Authorities make high-profile malware arrests and takedowns
Security professionals will always have to rely on themselves first and foremost to protect their own systems and assets. But in 2012, we received more help from the authorities—and that was a welcome relief.
In perhaps their highest-profile victory, U.S. federal authorities followed up their 2011 arrests of the notorious LulzSec hackers by gaining extensive cooperation from one of the gang’s key figures, Hector Xavier Monsegur (“Sabu”). As Sabu, Monsegur had long railed against the U.S. government—but he reportedly worked for months under cover, helping build cases against those behind hacking attacks on the CIA, Pentagon, U.S. Senate, the UK’s Serious Organised Crime Agency (SOCA), and many other prominent organizations. Monsegur helped nab Jake Davis (aka “Topiary”) in the Shetland Islands, where Davis reputedly held 750,000 stolen passwords in his possession. In August 2012, prosecutors requested a further six-month delay in Monsegur’s sentencing to accommodate his further cooperation.
LulzSec may have been the most widely publicized case of the year, but it was far from the only one. 2012 began with the extradition of suspected Russian cybercriminal Vladimir Zdorovenin to the U.S. Zdorovenin was charged with installing keyloggers on U.S. victims’ computers to capture credit card numbers, using those accounts to make apparently legitimate purchases of goods from their own online businesses, and tapping into their victims’ financial services accounts to manipulate stock prices.47 He pled guilty to conspiracy and wire fraud.
Then, in May, the mastermind of Bredolab—a botnet that captured 30 million computers in its heyday—was sentenced to four years in jail in Armenia. According to prosecutors, Georg Avanesov was earning 100,000 Euros (£80,000 or $125,000) a month from his Bredolab botnet business, renting access to criminals who wanted to mail spam and spread malware. At its peak, Avanesov’s botnet was spewing out more than 3 billion infected emails every day—while he was jetting off to the Seychelles for luxury vacations.
In June, the U.S. Federal Bureau of Investigation culminated a two-year international investigation into credit card fraud with 24 arrests of alleged cybercriminals from the U.S., UK, Bosnia, Bulgaria, Norway, Germany and beyond. These “carders” included several experts in creating remote access Trojans and defrauding Apple product warranties. The FBI estimated that it prevented more than $205 million in fraudulent transactions, identified 411,000 stolen cards, and notified 47 organizations that they had been compromised.
Later the same month, Tokyo police arrested six men in connection with an app that infected Android smartphones, stole personal data, and demanded a fee. According to the police, 9,252 people had downloaded the malicious Android app, and 211 of them were convinced to pay up—more than $250,000 in all.
Then, early in July, the UK’s Police Central e-crime Unit (PCeU) reported the tough sentences meted out to three citizens of the Baltic states, after their conviction for using the SpyEye Trojan to steal from online bank accounts throughout the UK, Denmark, The Netherlands and New Zealand.
Later in July, Dutch police took down the secondary command and control (C&C) computers used by the huge Grum botnet, just a week after its existence was publicized. Shortly thereafter, other authorities were able to disable the botnet’s primary C&C computers in Panama and Russia, thereby dismantling a botnet that was responsible for an estimated 17% of the world’s spam.
< Back Next >