Computer Crime Research Center


Cybercrime: Uncovered

Date: February 13, 2008

The criminal mastermind lives somewhere in Russia. Drawing on his links to the underworld, he uses the internet to pull the strings of a shadowy network of misanthropes allegedly connected to the Kremlin.

Nothing escapes this kingpin's malevolence: online pornography, fraud, corporate blackmail – it all causes his coffers to fill and his ego to grow. And therein lies his problem. He gets cocky. Known only as "Flyman", his notoriety spreads and the attention forces him to go to ground.

It sounds like a piece of Raymond Chandler for the noughties, a hybrid of films like Hackers, The Matrix or any cyberpunk thriller from the past 20 years. But it is, in fact, real. The network is the Russian Business Network (RBN) – thought to be led by the nephew of a well-connected Russian politician – and it has been attracting the attention of security experts worldwide. Now, after briefly disappearing off the radar, it is believed that the group has moved its operations to China.

Meanwhile, in Britain, members of a similar organisation using the ShadowCrew website could face stiff sentencing next month for online fraud. Wherever you look, web-based crime is in the news. Everyone has experienced the annoyance of an email claiming to come from a legitimate bank, asking for account details (a process known as "phishing"). There are millions of incidences of online crime in Britain each year. At a time when the government is still reeling from losing 25 million child benefit claimants' details, concern over identity theft is in a heightened state.

But online crime is not easy to fight. The technology used to perpetrate it often runs at a pace that lawmakers cannot match. And having your bank account drained by a fraudster in China is akin to being pick-pocketed from halfway around the world.

Take the RBN. It is thought to be behind as much as half of every incident of "phishing" worldwide. It first came to the attention of security experts 18 months ago. Acting as an internet service provider, it soon began allowing criminals to host illegal websites, arguing that its own activities were not illegal; it was just the people using its services that were breaking the law.

The organisation does not communicate with its potential users through conventional means. Instead, it posts advertisements on underground bulletin boards. According to SecureWorks, an Atlanta-based security company, those who want to buy its services can also contact its operators through instant-messaging services. Potential customers also must prove they are not law enforcement officers, sometimes by proving they were involved in criminal activity.

Vitaliy Kamlyuk, a virus analyst at Russian computer security firm Kaspersky, has been following RBN's activities. Since October, something strange has been happening: one by one, the websites linked to the organisation have closed down. But its modus operandi has been spotted across the Far East. RBN is not shutting down, it's diversifying. "We suppose that the organisation has been planning this for a long time," Kamlyuk says, "but the attention it has gained has speeded up its activity. We believe they had connections with Chinese servers; and criminals trying to hide often go to Malaysia, China, Korea or Japan."

It is thought the organisation is using China because the country's huge number of internet users makes the group's activities hard to monitor. There has been talk in Russia about introducing a clampdown on internet crime, and service providers around the world have blocked many of RBN's websites.

The race is on to spot the RBN's new websites. Raimund Genes, the chief technology officer of Trend Micro, one of the big US-based internet security firms, says he has linked the organisation to attacks on the Turkish and Brazilian governments. "What has happened at RBN has been related to all kinds of attacks on the internet," he says. "I believe they have been too greedy."

Genes has found that the RBN has been behind the registration of scores of websites in China – and says the Chinese authorities are aware of this. Whether RBN plans to sell these sites on or run them itself, only time will tell. He has also spotted the RBN's techniques at work in Panama.

Genes concludes: "We can't believe there is so much criminal activity out there. Previously infections and viruses used to be spread by email attachments. Now the big thing is spreading by visits to web pages."

In Britain, the Serious Organised Crime Agency is hoping for a strict sentence for members of a crime ring that used ShadowCrew, an American website that shared the know-how needed to set up phishing rackets. The website was investigated by US authorities in October 2004 and a spate of arrests followed.

The crime ring using the ShadowCrew website was organised by Bryn Wellman, 35, who was sentenced to 10 years in prison on charges for conspiring to obtain up to 16m by fraud earlier this year. Wellman's scheme involved buying stolen card details online and researching card holders' personal information using various techniques (including impersonating officials to phone up unsuspecting victims). Other members of his crime ring face sentencing next month.

But whatever happens to RBN and ShadowCrew, one thing is for sure: cybercrime is booming.


In the first six months of this year, Israel had the most malicious activity per internet user. In 2005, investigators revealed that a "Trojan Horse" program had infiltrated some 60 companies, which became Israel's biggest corporate espionage scandal. A swathe of companies came under investigation for allegedly stealing information from rivals.

United States

Online fraud has overtaken viruses as the greatest source of financial loss in the US. According to California-based security firm Symantec, in the first s ix months of this year the US accounted for 61 per cent of worldwide denial of service (DoS) attacks, which attempt to make computer resources unavailable to their intended users.


In these countries – as well as Turkey, Malaysia and Singapore – the Russian Business Network is alleged to operate servers. The locations are disparate presumably in order to spread the risk of being permanently shut down by one country's police force.

United Kingdom

Around 3 million internet crimes were committed in the UK last year. One of the most common is identity theft. In 2004, two people were arrested over an internet crime ring, the Shadow Crew, that allegedly planned to defraud consumers and financial institutions out of hundreds of millions of dollars.


Online fraud is a burgeoning business in this nation. one trick is to lure potential victims into a scam via an unsolicited email. The unwitting recipients are promised a large commission on a multi-billion-dollar fortune. They are persuaded to open an online account, to which they contribute funds, never to be seen again.


The shadowy Russian Business Network was reportedly launched by young computer science graduates, and was registered as an internet site last year. After a period of legitimate activity, it has since been linked by security firms to child pornography, corporate blackmail, spam attacks and online identity theft across the globe.


Bots are software applications that run automated tasks over the internet. China has 29 per cent of the world's bot-infected computers, with Beijing hosting the majority of these. Bots are often benign but can be used for various nefarious tasks, such as harvesting email addresses from address books to help distribute spam.


Last year, Russian web users launched a "cyber-war" on the Estonian government, infecting 1 million computers with "bots". This overwhelmed the country's networks by requesting more information than they were designed to cope with. The effect was equivalent to 5,000 clicks per second and many websites were forced to shut down.


In 2004, US Secret Service agents arrested members of the Shadow Crew in Canada, who were using the website to orchestrate document forgery and drugs operations. In Vancouver, one of their number was just 17; he saw online underworld activities as a "rebellion against authority" according to reports.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo