U.S. shuts down massive cyber theft ring

WASHINGTON/BOSTON Wed Apr 13, 2011 6:55pm EDT

Related Topics

Photo

Under the Iron Dome

Sirens sound as rockets land deep inside Israel.  Slideshow 

WASHINGTON/BOSTON (Reuters) - U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.

A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a "botnet" that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.

The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.

"This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it," said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.

The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.

"We're pretty sure a Russian crime group was behind it," said Paller.

Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.

A civil complaint against 13 unnamed foreign nationals was also filed by the U.S. district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.

The malicious Coreflood software was used to infect computers with keylogging software that stole user names, passwords, financial data and other information, the Justice Department said.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," U.S. Attorney David Fein said in a statement.

In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft Corp. Authorities severed the Rustock IP addresses, effectively disabling the botnet.

Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people's junk mail bins.

A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim's bank account.

U.S. government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. A similar tactic was used in a Dutch case, but it was the first time U.S. authorities had used this method to shut down a botnet, according to court documents.

Victims of the botnet included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defense contractor that lost $241,866, according to the complaint filed in the U.S. District Court for the District of Connecticut.

The government plans to work with Internet service providers around the country to identify other victims.

(Reporting by Diane Bartz and Jim Finkle; editing by Gary Hill and Andre Grenon)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (6)
eaanders wrote:
Does the that computer crime ring include the Israel and US sabotaging of the Iranian nuclear program?

Apr 13, 2011 5:54pm EDT  --  Report as abuse
JamVee wrote:
Hey Mr. Eaanders . . . What is it that you don’t like about the US (and others), using hi-tech means to defend themselves against their sworn (and very vocal about it) enemy? I suppose part of your agenda includes an Iranian Ayatollah sitting in the White House . . . ?

Apr 13, 2011 7:42pm EDT  --  Report as abuse
IANGMNTAFM wrote:
Theft is one thing. Guarding national security against a VERY dangerous and VERY real threat is another. Plus would you rather see a virus that doesn’t sacrifice human lives or an armed conflict with an untold number of casualties?

Apr 13, 2011 9:22pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.