October 29, 2009, 8:10 AM — U.K. police have apologized over a recent public presentation that linked a nonprofit Internet registry with money laundering by a notorious group of Russian cybercriminal gangsters.
The brouhaha started during a presentation by Andy Auld, head of intelligence of the e-crime department for the U.K.'s Serious Organized Crime Agency (SOCA), and Keith Mularski, supervisory special agent with the U.S. Federal Bureau of Investigation's Cyber Division, at the RSA security conference on Oct. 21.
The seasoned cybercriminal investigators were describing the Russian Business Network (RBN), a well-known group linked to malicious software,
hacking, child pornography and spam.
RBN showed how organized cybercrime had become: to support its activities, RBN received an IP (Internet protocol) address allocation so it could essentially act as its own ISP (Internet Service Provider). Those IP addresses were allocated by RIPE Network Coordination Center, which is one of five Regional Internet Registries (RIR) responsible for assigning IP address blocks to ISPs and other network providers.
In 2006, RIPE allocated addresses to a fake company registered in the U.K. that was a front for the RBN. RIPE contends it was duped and that at the time, it was impossible to tell that the front company wasn't legitimate. After repeated contact with law enforcement, RIPE eventually pulled RBN's IP allocation in May 2008.
While describing law enforcement efforts to fight RBN and other cybercriminals, Auld singled out RIPE and the other four RIRs as points where criminal activity can be put under pressure. Since RIPE was paid by RBN for IP addresses, RIPE "was receiving criminal funds," Auld said.
That essentially made RIPE part of a money laundering operation, Auld said, adding the caveat that law enforcement didn't treat the situation that way. Nonetheless, Auld's comment ruffled RIPE's feathers.
"They apologized to us immediately when we called," said Axel Pawlik, RIPE's managing director, on Thursday. Pawlik said he has also met SOCA officials this week in Seoul at the Internet Corporation for Assigned Names and Numbers (ICANN) conference.
Pawlik said RIPE, which is based in Amsterdam, can revoke IP allocations if a company violates its guidelines or based on a Dutch court decision. RIPE has rarely banned companies, Pawlik said.
RIPE does take measure to vet new applicants, but in the case of RBN, "it's quite difficult to find those people if they are hidden behind those shell companies and fake fronts," Pawlik said.
RBN -- believed to be based around St. Petersburg, Russia -- also had the local police, the judiciary and government agencies "firmly in its pocket," Auld said. "The local police were unable to get anywhere near the group," he said.
After RIPE kicked off RBN, the group quickly tried to reconstitute its network, but law enforcement was able to interfere with it. Nonetheless, it is believed that those behind the RBN are back at it, albeit under a slightly different business model, Auld said.
