Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

1 research methodology – ecrime drop in Russia

December 13th, 2007 · 6 Comments ·

In the past we have pointed you in the direction of good research, such as:

research that matters – identity theft

We have also pointed out why some findings can be misconstrued or not tell us the whole story in other places, such as work conduced by PWC here:

3 ENISA – awareness raising study – better prevention thanks to data crunching

Just as a reminder, when doing data crunching some basic issues might be of interest:

ecrime – cybercrime – pedophile – Russian Business Network

statistics that make sense

(Please click on the link, choose Login as guest – click on this link again and voila free access)

Can the results be repeated by another person – yes if we use a metric or yard stick and outline what research methodology we used…. so somebody else can repeat the study reliability
Does it measure what it is supposed to measure – yes but only if we do use a metric stick if this is our standard we follow – using a yard stick results in invalid data if the measure we agreed to use is based on meters and centimeters validity

Based on these definitions and the research we cited earlier above, when doing a search for a string, such as:cybercrime research data
or using alterations of the above (e.g., ecrime data or put the last two words in quotation marks), results served are not very encouraging. In fact, most ‘research’ pulled does not show the same level of quality and thoroughness as we get from the UN Office on Drug and Crime (UNODC) when publishing its statistics regarding the drug trade as shown here:

where are the bucks? drug-related versus cyber-crime activity? and the winner is?

Hence, data on cybercrime or ecrime are neither reliable nor can they be called valid (Please click on the link, Login as guest – click on this link again and voila free access) if one uses generally accepted standards (best practice examples) as far as research methodology and statistics are concerned. Recently we came across another report regarding ecrime in Russia that got us very interested:

David Bizeul (Nov. 20, 2007) Russian Business Network study – available online

if the link fails to work get it here: Russian Business Network study

On p. 5 things had us really intrigued:

    RBN offers a complete infrastructure to achieve malicious activities. It’s a cybercrime service provider. Whatever the activity is: phishing, malware hosting, gambling, child pornography… RBN will offer the convenient solution to fulfil it.

Hence, this investgation (might be a more appropriate title than calling it research) provides extensive information about the activities of the Russian Business Network.

And then it continues on p. 6:

    Computer Associates wrote a note on a UrSnif trojan installed via a VML exploit on a computer hosted on RBN. This note was written 3 days only after Microsoft released its advisory. This small delay can prove that malware hosted on RBN is up to date.

We are not sure if this confirms or disconfirms a hypothesis or research question regarding the malware hosted on RBN being up-to-date or not (PS. in social science research one never proofs things but confirms or disconfirms a theory or hypothesis).

Nonetheless, the report is enlightening for novices but also so-called experts. What one does have to wonder is how all this may affect the cybercrime convention considering Russia’s lack of enforcing its own laws and prosecuting ecrime suspects:

Regulation that Matters – Cybercrime Convention – USA citizen groups are balking…

EICAR 2006 – Going beyond legal terminology when looking at cybercrime and crimeware

Russia has not signed the Convention on Cybercrime CETS No.: 185 Russia has laws criminalizing hacking, but these are only for domestic use. Neither does Russia have laws in place to extradite Russians who could be accused of having attacked computers in other countries.

This combination creates a de facto cybercrime haven: a country that outlaws internal cybercrime but tolerates external cybercrime. The resulting scenario is a sheltering base of operations for those who generate revenue by preying on outsiders.


Most people are alert to the possible or outright bias in the research they receive from software vendors and sometimes even government agencies to push a political agenda as it pertains to crime.

Remember when in 2003, Eliot Spitzer was extracting a $1.4bn settlement from Wall Street as punishment for biased research.

Research bias is proving a red herring (i.e. name comes from the warning, printed in red, that information in the document is still being reviewed by the SEC and is subject to change = preliminary prospectus for investors) in the cybercrime or ecrime domain.


The investigation conducted and published by David Bizeul (Nov. 20, 2007) about the Russian Business Network is most certainly interesting. Nonetheless, it represents a case study about the Russian Business Network and its activities, in particular, how they take advantage and exploit ecrime laws that tolerate external cybercrime.

As a result, David Bizeul confirms what many have pointed out before that it is and continues to be highly unlikley that a person accused of cybercrime done against others abroad will be taken to court and charged under Rusian cybercrime laws. Since there is no extradition to happen either, such acitivites go unpunished.
His single case investigation reveals quite extensive technical details on how the Russian Business Network has managed to generate revenue. In part, he present the various techniques used by the Rusian Business Network for spreading malware or extorting money from cybercrime victims living abroad.

In conclusion, the investigation does neither develop new ways on how to investigate such crimes, nor does it reveal new trends or patterns that could, based on a theory, be applied to other cases.



CyTRAP Labs invites you to get info about zero-day exploits, tools, benchmarking and regulatory intell or just become one of our readers by subscribing right now to one or more of our highly acclaimed services.


Also related – research addressing cybercrime issues:

Jason Franklin, Vern Paxson, Adrian Perrig & Stefan Savage (October 2007) An inquiry into the nature and causes of the wealth of internet miscreants. Paper presented at The 5th ACM Workshop on Recurring Malcode (WORM 2007)

Research that matters – more insights into NOAH the European Network of Affined Honeypots research project



→ 6 CommentsTags: dutta · fountainbleau · france · insead · november · recognising · soumitra · write