FBI Knows Identity of Storm Worm Writers

Interesting allegation:

...federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.

I've written about Storm here.

Posted on January 31, 2008 at 6:16 AM • 27 Comments

Comments

J.January 31, 2008 6:49 AM

Does "lack of cooperation" means that the Russian authorities do not want to extradite these people? If so, is the FBI going to whine the same way the British government did with regards to Alexander Litvinenko? "The Russians do not cooperate, they do not want to extradite?"

Get a grid, FBI: extradition of Russian citizen is prohibited by the Russian constitution. (FBI isn't too keen on respecting constitutions, mind you. Poor feds).

VickiJanuary 31, 2008 7:25 AM

I _know_ the Russian constitution doesn't prohibit prosecuting Russian citizens in Russia. Cooperation doesn't have to mean they go to an American rather than a Russian jail--though I suspect that if they actually thought the Russian government would prosecute, they'd buy a plane ticket to somewhere in the west and turn themselves in.

AnonymousJanuary 31, 2008 7:30 AM

Since putin's been in power there, its pretty much a thugocracy, so I don't really think its likely they'll be coming after people that are probably heavily connected to organised crime.

Thanks for keeping us updated on this one Bruce, its interesting to see what will become of the first non-attention-seeking 'virus' creators.

MonkJanuary 31, 2008 8:37 AM

It is also could be another move in information (propaganda) war against Russia. Lets blame everything on this poor bastards. Nobody can really check anything, so why not? And is also very well supports popular mythology.

Nick LancasterJanuary 31, 2008 9:14 AM

So far, this is another tick in the 'amazing achievements' column, right up there with all the horrible terrorist plots that have been prevented since 9/11.

It's even more laughable coming under an administration that includes such hits as, 'I don't think anyone knew terrorists would use planes as missiles,' and 'There are known knowns and unknown knowns.'

jmrJanuary 31, 2008 10:32 AM

@J.

Please give me a reason why the FBI should respect foreign constitutions. The purpose of the US Federal Government is to protect the interests of US Citizens. The purpose of foreign constitutions are to protect the interests of foreign non-US citizens. When those interests collide, I generally expect my government to act in my favor rather than in foreign non US-citizens' favor.

Case in point: Espionage is illegal in every country. We have an entire agency, the CIA, dedicated to breaking the law in foreign countries. The knowledge gained by the CIA can be absolutely vital to our interests and damaging to the country's that they infiltrate. But I wouldn't have it any other way, because I want my government to protect me, my family, and my way of life over that of someone who doesn't pay my government's taxes.

Not that I particularly like some actions my government takes, and I work against it on many domestic issues. To be clear, in cases where the FBI or CIA break the US Constitution, the ONLY one they are sworn to uphold, I advocate burning such criminals at the stake.

geospineJanuary 31, 2008 10:46 AM

in response to @J.

This is the main reason that the united states is loosing global trust. we are just bullies who push everyone around to get our way.

werelordJanuary 31, 2008 11:03 AM

I suspect that its not as easy as it sounds; extradiction or prosecution, shutting down the network itself or whatever.. directly from the article:

Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang.

"The right people now know who the Storm worm authors are," Alperovitch said. "It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places."

I don't like those implications..

Jack-oJanuary 31, 2008 11:06 AM

Another response to @J

There should be limits to immorality. When a government uses it's resources to help brutal dictators cling to power (Equatorial Guinea and many others), I think you should draw the line between "protect me, my family, and my way of life" and evilness. Not my country, not my problem, my way of life above your right to exists or be free. Sheesh. You advocate burning them at the stake for breaking internal laws but don't give a crap for foreign assassination attempts ? Wow.

Non_americanJanuary 31, 2008 11:08 AM

@jmr : "I want my government to protect [...] my way of life over that of someone who doesn't pay my government's taxes."

The problem is to protect your WAY of life (read : one car, preferably an SUV to feel "secure", per person in the family, ~15 loaded credit cards, HDTV, 3rd generation videogames...only fundamental stuff) you often tend to take the (I suspect you think inferior forms of) LIVES of other people. Stupid fuck! sorry, Tourette!

Rich WilsonJanuary 31, 2008 11:48 AM

ok, so I have a TLA (three letter agency) mentality. Other people can't handle the truth. I need information to protect my people. I know what's best. Other countries are full of enemies. There's this computer worm that has infected, and has access to the information on, millions of computers all over the world.

If I have the chance to either prosecute the authors, or force them to feed all that information to my TLA so we can search it. What do I do?

If the authors are in another country, I have no access, but the TLA of the other country has access to the information on all the computers in MY country. What do I do?

I have no idea if Storm is Russian, Chinese, American or anything else. But I'm pretty sure people in TLAs do, and they're all scrambling to get at the data.

DaedalaJanuary 31, 2008 11:58 AM

@J

We want other countries to respect our constitution and citizens.

Also, game theory.

timmy303January 31, 2008 12:05 PM

@geospine - we are not bullies, and if you don't take that back I'll use harsh language and taunt your pets

J.January 31, 2008 5:36 PM

Thank you for the many answers to my comment.

I really meant my question as a question: if the US is acting anything like the UK did for Litvinenko, Russia is not going to cooperate in a hurry.

For those that didn't follow Litvinenko's case, the British government completely eluded that Russia does not extradite Russians and did its best to escalate the case into some diplomatic mess. Now, Russia probably wouldn't have cooperated regardless, but not many countries can bully Russia, and the UK is not part of those, what with being a poodle.

If anything, the average Russian admires Putin for his "manly politics": Russia doesn't bow to anyone and all that, so going around saying things like "extradite or else" is no good. Reading articles such as http://www.timesonline.co.uk/tol/news/world/us_and_americas/article2982640.ece
I don't expect the FBI did anything else. Didn't work? Surprise...

meFebruary 1, 2008 12:33 AM

@*:
The thing that needs to be realized is that lack of cooperation need not be hostile or similar, simply not responding to requests by the external agency is enough.

@Non_American:

Well duh, you seemed to miss the point where the OP essentially stated that they don't actually care about your LIVES because Americans are more important. While I don't necessarily agree with this viewpoint on a personal level, I fully expect American LIVES to take precedence over pretty much everyone else when it comes to my politicians.

andFebruary 1, 2008 6:47 AM

@J:

How about the Russians adhering to international rules? I guess hijacking millions of computers - of which at least some are certain to be located in Russia - can also be prosecuted by russian authorities, as can the murder of a russian citizen abroad.

@all americans who think american agencies can do what ever they want outside the US:

How about the Americans adhering to international rules? I guess you wouldn't like it if any other nation reserved themselves the right to do same within US borders. (think about kidnapping US citizens by, let's say, iranian agents.)

nexusprimeFebruary 1, 2008 2:19 PM

It's not hard to understand the position of Russia in this situation.

There isn't much provable harm that has resulted from this worm being in existence (ignoring of course the hand waving "billions of losses as a result of downtime" that companies tend to come up with).

It doesn't serve any Russian interest to co-operate, so why would they? They would only lose, from their point of view, as it would be regarded as a sign of weakness, which is anathema to Russia.

Of course, it doesn't help Russia's image in the West, but I doubt they care, and I actually think they like rubbing us the wrong way - Being able to implies having leverage, which is something they rather like having.

But they underestimate, as before, their own weaknesses. Ours are generally in the open for all to see (for the most part), which exaggerates them.

unaryFebruary 2, 2008 10:27 AM

maybe the US would fair better in these sorts of situations if they sat back and listened, rather than ordered; maybe if they lived by the rules they lay down for the rest of the world; maybe if they tried "hearts and minds", not "warheads for foreheads"......
maybe....

STFebruary 2, 2008 7:23 PM

@J:

Sorry. I am from a country with a reasonably democratic constitution, which, also due US politics is losing bits of democracy here and there now.

We expect our agencies to respect the constitutions of other countries and would expect the same of others. If that means that we will shoot americans in the head because they violate our constitution in our country, so be it.

We non-USamericans have rights, too - and your approach will end in retaliation. Look. Everyone likes to kick the bully. Noone deserved September, 11th. But sometimes, foreign policy seems to ask for it. And there are enough madmen queueing up to jump in.
The russians might not have the advantage of democratic politics right now - and might, due the reasons easiest found in culture, size of country and history, never do. But they are not easily bullied - so it might be better to be polite for a while...

jmrFebruary 3, 2008 9:51 PM

@Non_American:

You still neglected to answer my question, nor did you respond to my point about intelligence services.

@me:

Nowhere did I say other people lives are less important to them than my own is to me. But I would laugh at you outright if you suggested that other people in other countries value my life over their own, and that I should therefore reciprocate.

The purpose of a democratically elected government is precisely to protect the interests of those electing the government. Those interests are many:

* Security
* Health
* Business

Any government that does not act in its citizens' best interests will, in the long run, fail. If those interests conflict with the interests of other countries, then I expect my government to protect my interests first.

@and

Other nations do commit crimes inside US borders. Please refer to my previous statements about espionage.

And if Iran kidnapped US citizens, I would demand my government take swift and decisive action.

@All:

Sometimes, people forget that the US became militarily powerful specifically because of the way of life we have chosen: We choose a government that protects our interests, generates immense industrial capacity, and as a side effect equates to military power. (Yes, I acknowledge that it helps to have two oceans.) There is a lesson here: if you want to ensure that your country is not invaded by the guy next door, choose a government that protects your interests in the best possible way.

Choosing a government free of corruption and granting significant liberty creates business opportunities. Businesses bring in tax revenue. Tax revenue pays for military force.

Business interests are military interests by that equation: if there is no tax revenue to pay for a military, you lack security.

You need to be rich to have a military. Your military has to be paid for by continuing to be rich. Security == Prosperity. Governments that recognize this and grant liberties to its citizens tend to survive -because- their citizens become prosperous.

bradyFebruary 15, 2008 9:56 AM

If Manly in Russia means drinking yourself to death before age 40, then I think it is correct to say Russians consider Putin's Politics Manly.
I have the out most respect for the Russian people, they are hardy and tough in a way most Americans will never be, but your politicians are just as evil and corrupted as the US politicians. Its all about the money for them, not a single one of them gives a crap about any of us. Well unless your worth a few billion and then you matter.

blogsterFebruary 15, 2008 12:54 PM

hmm.. run a bot network (sanctioned). attack who you want to, and then blame it on anyone you please. the public will believe anything.

DeeFebruary 16, 2008 7:43 AM

@jmr: "But I would laugh at you outright if you suggested that other people in other countries value my life over their own"

Whilst I may value the fulfilment of my desires over yours, I value our lives as equal. Politics is the attempt to consolidate these two positions.

Refusing to place your "democratically elected" government in the context of the world in which it exists is disingenuous at best, murder at worst. Moralising about other countries whilst supporting and training terrorists oneself will never bring any good to anyone.

"Sometimes, people forget that the US became militarily powerful specifically because of the way of life we have chosen: We choose a government that protects our interests"

You are just the current empire, you won't be for much longer. It might be sensible to prepare for that eventuality by adopting a more selfless foreign policy.

MarcMarch 1, 2008 8:09 AM

Why is everyone only talking about the US and it's right to prosecute these guys? It affected computers everywhere.

So by JMR's position, every county would be able claim universal jurisdiction over such offenses, applying an incongruent legal system to, say the law of the US. JMR, next time you criticise the Chinese government online, take a guess as to how many laws you'll be breaking? Care to explain how that would work?

Such unilateral arrogance is indefensible philisophically or practically - when every country in a globalised world refuses to cooperate with yours, how well will your government be able to protect your way of life?

Worm writers will be the least of your worries.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.