Exclusive: Microsoft, FBI take aim at global cyber crime ring

  • 6 June 2013
  • 2 replies
  • 747 views

Userlevel 7
Badge +56
By Jim Finkle BOSTON | Wed Jun 5, 2013 7:52pm EDT  


 
(Reuters) - Microsoft Corp and the FBI, aided by authorities in more than 80 countries, have launched a major assault on one of the world's biggest cyber crime rings, believed to have stolen more than $500 million from bank accounts over the past 18 months.
Microsoft said its Digital Crimes Unit on Wednesday successfully took down at least 1,000 of an estimated 1,400 malicious computer networks known as the Citadel Botnets.
Citadel infected as many as 5 million PCs around the world and, according to Microsoft, was used to steal from dozens of financial institutions, including: American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.
While the criminals remain at large and the authorities do not know the identities of any ringleaders, the internationally coordinated take-down dealt a significant blow to their cyber capabilities.
"The bad guys will feel the punch in the gut," said Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit.
Botnets are armies of infected personal computers, or bots, which run software forcing them to regularly check in with and obey "command and control" servers operated by hackers. Botnets are typically used to commit financial crimes, send spam, distribute computer viruses and attack computer networks. (See graphic link.reuters.com/vem68t)
Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system, and used it to control PCs in the United States, Western Europe, Hong Kong, India and Australia.
The U.S. Federal Bureau of Investigation told Reuters it is working closely with Europol and other overseas authorities to try to capture the unknown criminals. The FBI has obtained search warrants as part of what it characterized as a "fairly advanced" criminal probe.
"We are upping the game in our level of commitment in going after botnet creators and distributors," FBI Assistant Executive Director Richard McFeely said in an interview.
"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and - if we can - get U.S. criminal process on these botnet creators and distributors."
Microsoft has filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets. The complaint, unsealed on Wednesday, identifies the ringleader as John Doe No. 1, who goes by the alias Aquabox and is accused of creating and maintaining the botnet.
Boscovich said investigators are trying to determine Aquabox's identity and suspect he lives in eastern Europe and works with at least 81 "herders," who run the bots from anywhere in the world.
The Citadel software is programmed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.
FINDING 'JOHN DOE'
According to Microsoft, Citadel was used to steal more than $500 million from banks in the United States and abroad, but the company did not specify losses at individual accounts or firms.
The American Bankers Association, one of three financial industry groups that worked with Microsoft, said any success in reducing the number of active Citadel Botnets will reduce future losses incurred by banks and their customers.
 
Full Article
 
TH

2 replies

Userlevel 7
Another very good reason to make sure your software is all legit.  Pirated software can be not only illegal, but quite dangerous as well.
Userlevel 7
Badge +56

 

Microsoft, Authorities Disrupt Hundreds of Citadel Botnets with ‘Operation b54’

 
Calling it the company’s “most aggressive” botnet operation operation to date, Microsoft has joined with the FBI for a massive disruption of the Citadel botnet.
More than 1,400 individual botnets associated with the Citadel malware affecting more than five million people in total were disrupted, with cooperation from the Federal Bureau of Investigation and interestingly, a civil seizure warrant issued by the U.S. District Court for the Western District of North Carolina.
 

Related Posts

And On The Seventh Day, They DiscloseMay 30, 2013, 3:44PMNew Beta Bot Trojan Skilled at Attacking Banks, ECommerce PlatformsMay 30, 2013, 3:06PMNew Citadel Malware Strain Targeting Payza ServiceMay 21, 2013, 1:37PM Groups like the Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA – The Electronic Payments Association, the American Bankers Association (ABA) and Agari, an email phishing authentication firm, all helped chip in intelligence as well.
While this was the seventh botnet operation of its kind coordinated by Microsoft, this is the first time the company has worked with the law enforcement sector to secure a civil seizure warrant to carry out its plans.
Richard Boscovich, the Assistant General Counsel of Microsoft’s Digital Crimes Unit wrote about the operation – codenamed Operation b54 – on the company’s Technet blog last night claiming the action won’t fully eradicate the Citadel malware but should “significantly” curb the botnet going forward.
“Due to Citadel’s size and complexity, we do not expect to fully take out all of the botnets in the world using the Citadel malware,” he wrote, “however, we do expect that this action will significantly disrupt Citadel’s operation.”
Technical details on the operation are somewhat scant but Microsoft says the operation culminated yesterday after officials from Microsoft, assisted by U.S. Marshalls helped remove servers from two data hosting facilities in New Jersey and Pennsylvania. The takedown was set into motion last week after the North Carolina court order successfully cut off communication between the Citadel botnets, 1,462 in total, and their infected machines.
 
Full Article
 
TH

Reply