Soca: Russian cyber-gang bribed police
The Russian Business Network, an ISP that sheltered online criminal activity, bought off local police and judiciary, according to the Serious Organised Crime Agency.
The local constables bribed by the company hindered international police efforts to close down the cybercrime ring it was involved with, according to Soca intelligence officer Andy Auld.
"The Russian Business Network, based in St Petersburg, had not only the police but the judiciary firmly in its pocket," Auld told the RSA conference in London on Wednesday. "We had serious problems with the law enforcement response locally."
The Russian Business Network (RBN) offered "bulletproof hosting", or web-hosting for illegal sites, including fraud forums and child pornography. The gang used an extensive range of front companies, including St Petersburg Telecom, said Auld, and allowed its leaders to live luxuriously.
"They had a nice, shiny black bulletproof Audi A8 with an escort," he said.
As the RBN attracted media attention and grew, its leaders began to put a disaster recovery plan into place, said the British policeman. New front companies were set up and new servers were prepared for operation in Asia. It was due to start new operations under the name Taiwan Industrial Network, but Soca, in conjunction with the FBI and ISPs, managed to have that network blocked before it became operational, said Auld.
The RBN abruptly stopped its operations in November 2007. However, although its disaster recovery plan was not carried through, the crime gang remains engaged in nefarious activities.
"They are back in business, but with a slightly different business model," said Auld. "That is bad news."
Auld said Réseaux IP Européens Network Coordination Centre (Ripe NCC), one of the five European regional internet registries, accepted money from the gang for accreditation as a local internet registry (LIR).
"RBN paid Ripe for services," said Auld. "If we were being harsh, we could say that Ripe has received criminal funds and was involved in money-laundering offences. We are not treating it that way, but you could see it like that."
Ripe NCC said the RBN used a front organisation that was accepted as an LIR in 2006. The regional internet registry dealt only with this organisation, which was registered outside Russia. The organisation passed all of the necessary checks, which are backed by a very strict set of guidelines, according to Ripe.
"The RBN was accepted as an LIR based on our checklists," Paul Rendek, Ripe NCC head of external relations, told ZDNet UK in an email statement. "Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide. Additionally, we request network plans, justification for need of IP address space and even go as far as to request receipts for technology and machinery that allows the management of address space."
After that acceptance, as part of an audit, Ripe found its resources were being used by the RBN in violation of its policies, said Rendek. Following an investigation, Ripe closed the RBN registry and reclaimed all its IP resources in May 2008.
Rendek added that Ripe is continuing to cooperate with Soca and other law enforcement bodies.