Russian Cybercrime Organization Suddenly Vanishes From Web

The most notorious player in global cybercrime has suddenly vanished from the Internet, sparking fears that the Russian-based group is set to re-emerge as an even greater threat from a new base in China.

Security experts believe that the Russian Business Network (RBN), a shadowy Internet service provider based in St. Petersburg and run by a figure known only as "Flyman," has played a role in most of the online crime committed in recent years.

Dubbed "the mother of cybercrime," RBN has been linked by security firms to child pornography, corporate blackmail, spam attacks and online identity theft.

It is feared that the group is building a massive new online platform in China, allowing gangs to launch a fresh wave of online crime.

• Click here to visit's Cybersecurity Center.

"The U.K. has been a focus for this group and its criminal clients, and things are set to get worse," David Perry, an analyst for Trend Micro, the security group, said.

Any move to China would put the Chinese authorities under enormous pressure to take action against RBN.

Security experts say that RBN provides "bulletproof" Web sites to criminals. Often resembling legitimate Web sites, these can be used to plant malicious software in the computers of members of the public that visit them.

Infected computers can be used to steal their owners' passwords, secretly send electronic junk mail or launch cyberattacks on government networks.

One alleged "phishing" gang, known as the Rock Group, which used the company's hosting service, is estimated to have made $150 million last year by tricking people into providing bank account details.

The RBN is also said to have developed dozens of fake anti-spyware and anti-virus programs to dupe people into giving it access to their computers in the mistaken belief that they were protecting themselves from online threats.

The RBN's activities are so notorious that VeriSign, one of the world's biggest Internet security companies, has dubbed it "the baddest of the bad."

Even the Bank of India was targeted in August when rogue software designed to steal passwords from customers' computers was discovered. The bank's Web site was shut down while experts debugged it.

Cybercrime has been estimated by the U.S. Treasury to be more valuable than the illegal drug trade — worth more than $100 billion a year.

The RBN has also been linked to the Russian authorities and is thought by some analysts to have played a role in the recent assault on Estonian cyberspace.

• Click here to read more about the May cyberattacks on Estonia.

A report from Symantec, the online security firm, alleges that the RBN has links with the criminal underground and government in Russia.

However, in recent days huge numbers of RBN-hosted sites have disappeared from the Web, leading analysts to speculate that the group is revamping its business model.

"RBN is reorganizing," said Raimund Genes, the chief technology officer of Trend Micro, a security group that has traced attacks by the RBN on corporate and government sites across Europe and US back to servers based in Panama.

One reason is thought to be the recent threats by Russian authorities to impose tougher penalties on Internet criminals.

Another was that large legitimate Internet service providers — which the RBN relies on to provide it with Internet access — have dropped it as a customer as its activities became more and more notorious.

Some analysts suggested that it is aiming to become a more disparate group, with servers in Panama, Turkey, Malaysia, Singapore, China, the U.S. and Canada.

Analysts have reported unusual bulk registries of thousands of Web addresses in China, which they say fit the past practices of the RBN. China would provide the RBN with an even broader base to support criminal activities.