Spanish police Arrest masterminds of 'massive' botnet
Sign saying what's in your network
Few owners of hijacked machines know they have been compromised
Spanish police have revealed that they have arrested three men responsible for one of the world's biggest networks of virus-infected computers.
All are Spanish citizens with no criminal records and limited hacking skills.
It is estimated that the so-called Mariposa botnet was made up of nearly 13 million computers in 190 countries.
It included PCs inside more than half of Fortune 1000 companies and more than 40 major banks, investigators said.
The criminals have so far only been identified by their internet names, netkairo, aged 31, johnyloleante, aged 30 and ostiator, 25.
Other arrests may follow, the investigators believe.
The first member of the gang was arrested in early February, when he inadvertently logged into the network without disguising the address of his computer.
His computer linked investigators to two more suspects who were arrested later in the month.
The botnet was being monitored and was rendered inactive in December, following a major investigation conducted by the FBI, the Spanish Guardia Civil and security experts around the world.
The network of computers was designed to steal sensitive information, including usernames, passwords, banking credentials and credit card data, from social media sites and other online e-mail services.
One of the arrested men had 800,000 pieces of personal data on his machine.
Some very high profile businesses were targeted.
"It would be easier for me to provide a list of the Fortune 1000 companies that weren't compromised," said Christopher Davis, chief executive of security firm Defence Intelligence, one of the firms that was invited to join the Mariposa Working Group, which was set up to deal with the botnet in May 2009.
Panda Security was also in the group.
LJUBLJANA, Slovenia – A cyber mastermind from Slovenia who is suspected of creating a malicious software code that infected 12 million computers worldwide and orchestrating other huge cyberscams has been arrested and questioned, police said Wednesday.
Leon Keder, a spokesman for the Slovenian police, did not identify the suspect. Keder told The Associated Press the man was released after police made sure that he could not tamper with evidence or leave Slovenia, but offered no details pending an investigation.
The FBI told The AP in Washington that a 23-year old Slovene known as Iserdo was picked up in Maribor in northwestern Slovenia 10 days ago, after lengthy investigation by Slovenian police, FBI and Spanish authorities.
His arrest comes about five months after Spanish police broke up the massive cyberscam, arresting three of the alleged ringleaders who operated the Mariposa botnet, which stole credit cards and online banking credentials. The botnet — a network of infected computers — appeared in December 2008 and infected hundreds of companies and at least 40 major banks.
Botnets are networks of PCs that have been infected by a virus, remotely hijacked from their owners, often without their owners' knowledge, and put into the control of criminals.
"In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world," said FBI Director Robert Mueller in a statement. "These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet."
The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to the researchers who helped take it down after examining it in the spring of 2009.
Jeffrey Troy, the FBI's deputy assistant director for the cyber division, said Iserdo's arrest was a major break in the investigation.
On Wednesday, the FBI also identified, for the first time, the three individuals arrested in connection with the case in Spain: Florencio Carro Ruiz, known as "Netkairo;" Jonathan Pazos Rivera, known as "Jonyloleante;" and Juan Jose Bellido Rios, known as "Ostiator.
They are being prosecuted for computer crimes. Officials said the Mariposa botnet from Spain was the largest and most notorious.
In Ljubljana, Keder said "other suspects" were detained and interrogated along with the chief suspect, but offered no further details until a news conference planned for Friday.
Slovenian media have linked three former students of the Maribor Faculty of Computing and IT to the case, reporting that they were recently detained and interrogated by police and FBI officials, who confiscated their computer equipment.
The FBI's Troy said more arrests are expected and are likely to extend beyond Spain and Slovenia, targeting additional operators who allegedly bought the malware from Iserdo.
Mariposa is the Spanish word for "butterfly." Iserdo, read backwards, means "salvation" in Slovenian.
Senior research advisor Pedro Bustamante said the criminals behind the botnet did not have "advanced hacking skills".
"This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss," he said.
The gang made money by renting out parts of the botnet to other cyber-criminals as well as selling stolen credentials and using banking and credit card information to make transactions via so-called money mules.
Working with law enforcement agencies is not without its risks for security firms.
After the botnet was closed down, Defence Intelligence was hit by a Distributed Denial of Service (DDoS) attack as an apparent act of retaliation.
A DDoS attack occurs when a website is bombarded by requests for pages, often by a botnet, effectively taking it offline.
The attack was powerful enough to knock customers of an unnamed ISP offline for several hours.
The firm remains determined to pursue such cases.
"We will continue to fight the threat of botnets and the criminals behind them. We'll start by dismantling their infrastructure and won't stop until they're standing in front of a judge," said Mr Davis.
No comments:
Post a Comment