Busted botnet: 17 alleged hackers who struck computers around the world apprehended by Quebec police

February 21, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that Canadian authorities have apprehended 17 people suspected of running the largest and most damaging hacker network ever discovered in the country.

In a co-ordinated series of dawn raids, the Sûreté du Québec and Royal Canadian Mounted Police, arrested people in 12 different towns, ranging in age from 17 to 26 years old. One of those arrested is a nineteen year old woman.

The gang is believed to have run a zombie network (also known as a botnet) of up to one million computers, spanning 100 countries around the globe. Seven people were charged charged with illegally obtaining computer services, illegally possessing computer passwords, and hacking. Police confiscated computer equipment during the raids, and information found on the PCs may lead to more charges against other alleged gang members.

If found guilty, gang members could face up to 10 years behind bars, head of the computer crime squad Captain Frédérick Gaudreau told the media, adding that hundreds of officers were involved in the investigation into the gang after complaints were made in the summer of 2006 from business and government computer users.

"The Canadian authorities should be applauded for investigating organized cybercrime, which is blighting computer users around the world," said Graham Cluley, senior technology consultant for Sophos. "Huge amounts of money can be made by hackers running zombie botnets: installing adware, renting out the network to launch blackmailing DDoS attacks against websites, or using them to steal identities or spew out spam campaigns. Running an illegal botnet is a serious crime, and those found guilty must be punished appropriately."

Last week, Sophos reported that an American teenager had pleaded guilty to running a botnet of computers that included US military computers.

"All computers need high levels of security to ensure they do not become a part of a criminal botnet," explain Cluley. "Too many PCs are being poorly defended from what is a growing threat."

In January Sophos published its annual Security Threat Report, which discussed how financially-motivated cybercriminals use zombie botnets in their pursuit of money.


Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.

Zombie computers - are your PCs under someone else's control?

Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. SophosLabs estimates that more than 99 percent of all spam today originates from zombie computers.

As spammers become more aggressive, collaborating with virus writers to create armies of zombie computers, legitimate organizations with hijacked computers are being identified as a source of spam. This not only harms the organization's reputation, but can also cause the company's email to be blocked by others.

Sophos ZombieAlert™ advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Block Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.