U.S. says global effort has hobbled a cybercrime ring
By Ellen Nakashima
June 2 at 11:00 PM
In a secret 72-hour blitz over the weekend, the FBI, several
foreign governments and a host of security firms dismantled what
officials say is the most sophisticated operation ever to commandeer
private computers and siphon tens of millions of dollars from
American bank accounts.
The operation’s alleged Russian ringleader has been indicted on
charges of hacking, conspiracy and bank fraud, Justice Department
officials said Monday.
Evgeniy Bogachev, 30, who also goes by the handle “lucky12345,”
was the mastermind behind a “botnet,” or network of secretly
infected computers whose owners were unaware their machines had been
hijacked, officials said.
He also ran a “ransomware” scheme, in which he encrypted victims’
computer files and refused to unlock them until receiving payment,
officials said.
Deputy Attorney General James M. Cole called the botnet, dubbed
GameOver Zeus, “the most sophisticated and damaging . . .
we have ever encountered.” Between 500,000 and 1 million computers
worldwide were infected, and the losses exceeded $100 million to
U.S. victims alone, he said.
Evgeniy Bogachev, 30, also goes by the
handle “lucky12345.” (FBI)
Cole said officials had “some sense” of Bogachev’s location, but
declined to elaborate. “Our goal right now is to find him and bring
him into custody,” he said.
The unsealing of the indictment against Bogachev comes two weeks
after Justice Department officials announced they had charged five
Chinese military officials with hacking into U.S. companies’
computer systems and stealing intellectual property.
Beginning in 2011, Bogachev allegedly used “spearphishing”
e-mails to infect computers with malware. When computer users
clicked on links or attachments, the malicious code would burrow
into their machines. The malware enabled Bogachev and others in his
ring to watch from Russia as the malware “intercepted the bank
account numbers and passwords that unwitting victims typed into
computers” in the United States, said Leslie R. Caldwell, assistant
attorney general for the Justice Department’s Criminal Division.
In a novel twist, officials said, Bogachev used the botnet to deliver
another form of malicious software called Cryptolocker, which encrypted
victims’ computer files. It then placed a message on their screens
informing them that they could unlock their files only after paying a
ransom, which ranged up to $700, officials said.
In the first two months of operation, Cole said, the Russian ring
collected over $27 million in ransom payments. The ransoms often would
be paid using the virtual currency known as Bitcoin.
The botnet takedown involved federal prosecutors, FBI agents, foreign
law enforcement officials in more than 10 countries and at least a dozen
commercial security firms that provided technical assistance.
“This is the largest fusion of law enforcement and industry partner
cooperation ever undertaken in support of an FBI cyber operation,” said
Robert Anderson Jr., the FBI’s executive assistant director of the
Criminal, Cyber, Response, and Services Branch.
The groundwork for the operation involved coordination with Ukrainian
authorities, who seized key servers in Kiev and Donetsk that were used
by the hackers. On May 19, prosecutors brought sealed charges against
Bogachev in Pittsburgh, the headquarters of the Western District of
Pennsylvania, where some of the victims were located.
Last week, officials obtained civil court orders permitting them to
reroute communications from the infected computers to a server set up by
U.S. officials with court approval. At the same time, Caldwell said,
foreign law enforcement partners seized other critical computer servers
used to operate Cryptolocker, preventing the hackers from encrypting
other targets’ files.
Beginning early Friday morning, authorities around the world began
the coordinated seizure of the servers that formed the backbone of the
botnet and Cryptolocker, Caldwell said. The seizures took place in
Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and
Britain.
Over the weekend, more than 300,000 computers were freed from the
botnet, and the botnet itself was “effectively dismantled,” she said.
David J. Hickton, U.S. attorney for the Western District of
Pennsylvania, said the investigation is still open and suggested more
charges could be pending. “It is obvious that Bogachev did not act
alone,” he said.
Though the United States has no extradition treaty with Russia, other
Russian hackers have been convicted in the United States after being
extradited by other countries.
“Bogachev is now the subject of an international manhunt,” said
Steven Chabinsky, formerly the FBI’s top cyber lawyer and now an
executive at CrowdStrike, one of the firms that took part in the
takedown. “If any of our allies catch him, he could be extradited to the
United States. In any case, it’s unlikely that he is working on building
a new botnet at this moment.”
|