Spam Nation (3 page)

Meanwhile, a handful of key arrests and disruptive actions against spam botnets and top players in the cybercrime underground appear to have done more to destabilize the industry than any of the half-baked legislative proposals put forth so far. As numerous examples in this book illustrate, governments around the world can perhaps achieve the most impact on cybercrime not by passing new laws or increasing penalties
for various cybercriminal offenses, but by better enforcing existing laws and by creatively applying pressure on and incentivizing global corporations to address this problem in ways that suit their own interests and extend the reach of domestic law-enforcement agencies.

This is not to say that the answer to combating spam and botnets rests only with the governments of the world. On the contrary; as we will see later in this book, some of the most effective actions against these dual scourges have come from efforts by corporations to protect their own financial interests, customers, trademarks, and public image—and from consumers themselves.

Ultimately, spam and all of its attendant ills will diminish very little without a more concerted, cooperative push from some of the richest and most powerful interests in the world, including the pharmaceutical industry; the credit card and banking sectors; lawmakers and law enforcers around the globe; and people like you and me, most of whom are the unsuspecting targets and victims of these spammers and hackers every day. It’s time to do something about this global epidemic, to protect our identities, our bank accounts, our families, and our lives before it’s too late.

1.
It should be noted that Gusev has publicly denied sending spam and running SpamIt, though not to me directly in my interviews with him.

Chapter 2

To understand the threat that email spam poses for all of us, it’s crucial first to peer into the dark corners of the cyberworld and understand what’s lurking there. Kidnapping. Bribery. Extortion. Blackmail. Corruption. These were among the business skills commonly employed by the men who built the earliest cybercrime havens—the virtual pirate coves of the Internet.

These web hosting businesses—mostly based in Russia and the former Soviet states—were often referred to as “bulletproof networks” or “bulletproof hosting providers” because they had secured enough political and operational protection through a variety of methods (some legal, some illegal) to make them virtually untouchable by the law. Indeed, they had so much clout that they could often stay online in the face of withering pressure from foreign governments and law-enforcement agencies to disconnect them and their customers, who were invariably trafficking unsavory or illicit goods and services on the web.

One of the leaders, McColo Corp., was a master at this. Nikolai, the young entrepreneur whose violent death by car accident we witnessed at the outset of
Chapter 1
, certainly didn’t invent the business of attracting and hosting cybercrime-based enterprises online. Rather, like innovators in other fields, he stood on the shoulders of cybercriminal giants before
him, refining a time-honored business model by focusing on efficiency: cutting out middlemen, slashing prices, and investing in more dependable, faster networks.

Most of all, McColo distinguished itself by earning a reputation as a bulletproof hosting provider that offered top-notch technical and customer support. These were qualities that early pioneers in the business tended to overlook, probably because they had so little competition.

But to understand how McColo came to dominate the cybercrime underground, it helps to know how and why its predecessors failed. As it happens, the bulletproof hosting providers that laid the groundwork for young Nikolai’s business also are closely intertwined with the early careers of the two cybercrime kingpins whose lengthy feud forms the basic story arc of this book. And one network above all paved the way for the rise of McColo, the Pharma Wars, and many of the junk email and cybercrime practices that threaten us and our online security today.

By the middle of 2007, the Russian Business Network (RBN)—a shadowy web hosting conglomerate based in St. Petersburg, Russia—had cemented its reputation among security experts as the epicenter of cybercriminal activity on the Internet. In case after case, when computer crime investigators followed the trail of money and evidence from sites selling child pornography or pirated software, web properties at RBN were somehow always involved. When cyber sleuths sought to shutter sites that were pumping out colonies of computer viruses and “phishing” scams that use email to impersonate banks and lure people into entering account passwords at fake bank sites, more often than not, the offending site was a customer of RBN.

RBN epitomized the early bulletproof hosting providers, virtual safe houses where web hosting customers could display and offer practically any online content—no matter how illegal or offensive—as long as they kept paying exorbitant hosting fees that were prone to increase without notice. A basic web server at RBN commanded prices between six hundred and eight hundred U.S. dollars per month, more than
ten times what most legitimate hosting providers charged for regular customers at the time.

These fees didn’t just line the pockets of the bulletproof providers; they were essential to those providers’ survival. For example, a share of the income from those lofty fees trickled down from RBN’s ringleaders to local authorities and corrupt politicians in the region, some of whom were all too ready to look the other way when law-enforcement officials from other nations came inquiring about sites promoting illegal activity that were hosted on RBN’s networks.

David Bizeul, a French security researcher who compiled a massively in-depth analysis of RBN during its heyday in mid-2007, said RBN had a dedicated team responsible for fielding abuse complaints, but that this team only served to make RBN appear more like a legitimate Internet service provider (ISP) than anything else.

“RBN has an available abuse team—used to give it a respectable image—and this abuse team will ask you to provide a Russian judicial indictment in order to process” an abuse or takedown request, Bizeul wrote in 2007. “Of course, this indictment is very difficult to obtain. Isn’t it a paradise for fraudsters?”

The exact origins of the Russian Business Network are shrouded in mystery. Perhaps for that reason, many experts in the computer security industry have for years ascribed most malicious Internet activity to the ringleaders behind RBN, whether or not that activity had any obvious connections to the infamous hosting network.

Still, if RBN has become a kind of digital boogeyman for many, that reputation was hard-earned. According to press reports and sources familiar with the company, RBN was born out of cybercriminals’ need for more stable and reliable web hosting for a variety of their illegal businesses—most especially extreme pornography and child porn. Indeed, RBN’s roots trace back to the child porn industry and to organized crime groups based in Minsk, Belarus.

At the dawn of the new millennium, a bright, twenty-two-year-old
Belarusian named Alexander Rubatsky was being groomed to follow in the footsteps of his father—a well-respected lieutenant colonel in the Belarusian police force. But Rubatsky was far more interested in and skilled at computers, and eventually dropped out of the police academy.

Victor Chamkovsky, a Belarusian filmmaker and investigative journalist who documented Rubatsky’s early career, said Rubatsky’s talents made him an attractive acquisition by local organized crime groups who saw big money in processing payments for Internet businesses, particularly pornography. According to Chamkovsky, in 1995 Rubatsky started hanging out with Gennady Loginov, a young tough whose brother was the leader of a militant organized-crime group in Minsk known as “The Village.” Rubatsky’s job was not to strong-arm people, but to simply find databases to plunder and acquire credit card accounts that could be drained or sold for cash.

In Spring 2001, Rubatsky began looking for a real job and was hired as a computer specialist with CyberPlat, at the time Russia’s largest processor of online payments. As part of his position, he was given the funds and authority to hire more than a dozen other programmers. His assignment: to assemble a team that could build the next generation of CyberPlat’s payment platform.

As noted by the Belarusian newspaper
BelGazeta
, CyberPlat also paid Rubatsky to rigorously test its systems for security vulnerabilities that might expose it to data breaches. But the company would later allege that he abused that access by downloading a copy of the company’s client database. Rubatsky told prosecutors that he grabbed the data merely so that he could demonstrate the security weaknesses his team had found. But his employer wasn’t buying that explanation. The local police raided the cabin where Rubatsky and his hackers worked, and carted off enough evidence to put him on trial for theft. The Belarusian courts ultimately sided with CyberPlat, sentencing Rubatsky to six months in jail. (That sentence was later suspended.)

But Rubatsky would exact his revenge. Before his trial ended,
CyberPlat’s customer list was leaked to law-enforcement officials. Cybercrime investigators from the United States and other nations had long suspected that most of the payments to sites selling child pornography were being processed through merchant accounts tied to CyberPlat and its Moscow-based partner Bank Platina, and now the authorities had a smoking gun.

By mid-2002, CyberPlat found itself ensnared in an international scandal when it was reported by the Russian news publication
Kommersant
that among CyberPlat’s customers were dozens of websites selling access to child-porn images and videos. CyberPlat fired 40 percent of its staff—including top managers—in the wake of the scandal.

Meanwhile, Rubatsky was left to continue pursuing the extremely lucrative market of processing child-porn payments for shady sites that offered it. At the same time, Rubatsky’s strongman Loginov was determined to beef up operational and physical security for the enterprise. Never again would local police forces be able to so easily raid the hacker hut.
2

Prefiguring his later work as a pioneer in the bulletproof hosting business, Rubatsky sought to secure local and physical protection so that he could continue to operate his business without interruption or interference. If the local police decided to conduct another raid, at least Rubatsky would see them coming and have a chance to hide or destroy incriminating evidence of his business.

According to a documentary by Chamkovsky called
Operation
Consortium
, and as documented in other Russian news sources, Loginov and his associates rigged the cottage with a variety of security devices, including closed-circuit cameras and alarm systems. Loginov’s team also acquired firearms, police radios, and uniforms. They even
received combat training under the tutelage of a former officer from the Russian KGB—the secret police and intelligence agency of the Soviet Union.

Loginov’s gang was reportedly subjected to a crash course in KGB field service, including a battery of physical and psychological endurance tests, as well as specialized instruction in a variety of medical and technical skills. “Initially, they even had to take [written] tests,” said Igor Parmon, a deputy in the Belarusian Ministry of Internal Affairs, in Chamkovsky’s documentary. “They were even punished for missing classes.”

A 2004 story in the
Belarusian
Business
News
describes how Loginov’s group reacted when they learned that a local businessman named Evgeny “Pet” Petrovsky was building his own credit-card processing business catering to the child porn industry—a company called Sunbill (later renamed BillCards). The organized crime gang decided to put their newfound combat training to work by eliminating—or at least intimidating—the competition. Petrovsky’s alleged role in setting up card processing for child porn sites was also documented in 2004 by the Computer Crime Research Center, a nonprofit organization based in Odessa, Ukraine, that gathers data on transnational cybercrime.

Petrovsky was stopped in his car by a man posing as a local policeman, and when he stepped out of the car as directed, he was kidnapped by masked men. Once they reached their safe house in the outskirts of Minsk, the abductors contacted Petrovsky’s associates and demanded a million U.S. dollars for his safe return. But no money would be forthcoming. When local authorities began to close in on their location, the assailants fled with Petrovsky to Moscow. By November 2012, Russian and Belarusian authorities had located the Loginov gang’s hideout and arrested the kidnappers. They found Petrovsky alive and relatively unharmed.
3

According to Chamkovsky, Rubatsky was intensely focused on hacking and plundering online stores of financial data, and was not aware of his comrades’ paramilitary activities. But when Rubatsky got word that Loginov’s group had been rounded up by law enforcement for kidnapping and extortion, he fled Belarus for St. Petersburg, Russia.

From a rented office space in downtown St. Petersburg, Rubatsky reportedly worked with contacts at Moscow’s Alfa Bank to set up an entirely new payment system called “Alfa-Pay.” The system was designed to process payments for child pornography and to shield the business from disruption or prying eyes. As described in a 2006 story in the Belarusian newspaper
Evening
Minsk
, the business relied on a network of holding companies that served as intermediaries for employees back in Belarus who handled everything from photographing teenage and preteen models to the distribution of the content and the payment of commissions to resellers of the photographic content.

“With Rubatsky’s help, a huge holding was developed, which encompassed everything from photo-shooting and pornography distribution to the administrative work of a holding company, [including] regular payments, billing, and commissions,” Chamkovsky wrote. “Rubatsky’s know-how on…sites dedicated to child pornography was in creating [a] cookie-cutter system that could be easily cloned.”