> by <b>Ryan Singel</b>, wherein a guy calling
himself <b>Tim Jaret</b> had this to say: <br><br>
"We can't understand on which basis these organizations have such an
opinion about our company," Jaret of the Russian Business Network
told Wired in an e-mail interview. "We can say that this is
subjective opinion based on these organizations' guesswork."
<br><br>
Jaret told Wired that RBN has made efforts to respond to complaints of
wrongdoing on its network. RBN's representative said the organization
even tried unsuccessfully to work with anti-spam group
<a href="http://www.spamhaus.org/"><b>Spamhaus</a></b>, which currently
includes all 2,048 of RBN's Internet addresses
<a href="http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Russian%20Business%20Network">
on its blacklist of known bad guys</a>. Spamhaus says RBN is "noted
for continuously hosting child pornography, malware, phishing and
cybercrime, and it details information suggesting ties between known
spammers and the St. Petersburg-based ISP.<br><br>
First of all, Spamhaus doesn't so much work with ISPs and known malicious
hosting providers as it does eventually de-list those that clean up their
act. The fact that RBN's networks have been so prominently listed on
Spamhaus' various blacklists for so long suggests that a great deal of
malicious activity is still emanating from the organization's various
networks. <br><br>
Faced with such statements, perhaps it makes sense to ask which of the
two scenarios seems more likely: That dozens of the world's leading
computer crime and Internet security experts are simply wrong in pinning
this activity on sites hosted by the Russian Business Network? Or that
RBN is simply trying to throw up a smoke screen?<br><br>
<b>John Bambenek</b>, a security incident handler with the
<a href="http://isc.sans.org/"><b>SANS Internet Storm Center</a></b>,
which tracks hacking trends, called RBN's belated defense laughable.
<br><br>
"They're about as misunderstood as a senator soliciting sexual
favors in an airport bathroom," Bambenek said. "When most of
the world's cyber-miscreants are paying 10 times more for hosting on your
network, you don't attract the business by accident"<br><br>
Bambenek is referring to the starting prices that security giant Verisign
said RBN charges for so-called "bulletproof hosting," or Web
hosting for illegal sites that remain reachable regardless of the level
of legal or technical pressure brought to bear on them. As I noted in my
story, $600 is about ten times the amount most legitimate Web hosting
providers charge per month for a dedicated Web site.<br><br>
Jaret from RBN told Wired that the organization in fact "doesn't
have any more criminal activity on its network than any other provider,
and it responds to abuse reports submitted via e-mail and a telephone
hotline. He claims the organization closes criminals' sites down within
24 hours of notification."<br><br>
Interestingly, a tidbit from my interview with a Verisign analyst that
didn't make it into the final story indicates that rather than shutting
down domains that generate complaints, RBN has in the past chosen simply
to up the price charged to the criminal groups that have rented Web space
from the network. <br><br>
Perhaps the most telling statement from RBN thus far comes at the end of
the Wired article, in which Wired News asked RBN to provide the URLs for
some legitimate customers. "Jaret says he couldn't oblige -- for
legal reasons."<br><br>
<br><br>
<br>
At 21:57 10/22/2007 +0200, you wrote:<br>
<blockquote type=cite class=cite cite="">Is seems Russia is at least
partially being cut off the Internet anyway. ;-)<br><br>
"While "walling off the Russian 'Net" as a response to
their illegal</blockquote></body>
</html>