Jart Armin

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Jart Armin
Jart Armin

Jart Armin is an investigator, analyst and writer on cybercrime and computer security.


Armin first came into the public eye in 2007 from his exposure of the RBN (Russian Business Network). Throughout 2007, via a dedicated blog entitled RBNExploit, he provided reports and analysis on the undercover operations of the RBN criminal gang, despite constant DDoS attempts and artificially-created mirror websites. With regular blogs and alliance with third parties, Armin raised public awareness of the activities of the RBN which were subsequently reported on in major newspaper articles.[1]

It was via the RBN blog that Armin provided the first reports of cyber attacks, used in conjunction with the invasion of Georgia by Russian troops,[2] three days in advance of the attack in August 2008.

As an advocate of an open source community approach to the fight against cybercrime, Armin established HostExploit as an educational website aimed at exposing internet bad actors and cybercriminal organizations which deliver crimeware through hosts and registrars.

The Reports[edit]

In August 2008, Jart Armin, via HostExploit, published a definitive report "Atrivo - Cyber Crime USA",[3] stating that Atrivo (aka Intercage) - a Concord, California-based website hosting provider deliberately allowed cyber criminals to use its services. This brought about the shutdown of Atrivo with a related 10% drop in botnet and spam activity worldwide.

In November 2008, Armin published a further definitive report, "McColo - Cyber Crime USA",[4] with contributions from StopBadware, Trend Micro, Emerging Threats, KnujOn, Sunbelt, CastleCops, The Spamhaus Project, Arbor Networks, Malwaredomains, Threat Expert, SecureWorks, aa419, Malwaredatabase and Robtex. The report, and press coverage used in conjunction to the report,[5] were instrumental in the demise of McColo by revealing the web hosting service provider to be deliberately funding criminal activities and illegal child sexual abuse content. It was estimated that following the take-down, 70% of the world's spam disappeared overnight.[citation needed]

The cybercriminal activities of EstDomains were tracked by Armin and his allies in RBN blog postings and HostExploit reports.[3] Exposing the link between the RBN and EstDomains in the October 2008 report entitled "RBN – Farewell to EstDomains"[6] lead to the operational closure of the EstDomains[7] business and to its customer base moving to the Asian registrar Directi.

In a joint venture with Andrew Martin of MartinSecurity.net, Armin issued the report "Real Host Latvia – RBN Resurgence or Clone?"[8] in August 2009, providing further evidence of continuing RBN involvement in internet fraud. Telia, the hosting registrar, suspended all involvement with Real Host when provided with the evidence contained within the report.

In November 2009, in another joint venture with Andrew Martin[9] and Scott Logan, Jart Armin and HostExploit released a report called "MALfi, A Cybercrime International Report - A Silent Threat".[10] The report describes how hackers and cybercriminals use blended attacks - a combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross-server attack), and RCE (remote code execution) - to compromise websites and servers.

In August 2010, Armin and the HostExploit team released a report[11][12] providing an analysis of Demand Media's persistent position as "No 1 Bad Host" in HostExploit’s Top 50 Bad Hosts list.

Other considerations[edit]

Armin has spoken to audiences at Cambridge University and Tallinn, Estonia, APWG, NATO CCDOE and the Italian Senate, among others, on subjects ranging from the RBN, "Pocket Botnets" and "The Son of Stuxnet". He is a regular commentator on internet technical and security [13] He took part in an interview for Russian TV in Jan 2010 on the subject of cybercrime and the RBN’s involvement.[14] and a BBC World Service program on hacking in July 2011. He is a regular contributor on security topics to the website Internet Evolution.

Armin has been cited in books on cybercrime and cyberwarfare.[15] [16]


HostExploit[17] was set up by Armin as an offshoot from the RBN blog to explore wider cybercrime themes. It operates as an open source community project to inform on topics relating to cybercrime with links to daily news items, articles and reports written by Jart Armin and others.

HostExploit reports are regularly cited in academic research papers.[18][19]


  1. ^ [1] "Do you know what your PC is up to?" by Rob Waugh, ([The Daily Mail]). December 21, 2007. Retrieved 2012-04-30]
  2. ^ http://news.cnet.com/8301-1009_3-10014150-83.html
  3. ^ a b "Atrivo - Cyber Crime USA" - HostExploit Report
  4. ^ ""McColo - Cyber Crime USA" - HostExploit Report
  5. ^ "Host of Internet Spam Groups Is Cut Off" by Brian Krebs, The Washington Post. December 11th, 2008. Retrieved 2010-08-22.
  6. ^ [2]
  7. ^ "ICANN Drops Bad Domain Registrar, but on Technicality" by Jeremy Kirk, PCWorld.About. November 13, 2008. Retrieved 30.04.2012
  8. ^ "Real Host, Latvia - RBN Resurgence or Clone?" - HostExploit Report
  9. ^ "Introducing MalFI – Another Report From HostExploit"
  10. ^ "MALfi, A Cybercrime International Report" - HostExploit Report
  11. ^ "Demand Media/eNom Report – Cybercrime USA" - HostExploit Report
  12. ^ "Demand Media a home to badware, researchers say", by Robert McMillan, Computer World August 11, 2010. Retrieved 30.04.2012
  13. ^ Jart Armin articles at Internet Evolution
  14. ^ "Global hacker threat comes from Russia" January 8th 2010, Russian Television
  15. ^ Carr, Jeffery. (2010). Inside Cyber Warfare: Mapping the Cyber Underworld. O'Reilly. p. 126. ISBN 978-0-596-80215-8. 
  16. ^ Menn, Joseph. (2010). Fatal System Error. New York: Public Affairs Books. ISBN 978-1-58648-748-5. 
  17. ^ HostExploit website
  18. ^ "FiRE - Finding Rogue Networks"
  19. ^ "Wide-area Routing Dynamics of Malicious Networks"

Broken link #7

External links[edit]