AOH :: ISNQ5164.HTM

Russian FSB 'protecting' Storm Worm gang

Russian FSB 'protecting' Storm Worm gang
Russian FSB 'protecting' Storm Worm gang


http://www.theregister.co.uk/2008/01/31/storm_worm_protection/ 

By John Leyden
The Register
31st January 2008

The creators of the Storm Worm botnet are known to US authorities but a 
lack of co-operation from their counterparts in St. Petersburg, Russia, 
is preventing action being taken.

St. Petersburg was the centre of the infamous Russian Business Network. 
It's also reckoned by some to be the city the Storm Worm (more properly 
Trojan) authors call home.

Dmitri Alperovitch director of intelligence analysis and hosted security 
at Secure Computing told The Washington Post that Russian President 
Vladimir Putin and political influence within the Federal Security 
Service (Russia's successor to the Soviet KGB) was hampering prosecution 
efforts. The implication is that elements of Russian intelligence 
agencies are protecting the city's cybercriminals.

"The right people now know who the Storm worm authors are," Alperovitch 
said [1]. 'It's incredibly hard because a lot of the FSB leadership and 
Putin himself originate from there, where there are a great deal of 
people with connections in high places."

Other security experts reckon that the Storm Worm gang are based in 
Russia but have no real idea of their location, much less their 
identities. David Emm, senior technology consultant at Kaspersky Lab UK, 
said coding similarities and packing techniques used with the worm 
suggest the authors of the malware and Russian hackers known to have 
attacked local websites are one and the same. Kaspersky, like antivirus 
firm F-Secure, reckons that the Storm Worm gang is a multinational 
effort based in Russia.

"We don't know who they are," said F-Secure chief research officer Mikko 
Hyppnen, "but we believe it's a Russian gang with an American or several 
Americans helping them to build the social engineering messages and the 
websites they use."

[1] http://blog.washingtonpost.com/securityfix/2008/01/unhappy_birthday_to_the_storm.html 


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn

Site design & layout copyright © 1986- CodeGods