Siddhesh Joshi (Editor)

Jart Armin

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Name
  
Jart Armin


Jart Armin

Jart armin cybercrime metrics and threat data secure 2014


Jart Armin is an investigator, analyst and writer on cybercrime and computer security.

Contents

Life

Armin first came into the public eye in 2007 from his exposure of the RBN (Russian Business Network). Throughout 2007, via a dedicated blog entitled RBNExploit, he provided reports and analysis on the undercover operations of the RBN criminal gang, despite constant DDoS attempts and artificially-created mirror websites. With regular blogs and alliance with third parties, Armin raised public awareness of the activities of the RBN which were subsequently reported on in major newspaper articles.

It was via the RBN blog that Armin provided the first reports of cyber attacks, used in conjunction with the invasion of Georgia by Russian troops, three days in advance of the attack in August 2008.

As an advocate of an open source community approach to the fight against cybercrime, Armin established HostExploit as an educational website aimed at exposing internet bad actors and cybercriminal organizations which deliver crimeware through hosts and registrars.

The Reports

In August 2008, Jart Armin, via HostExploit, published a definitive report "Atrivo - Cyber Crime USA", stating that Atrivo (aka Intercage) - a Concord, California-based website hosting provider deliberately allowed cyber criminals to use its services. This brought about the shutdown of Atrivo with a related 10% drop in botnet and spam activity worldwide.

In November 2008, Armin published a further definitive report, "McColo - Cyber Crime USA", with contributions from StopBadware, Trend Micro, Emerging Threats, KnujOn, Sunbelt, CastleCops, The Spamhaus Project, Arbor Networks, Malwaredomains, Threat Expert, SecureWorks, aa419, Malwaredatabase and Robtex. The report, and press coverage used in conjunction to the report, were instrumental in the demise of McColo by revealing the web hosting service provider to be deliberately funding criminal activities and illegal child sexual abuse content. It was estimated that following the take-down, 70% of the world's spam disappeared overnight.

The cybercriminal activities of EstDomains were tracked by Armin and his allies in RBN blog postings and HostExploit reports. Exposing the link between the RBN and EstDomains in the October 2008 report entitled "RBN – Farewell to EstDomains" lead to the operational closure of the EstDomains business and to its customer base moving to the Asian registrar Directi.

In a joint venture with Andrew Martin of MartinSecurity.net, Armin issued the report "Real Host Latvia – RBN Resurgence or Clone?" in August 2009, providing further evidence of continuing RBN involvement in internet fraud. Telia, the hosting registrar, suspended all involvement with Real Host when provided with the evidence contained within the report.

In November 2009, in another joint venture with Andrew Martin and Scott Logan, Jart Armin and HostExploit released a report called "MALfi, A Cybercrime International Report - A Silent Threat". The report describes how hackers and cybercriminals use blended attacks - a combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross-server attack), and RCE (remote code execution) - to compromise websites and servers.

In August 2010, Armin and the HostExploit team released a report providing an analysis of Demand Media's persistent position as "No 1 Bad Host" in HostExploit’s Top 50 Bad Hosts list.

Other considerations

Armin has spoken to audiences at Cambridge University and Tallinn, Estonia, APWG, NATO CCDOE and the Italian Senate, among others, on subjects ranging from the RBN, "Pocket Botnets" and "The Son of Stuxnet". He is a regular commentator on internet technical and security He took part in an interview for Russian TV in Jan 2010 on the subject of cybercrime and the RBN’s involvement. and a BBC World Service program on hacking in July 2011. He is a regular contributor on security topics to the website Internet Evolution.

Armin has been cited in books on cybercrime and cyberwarfare.

HostExploit

HostExploit was set up by Armin as an offshoot from the RBN blog to explore wider cybercrime themes. It operates as an open source community project to inform on topics relating to cybercrime with links to daily news items, articles and reports written by Jart Armin and others.

HostExploit reports are regularly cited in academic research papers.

References

Jart Armin Wikipedia