What are cybersecurity metrics

Jart Armin - Jart Armin

Jart Armin is giving a current presentation

Jart Armin is a Cybercrime and Computer Security Investigator, Analyst, and Author, and Cybercrime Mechanism and Assessment Researcher.


Armin first became known in 2007 through his announcement of the RBN (Russian Business Network). Throughout 2007, he delivered reports and analyzes of the undercover operations of the criminal RBN gang through a special blog called RBNExploit, despite constant DDoS attempts and artificially created Spiegel websites.

Via the RBN blog, three days before the attack in August 2008, Armin provided the first reports of cyber attacks used in connection with the invasion of Georgia by Russian troops.

As a proponent of an open source community approach to combating cybercrime, Armin set up HostExploit as an educational website aimed at exposing bad internet actors and cyber criminals who deliver crimeware through hosts and registrars.


In August 2008 on HostExploit, Jart Armin, published an "Atrivo - Cyber ​​Crime USA" report stating that Atrivo (also known as Intercage) - a Concord, California based website hosting provider, knowingly allows cyber criminals to use their services use. This resulted in the shutdown of Atrivo with an associated 10% decrease in botnet and spam activity worldwide.

In November 2008 Armin published another report entitled "McColo - Cyber ​​Crime USA" with contributions from StopBadware, Trend Micro, Emerging Threats, KnujOn, Sunbelt, CastleCops, the Spamhaus project, Arbor Networks, Malwaredomains, Threat Expert, SecureWorks, aa419, Malwaredatabase and Robtex. The report, and the coverage related to the report, was instrumental in McColo's demise by revealing to the web hosting service provider that it is intentionally funding criminal activities and illegal content related to child sexual abuse.

The cybercriminal activities of EstDomains have been followed by Armin and his allies in RBN blog posts and HostExploit reports. The uncovering of the connection between RBN and EstDomains in the October 2008 report entitled "RBN - Farewell to EstDomains" led to the operational closure of the EstDomains business and the relocation of the customer base to the Asian registrar Directi.

In a joint venture with Andrew Martin from MartinSecurity.net, Armin published the report "Real Host Latvia - RBN Resurgence or Clone?" further evidence in August 2009 of RBN's continued involvement in internet fraud. Telia, the hosting registrar, has suspended any involvement in Real Host upon the evidence in the report.

In November 2009, in another joint venture with Andrew Martin and Scott Logan, Jart Armin and HostExploit published a report entitled "MALfi, an international report on cybercrime - a silent threat". The report describes how hackers and cybercriminals use mixed attacks - a combination of RFI (Remote File Inclusion), LFI (Local File Inclusion), XSA (Cross-Server Attack), and RCE (Remote Code Execution) - to compromise websites and servers.

In August 2010, Armin and the HostExploit team published a report analyzing Demand Media's continued position as the "No 1 Bad Host" in HostExploit's Top 50 Bad Hosts list.

Other considerations

Armin spoke to audiences at Cambridge University and in Tallinn, Estonia, the APWG, the NATO CCDOE and the Italian Senate on topics such as RBN, "Pocket Botnets" and "The Son of Stuxnet". He regularly comments on cybercrime and cybersecurity. In July 2011, he participated in a BBC World Service program on hacking. He was a regular contributor to security topics on the Internet Evolution website.

At a workshop at the 2015 ARES conference in Toulouse, France, Armin presented the jointly written paper “Economic Costs of Cybercrime 2020: No Action, No Solution”, a result of the EU-FP7 CyberROAD project. Armin presented at the same place on the subject of 0-day security gaps and cyber crime.

At conferences, including ARES 2018 in Hamburg, presentations on cyber threat intelligence (CTI) and cybersecurity metrics are regularly held, at which Armin represented the initiative for the criminal use of information (CUING). In October 2018, Armin presented the topic of IOT devices at the Global IEEE 5G-IoT Summit in Marrakech.

Armin regularly participates in EU-funded projects (FP7 and H2020) such as ACDC 2013-2015, SWEPT 2014-2017, CyberROAD 2015-2017, SISSDEN 2016-2019 and SAINT 2017-2019.

Armin is a member of the ENISA Threat Landscape Stakeholder Group.

Armin has been quoted in books on cybercrime and cyber warfare.


HostExploit was set up by Armin as an offshoot of the RBN blog to investigate broader cyber crime topics. It acts as an open source community project for information on topics related to cybercrime with links to daily news, articles and reports by Jart Armin and others.

HostExploit reports are regularly cited in academic research papers.


External links