Google Moves to 3rd Party Processing - The eCrime equivalent

The numbers behind Google's processing are staggering. Indexing over one trillion URLs, the Internet search giant reported in January that it processes 20 Petabytes of data per day.

My Word spellchecker says there's no such word as Petabyte. It underlines it in angry red. So I googled it (hey, my spellchecker also says there's no such word as googled. Come on, Microsoft, wake up and smell the coffee).

Turns out a Petabyte is 1000 Terbytes. So Google processes over 20,000 Terabytes of data per day. Supporting all of this impossibly massive data crunching is a huge network of proprietary servers and custom made storage. It's the mythical Google grid.

Google conceals the exact nature of the grid; it's one of their trade secrets.

So, what if I told you Google is abandoning its mythical, proprietary, custom-made processing and storage grid, and is moving to an off-the-shelf third party processing platform?

Any boffin would have choked on this scoop.

OK, relax. Google isn't ditching its proprietary grid. But its eCrime equivalent is certainly doing exactly that.

I'm talking about RockPhish, the biggest bunch of phishing fraudsters this side of the galaxy.

Rockphish recently moved their command & control servers to Asia, after its former bulletproof hosting – a rogue ISP called Russian Business Network – caved in to immense pressure from every law enforcement agency on earth.

After the move to Asia, RockPhish activity declined sharply. Some said the RockPhish gang took a long deserved vacation. But it now appears these criminals did not go on holiday.

In fact, they've been very busy. To explain what they've been doing, here are some quick facts about RockPhish: 

• They are responsible for about half of global phishing. In market share terms, that's the fraud underground equivalent to Google.
• They use a huge network of independent zombie computers, each containing a tiny proxy client connecting victims to their content servers. It's a proprietary grid that served as the backbone of RockPhish operation for years.
• These proxy clients are part of a platform known as Fast Flux botnet. In simple words, whenever you click on a link that you receive as part of a RockPhish email, it takes you somewhere else. This makes shutting down the attack nearly impossible.

The proprietary RoskPhish infrastructure was their trademark for years. But recently, this has changed.

RSA Fraud Labs now say RockPhish is replacing its proprietary, mythical grid of proxy clients, and moves its entire massive operation to a third party platform – the Asprox botnet.

You can compare this earth shaking news to Google abandoning their proprietary number crunching technology in favour of some third party processing platform.

Asprox is a next-generation botnet. It is highly resilient, and grows rapidly through state of the art infection techniques.

RockPhish now uses Asprox to upgrade its vast operation, spread further chaos, and infect more and more computers with malware – which is a new line of business for the RockPhish gang, who until last year focused only on Phishing activities.

What does all of this mean?

It means the most notorious powerhouse of eCrime has not only recovered from its troubles; it actually returns to the scene of the crime in a much better shape than before. They mean serious business, and we'll see the impact of that in the coming months. 

As a side note, this 20 Petabyte thingy is mind boggling, but quite hard to grasp. How big is that?

Well, this helpful link illustrates this figure by comparing it to rice. If a byte was a grain of rice, Google could cover all of central London with 20 meters of rice every day. Within 5 days, Big Ben would disappear under a 100 meter pile of rice grains.