Jart Armin
Encyclopedia
Jart Armin is an investigator, analyst and writer on cybercrime
and computer security
.
He was an active participant in the origins of StopBadware
, set up by the Berkman Center for Internet & Society
and Google
to track malicious web sites.
Armin first came into the public eye in 2007 from his exposure of the RBN (Russian Business Network)
. Throughout 2007, via a dedicated blog entitled RBNExploit, he provided reports and analysis on the undercover operations of the RBN criminal gang, despite constant DDoS attempts and artificially-created mirror websites. With regular blogs and alliance with third parties, Armin raised public awareness of the activities of the RBN which were subsequently reported on in major newspaper articles.
It was via the RBN blog that Armin provided the first reports of cyber attacks, used in conjunction with the invasion of Georgia by Russian troops, three days in advance of the attack in August 2008.
As an advocate of an open source
community approach to the fight against cybercrime, Armin established HostExploit as an educational website aimed at exposing internet bad actors and cybercriminal organizations which deliver crimeware
through hosts and registrars.
- Cyber Crime USA", stating that Atrivo (aka Intercage) - a Concord, California
-based website hosting provider deliberately allowed cyber criminals to use its services. This brought about the shutdown of Atrivo with a related 10% drop in botnet and spam activity worldwide.
In November 2008, Armin published a further definitive report, "McColo
- Cyber Crime USA", with contributions from StopBadware
, Trend Micro
, Emerging Threats, KnujOn
, Sunbelt, CastleCops, The Spamhaus Project
, Arbor Networks
, Malwaredomains, Threat Expert, SecureWorks
, aa419, Malwaredatabase and Robtex. The report, and press coverage used in conjunction to the report, were instrumental in the demise of McColo
by revealing the web hosting service provider to be deliberately funding criminal activities and illegal child sexual abuse content. It was estimated that following the take-down, 70% of the world's spam disappeared overnight.
The cybercriminal activities of EstDomains
were tracked by Armin and his allies in RBN blog postings and HostExploit reports. Exposing the link between the RBN and EstDomains in the October 2008 report entitled "RBN – Farewell to EstDomains" lead to the operational closure of the EstDomains business and to its customer base moving to the Asian registrar Directi
.
In a joint venture with Andrew Martin of MartinSecurity.net, Armin issued the report "Real Host Latvia – RBN Resurgence or Clone?" in August 2009, providing further evidence of continuing RBN involvement in internet fraud. Telia
, the hosting registrar, suspended all involvement with Real Host when provided with the evidence contained within the report.
In November 2009, in another joint venture with Andrew Martin and Scott Logan, Jart Armin and HostExploit released a report called "MALfi, A Cybercrime International Report - A Silent Threat". The report describes how hackers and cybercriminals use blended attacks - a combination of RFI (remote file inclusion)
, LFI (local file inclusion), XSA (cross-server attack)
, and RCE (remote code execution) - to compromise websites and servers.
In December 2009, the first in a quarterly series of research documents named the "Top 50 Bad Hosts & Networks" was published by Armin and the HostExploit team to show the worst web hosting providers in terms of relative cybercriminal activity, using an objective quantification method. The best performing hosts are noted using the same criteria.
In August 2010, Armin and the HostExploit team released a report providing an analysis of Demand Media's
persistent position as "No 1 Bad Host" in HostExploit’s Top 50 Bad Hosts list.
, Estonia
, APWG
, NATO CCDOE and the Italian Senate
, among others, on subjects ranging from the RBN, "Pocket Botnets" and "The Son of Stuxnet". He is a regular commentator on internet technical and security He took part in an interview for Russian TV in Jan 2010 on the subject of cybercrime and the RBN’s involvement. and a BBC World Service program on hacking in July 2011. He is a regular contributor on security topics to the website Internet Evolution
.
Armin has been cited in books on cybercrime and cyberwarfare.
HostExploit reports are regularly cited in academic research papers.
CyberCrime
CyberCrime was an innovative, weekly America television program on TechTV that focused on the dangers facing computer users. Filmed in San Francisco, California, the show was hosted by Alex Wellen and Jennifer London...
and computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
.
He was an active participant in the origins of StopBadware
Stopbadware
StopBadware is a consumer-oriented nonprofit organization aimed at fighting malicious software, or "badware". It is the successor to StopBadware.org, a project started in 2006 at the Berkman Center for Internet and Society at Harvard University. It spun off to become a standalone organization, and...
, set up by the Berkman Center for Internet & Society
Berkman Center for Internet & Society
The Berkman Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace. Founded at Harvard Law School, the center traditionally focused on internet-related legal issues. On May 15, 2008, the Center was elevated to an interfaculty initiative of...
and Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
to track malicious web sites.
Armin first came into the public eye in 2007 from his exposure of the RBN (Russian Business Network)
Russian Business Network
The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale...
. Throughout 2007, via a dedicated blog entitled RBNExploit, he provided reports and analysis on the undercover operations of the RBN criminal gang, despite constant DDoS attempts and artificially-created mirror websites. With regular blogs and alliance with third parties, Armin raised public awareness of the activities of the RBN which were subsequently reported on in major newspaper articles.
It was via the RBN blog that Armin provided the first reports of cyber attacks, used in conjunction with the invasion of Georgia by Russian troops, three days in advance of the attack in August 2008.
As an advocate of an open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
community approach to the fight against cybercrime, Armin established HostExploit as an educational website aimed at exposing internet bad actors and cybercriminal organizations which deliver crimeware
Crimeware
Crimeware is a class of malware designed specifically to automate cybercrime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs...
through hosts and registrars.
The Reports
In August 2008, Jart Armin, via HostExploit, published a definitive report "AtrivoAtrivo
Atrivo, also known as InterCage, was a Concord, California, United States-based website hosting provider.The Russian Business Network, a criminal organization, had used Atrivo servers. In August 2008, HostExploit, a web security blog, issued a report stating that Atrivo deliberately allowed cyber...
- Cyber Crime USA", stating that Atrivo (aka Intercage) - a Concord, California
Concord, California
Concord is the largest city in Contra Costa County, California, USA. At the 2010 census, the city had a population of 122,067. Originally founded in 1869 as the community of Todos Santos by Salvio Pacheco, the name was changed to Concord within months...
-based website hosting provider deliberately allowed cyber criminals to use its services. This brought about the shutdown of Atrivo with a related 10% drop in botnet and spam activity worldwide.
In November 2008, Armin published a further definitive report, "McColo
McColo
McColo was a San Jose-based web hosting service provider. In late 2008, the company was shut down by the two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.-History:McColo was formed by a...
- Cyber Crime USA", with contributions from StopBadware
Stopbadware
StopBadware is a consumer-oriented nonprofit organization aimed at fighting malicious software, or "badware". It is the successor to StopBadware.org, a project started in 2006 at the Berkman Center for Internet and Society at Harvard University. It spun off to become a standalone organization, and...
, Trend Micro
Trend Micro
Trend Micro Inc. is a computer security company. It is headquartered in Tokyo, Japan and markets Trend Micro Internet Security, Trend Micro Worry-Free Business Security, OfficeScan, and other related security products and services...
, Emerging Threats, KnujOn
KnujOn
KnujOn, "no junk" spelled backwards and pronounced "new john", is a project involved in Internet security. KnujOn targets spam at its root, attacking the illicit activities that spammers derive their revenue from. To that end, KnujOn runs an automated spam reporting tool.- History :KnujOn was...
, Sunbelt, CastleCops, The Spamhaus Project
The Spamhaus Project
The Spamhaus Project is an international organisation to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.-Spamhaus...
, Arbor Networks
Arbor Networks
Arbor Networks is a software company founded in 2000 and based in Chemsford, Massachusetts, United States, which sells network security and network monitoring software, used – according to the company's claims – by over 70% of all Internet service providers...
, Malwaredomains, Threat Expert, SecureWorks
SecureWorks
SecureWorks, Inc Headquartered in Atlanta, Georgia, SecureWorks, Inc. is a U.S.-based managed security services provider that provides information security services and protection of computer, network and information assets from malicious activity or cybercrime for its customers...
, aa419, Malwaredatabase and Robtex. The report, and press coverage used in conjunction to the report, were instrumental in the demise of McColo
McColo
McColo was a San Jose-based web hosting service provider. In late 2008, the company was shut down by the two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.-History:McColo was formed by a...
by revealing the web hosting service provider to be deliberately funding criminal activities and illegal child sexual abuse content. It was estimated that following the take-down, 70% of the world's spam disappeared overnight.
The cybercriminal activities of EstDomains
EstDomains
EstDomains was a website hosting provider and a Delaware corporation headquartered in downtown Tartu, Estonia. EstDomains was known for hosting websites with malware, child pornography, and other illegal content...
were tracked by Armin and his allies in RBN blog postings and HostExploit reports. Exposing the link between the RBN and EstDomains in the October 2008 report entitled "RBN – Farewell to EstDomains" lead to the operational closure of the EstDomains business and to its customer base moving to the Asian registrar Directi
Directi
Direct is an internet domain registrar and web hosting company, and was the first ICANN-accredited registrar in India. Directi was started by Bhavin Turakhia and his brother Divyank Turakhia in 1998...
.
In a joint venture with Andrew Martin of MartinSecurity.net, Armin issued the report "Real Host Latvia – RBN Resurgence or Clone?" in August 2009, providing further evidence of continuing RBN involvement in internet fraud. Telia
Telia
Telia may refer to:*Telia - part of the reproductive cycle of Rusts*Telia Digital-tv - a Swedish TV platform*Telia, Nepal - a village in Nepal*TeliaSonera - a Swedish/Finnish telecom operator*Telia Challenge Waxholm - Golf tournament...
, the hosting registrar, suspended all involvement with Real Host when provided with the evidence contained within the report.
In November 2009, in another joint venture with Andrew Martin and Scott Logan, Jart Armin and HostExploit released a report called "MALfi, A Cybercrime International Report - A Silent Threat". The report describes how hackers and cybercriminals use blended attacks - a combination of RFI (remote file inclusion)
Remote File Inclusion
Remote File Inclusion is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation...
, LFI (local file inclusion), XSA (cross-server attack)
XSA
In computer science, XSA is a networking security intrusion method which allows for a malicious client to compromise security over a website or service on a server by using implemented services on the server that may not be secure.In general, XSA is demonstrated against websites, yet sometimes it...
, and RCE (remote code execution) - to compromise websites and servers.
In December 2009, the first in a quarterly series of research documents named the "Top 50 Bad Hosts & Networks" was published by Armin and the HostExploit team to show the worst web hosting providers in terms of relative cybercriminal activity, using an objective quantification method. The best performing hosts are noted using the same criteria.
In August 2010, Armin and the HostExploit team released a report providing an analysis of Demand Media's
Demand Media
Demand Media, Inc. is an online media company and content farm that operates online brands such as eHow, and Cracked, and is known for creating online content through its Demand Media Studios division based on a combination of measured consumer demand and predicted ROI...
persistent position as "No 1 Bad Host" in HostExploit’s Top 50 Bad Hosts list.
Other considerations
Armin has spoken to audiences at Cambridge University and TallinnTallinn
Tallinn is the capital and largest city of Estonia. It occupies an area of with a population of 414,940. It is situated on the northern coast of the country, on the banks of the Gulf of Finland, south of Helsinki, east of Stockholm and west of Saint Petersburg. Tallinn's Old Town is in the list...
, Estonia
Estonia
Estonia , officially the Republic of Estonia , is a state in the Baltic region of Northern Europe. It is bordered to the north by the Gulf of Finland, to the west by the Baltic Sea, to the south by Latvia , and to the east by Lake Peipsi and the Russian Federation . Across the Baltic Sea lies...
, APWG
Anti-Phishing Working Group
The Anti-Phishing Working Group is an international consortium that brings together businesses affected by phishing attacks, security products and services companies, law enforcement agencies, government agencies, trade association, regional international treaty organizations and communications...
, NATO CCDOE and the Italian Senate
Italian Senate
The Senate of the Republic is the upper house of the Italian Parliament. It was established in its current form on 8 May 1948, but previously existed during the Kingdom of Italy as Senato del Regno , itself a continuation of the Senato Subalpino of Sardinia-Piedmont established on 8 May 1848...
, among others, on subjects ranging from the RBN, "Pocket Botnets" and "The Son of Stuxnet". He is a regular commentator on internet technical and security He took part in an interview for Russian TV in Jan 2010 on the subject of cybercrime and the RBN’s involvement. and a BBC World Service program on hacking in July 2011. He is a regular contributor on security topics to the website Internet Evolution
Internet Evolution
is a website which hosts discussion of news, analysis and opinion related to the future of the Internet. It was originally conceived as a publishing experiment by writer and media consultant Stephen Saunders with the goal of using very large amounts of proprietary content to create a highly...
.
Armin has been cited in books on cybercrime and cyberwarfare.
HostExploit
HostExploit was set up by Armin as an off-shoot from the RBN blog to explore wider cybercrime themes. It operates as an open source community project to inform on topics relating to cybercrime with links to daily news items, articles and reports written by Jart Armin and others.HostExploit reports are regularly cited in academic research papers.
See also
- Fatal System ErrorFatal System ErrorFatal System Error is a nonfiction work written by Joseph Menn that exposes a story of espionage that penetrates the network of international mobsters and hackers who use the Internet to extort money from businesses, steal from tens of millions of consumers, and attack government networks.Its main...
- Russian Business NetworkRussian Business NetworkThe Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale...
- AtrivoAtrivoAtrivo, also known as InterCage, was a Concord, California, United States-based website hosting provider.The Russian Business Network, a criminal organization, had used Atrivo servers. In August 2008, HostExploit, a web security blog, issued a report stating that Atrivo deliberately allowed cyber...
- McColoMcColoMcColo was a San Jose-based web hosting service provider. In late 2008, the company was shut down by the two upstream providers, Global Crossing and Hurricane Electric, because a significant amount of malware and botnets had been trafficking from the McColo servers.-History:McColo was formed by a...
- EstDomainsEstDomainsEstDomains was a website hosting provider and a Delaware corporation headquartered in downtown Tartu, Estonia. EstDomains was known for hosting websites with malware, child pornography, and other illegal content...