Jart Armin

From Wikipedia, the free encyclopedia
Jart Armin in 2018

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.


Armin first came into the public eye in 2007 from his exposure of the RBN (Russian Business Network). Throughout 2007, via a dedicated blog entitled RBNExploit, he provided reports and analysis on the undercover operations of the RBN criminal gang, despite constant DDoS attempts and artificially-created mirror websites.

It was via the RBN blog that Armin provided the first reports of cyber attacks, used in conjunction with the invasion of Georgia by Russian troops,[1] three days in advance of the attack in August 2008.

As an advocate of an open source community approach to the fight against cybercrime, Armin established HostExploit as an educational website aimed at exposing internet bad actors and cybercriminal organizations which deliver crimeware through hosts and registrars.

The Reports[edit]

In August 2008, Jart Armin, via HostExploit, published a report "Atrivo - Cyber Crime USA",[2] stating that Atrivo (aka Intercage) - a Concord, California-based website hosting provider deliberately allowed cyber criminals to use its services. This brought about the shutdown of Atrivo with a related 10% drop in botnet and spam activity worldwide.

In November 2008, Armin published a further report, "McColo - Cyber Crime USA",[3] with contributions from StopBadware, Trend Micro, Emerging Threats, KnujOn, Sunbelt, CastleCops, The Spamhaus Project, Arbor Networks, Malwaredomains, Threat Expert, SecureWorks, aa419, Malwaredatabase and Robtex. The report, and press coverage used in conjunction to the report,[4] were instrumental in the demise of McColo by revealing the web hosting service provider to be deliberately funding criminal activities and illegal child sexual abuse content.

The cybercriminal activities of EstDomains were tracked by Armin and his allies in RBN blog postings and HostExploit reports.[2] Exposing the link between the RBN and EstDomains in the October 2008 report entitled "RBN – Farewell to EstDomains"[5] lead to the operational closure of the EstDomains[6] business and to its customer base moving to the Asian registrar Directi.

In a joint venture with Andrew Martin of MartinSecurity.net, Armin issued the report "Real Host Latvia – RBN Resurgence or Clone?"[7] in August 2009, providing further evidence of continuing RBN involvement in internet fraud. Telia, the hosting registrar, suspended all involvement with Real Host when provided with the evidence contained within the report.

In November 2009, in another joint venture with Andrew Martin[8] and Scott Logan, Jart Armin and HostExploit released a report called "MALfi, A Cybercrime International Report - A Silent Threat".[9] The report describes how hackers and cybercriminals use blended attacks - a combination of RFI (remote file inclusion), LFI (local file inclusion), cross-server attack, and RCE (remote code execution) - to compromise websites and servers.

In August 2010, Armin and the HostExploit team released a report[10][11] providing an analysis of Demand Media's persistent position as "No 1 Bad Host" in HostExploit’s Top 50 Bad Hosts list.

Other considerations[edit]

Armin has spoken to audiences at Cambridge University and Tallinn, Estonia, APWG, NATO CCDOE and the Italian Senate, among others, on subjects ranging from the RBN, "Pocket Botnets" and "The Son of Stuxnet". He is a regular commentator on cybercrime and cybersecurity[12] He took part in a BBC World Service program on hacking in July 2011.[citation needed] He was a regular contributor on security topics to the website Internet Evolution.

At a workshop held at the 2015 ARES Conference in Toulouse, France, Armin presented the jointly authored paper, '2020 Cybercrime Economic Costs: No Measure No Solution',[13] a result of the EU FP7 Project CyberROAD. Armin presented on the subject of 0-Day Vulnerabilities and Cybercrime at the same venue.

Presentations on the subjects of Cyber Threat Intelligence (CTI) and cyber security metrics are regularly delivered at conferences including ARES 2018 at Hamburg, Germany, where Armin represented the Criminal Use of Information Hiding Initiative (CUING). In October 2018, Armin presented at the Global IEEE 5G-IoT Summit, Marrakesh, on the subject of IOT devices.

Armin regularly participates in EU funded projects (FP7 and H2020) such as ACDC 2013–2015, SWEPT 2014–2017, CyberROAD 2015–2017, SISSDEN 2016–2019, and SAINT 2017–2019.

Armin is a member of the ENISA Threat Landscape Stakeholder Group.

Armin has been cited in books on cybercrime and cyberwarfare.[14] [15]


HostExploit[16] was set up by Armin as an offshoot from the RBN blog to explore wider cybercrime themes. It operates as an open source community project to inform on topics relating to cybercrime with links to daily news items, articles and reports written by Jart Armin and others.

HostExploit reports are regularly cited in academic research papers.[17][18]


  1. ^ "Georgia accuses Russia of coordinated cyberattack | Security - CNET News". Archived from the original on 2012-02-02. Retrieved 2012-04-30.
  2. ^ a b "Atrivo - Cyber Crime USA" - HostExploit Report
  3. ^ ""McColo - Cyber Crime USA" - HostExploit Report
  4. ^ "Host of Internet Spam Groups Is Cut Off" by Brian Krebs, The Washington Post. December 11th, 2008. Retrieved 2010-08-22.
  5. ^ [1][permanent dead link]
  6. ^ "ICANN Drops Bad Domain Registrar, but on Technicality" by Jeremy Kirk, PCWorld.About. November 13, 2008. Retrieved 30.04.2012
  7. ^ "Real Host, Latvia - RBN Resurgence or Clone?" - HostExploit Report
  8. ^ "Introducing MalFI – Another Report From HostExploit"
  9. ^ "MALfi, A Cybercrime International Report" - HostExploit Report
  10. ^ "Demand Media/eNom Report – Cybercrime USA" - HostExploit Report
  11. ^ "Demand Media a home to badware, researchers say", by Robert McMillan, Computer World August 11, 2010. Retrieved 30.04.2012
  12. ^ Jart Armin articles at Internet Evolution
  13. ^ Armin, Jart; Thompson, Bryn; Ariu, Davide; Giacinto, Giorgio; Roli, Fabio; Kijewski, Piotr (2015). 2020 Cybercrime Economic Costs: No Measure No Solution (PDF). 10th International Conference on Availability, Reliability and Security. pp. 701–710. doi:10.1109/ARES.2015.56. ISBN 978-1-4673-6590-1.
  14. ^ Carr, Jeffery. (2010). Inside Cyber Warfare: Mapping the Cyber Underworld. O'Reilly. p. 126. ISBN 978-0-596-80215-8.
  15. ^ Menn, Joseph. (2010). Fatal System Error. New York: Public Affairs Books. ISBN 978-1-58648-748-5.
  16. ^ HostExploit website
  17. ^ "FiRE - Finding Rogue Networks" (PDF). Archived from the original (PDF) on 2010-08-28. Retrieved 2010-09-06.
  18. ^ "Wide-area Routing Dynamics of Malicious Networks"

External links[edit]