Hacquebord introduces the masquerading Estonian ISP in a Trend Micro blog post. The illicit network has been in operation since 2005. "Employees administer sites that host codec Trojans and command and control servers that steer armies of infected computers," he writes.
A bunch of daughter companies in cahoots with the illegitimate ISP were taken offline in 2008. However, the operation recovered from that blow, and today, Hacquebord writes "we count about 20 different webhosting providers where the criminal Estonian outfit has its presence. Besides this, the company own two networks in the United States."
There's more, and it's all scary stuff, so I urge you to read the Trend Micro paper (Again, it's available as a pdf here.)
In closing, I'd like to point you to my recent ByteandSwitch blog post, Cybersecurity Challenge: Is Your Network Safe? (Probably Not). In the post, I talk about cybercrime alarms being raised in regard to U.S. government IT systems.
It's my sense that, while there are certainly lapses in government systems -- many of which stem from the way such systems are acquired and upgraded -- government and military personnel seem more sensitized to the whole issue of cybercriminal gangs operating out of places like Russia and China than do people in the business world. Perhaps it makes sense that they're on heightened alert, because they're a first-level target.
Yet that doesn't mean commercial networks and systems aren't vulnerable. They are almost equally at risk, and we all know there are many, many breaches we don't hear about. (Paging the big banks.)
As I wrote on ByteandSwitch :
"This time around, I don't think the alarmists are crying wolf. The threat from organized cybercriminals is real. Also, the protection lapses of government networks are probably duplicated by most commercial setups."
Follow me on Twitter: (@awolfe58)
My videos on ( YouTube)
Alex Wolfe is editor-in-chief of InformationWeek.com.