British and American law enforcement agencies have teamed up with hackers in order to catch botnets that have been robbing banks. Computers around the world have been subjected to massive hacking operations in recent years. In the U.S alone, these bots have managed to steal more or less $10 million.
The U.S. prosecutors recently announced that they’ve had victory over the malware. In order to find the culprits, the law enforcement agency sought the help of selected cybersecurity companies to take control of a huge network that distributed malware known by various names, such as “Dridex,” “Cridex” or “Bugat.” The malicious software could easily install itself into the computers of unsuspecting individuals, steal their passwords and withdraw money from their bank accounts. A network of enslaved computers were used to infect other computers. About 125,000 computers were infected in a year, according to experts.
Criminal charges
In a separate move, the Department of Justice of the United States filed charges to a 30-year old man named Andrey Ghinkul, who is believed to be the leader of the hackers. He was caught in Cyprus and the U.S. prosecutors wanted him extradited so he could be tried in the United States. When he was arrested on August 28, 2015, the hacking immediately stopped.
Based on the indictment, Ghinkul had been doing the hacking operation for a few years, but he was not alone. Investigators think that there were others sending spam mail that looked official in order to trick people into opening mail attachments that contained the malware. According to the indictment, the group used the same method in 2012 to steal $3.5 million from Pennsylvania’s Penneco Oil. The money was then sent to various bank accounts set up in Ukraine and Belarus. A year earlier, also in Pennsylvania, the same group tried to steal about $1 million from the school district of Sharon City. It was a good thing that their attempt failed.
International cooperation
The operation to catch the cyber robbers involved the cooperation and coordination of several agencies, including agents from the German Bundeskriminalamt, the European Cybercrime Centre of Europol, National Crime Agency of Britain and the FBI. Pivotal to
the operation were private companies such as Dell SecureWorks, Spamhaus, S21sec, Fox-IT and other cybersecurity companies. Dell SecureWorks led the hacking operation to trap the botnet. The company’s computer researchers were the first to discover the malware that stole bank credentials in 2010, when it was still called “Bugat.” The malicious computer program evolved and became more capable and smarter. It was later called by researchers as “Cridex” and later as “Dridex.” Proofpoint, an email-security company said that hackers send about 350,000 spam emails containing Dridex daily.
Although Ghinkul was arrested, Proofpoint said that others continue to send Dridex-laced emails. Dell SecureWorks took hold of the infected computers, and the botnet is now controlled by The Shadowserver Foundation, an organization of volunteer professional hackers working to make the Internet safer for everyone.
Image credit: By www.elbpresse.de (Own work) [CC BY-SA 4.0], via Wikimedia Commons
Facebook
Twitter
Pinterest
Google+
LinkedIn
Email