There are a lot of stories about the dangers of cybercrime. I've written plenty of stories about the worst cases of cybercrime, the dangers of phising and how malware can wreck your life. It's nice to stop and see just what's being done about the problem. There are a surprising number of raids conducted regularly to bring down cyber criminals, often involving massive international cooperation.
We'll start off with a smaller operation, and one that was only revealed quite recently. M00p was a fairly nasty piece of malware that added computers to a botnet and gathered information from their hard drives. It operated from roughly 2004 to 2006, at which point a consultant from F-Secure, a Finnish anti-virus company, observed their first real lead. One instance of the infection was communicating with a domain name that they were able to trace to a Gmail address, which they could then trace to one of the alleged leaders and programmers, Matthew Anderson.
Using that lead, they were able to track down an apparent partner, Artturi Alm. Synchronized morning raids occurred in the United Kingdom and Britain, during which the police found the two men talking to one another over a dedicated IRC channel. Both men were arrested and convicted, although it is suspected that several of their partners in other countries escaped.
The DarkMarket Sting
This one isn't a single event, as much as it is an incredible sting operation. From roughly 2006 to 2008, a large online community, called DarkMarket, existed to facilitate the sales of stolen information and other nefarious online activities. Thankfully, it was run by the FBI.
For two years, the webmaster “Master Splynter” was an undercover agent operating out of the Pittsburgh branch of the FBI's cybercrime division. Despite several close calls, the cover mostly held, and led the arrest of 56 cyber criminals around the world, with coordinated raids in the United States, the United Kingdom, Turkey and Germany. The FBI estimates that nearly $70 million in damages was prevented by the sting.
Perhaps the most remarkable part is the end though. As the sting came to a close and the arrests rolled out in force, “Master Splynter” posted a simple goodbye on the site, claiming that increased law enforcement attention meant that he had to disappear into the night. It took a full month for the cover to be blown, when FBI documents noted the success of the operation and news spread.
The Mariposa Botnet
The Mariposa Botnet appeared in December 2008, and grew to fairly absurd proportions. At its height it was believed to have infected 12 million computers, many of which belonged to networks at major banks. The infection had impacted nearly half of all Fortune 1000 companies. Credit card and banking information obviously added up quite quickly.
A joint investigation by the FBI and police in Spain was able to track down three of the main operators of the big botnet, who were arrested in February 2010 but this proved to only be the beginning. Five months later, Slovenian police were added into the investigation to bring in the “mastermind” of the botnet. The police refused to give additional information, aside from the alleged culprit's Internet handle, Isredo.
After fully disrupting the botnet, information obtained from the combined arrests was used to track down other criminals who had either bought information from the gang or rented time on the botnet from them.
Romanian Phishing Rings
It's time to really ramp up the scale a bit. On April 6th, 2010, Romanian police officers reported the successful arrest of three separate phishing gangs, with a total of 70 people captured. The arrests came as part of a coordinated FBI and Secret Service operation, wonderfully named “Operation: Valley of Kings.”
The criminally allegedly were responsible for hacking many eBay accounts, and then using the reputation of established sellers to list fake goods. The scammers would carry out auctions for expensive cars and boats, then pocket the proceeds and leave the account owner to deal with the chaos. Over 800 people had been directly affected.
The series of raids involved hundreds of officers and Secret Service agents on loan from the nearby embassy. They were also kind enough to offer two minutes of (somewhat poor quality) footage of the raids, which include battering rams, a few arrests and footage of the spoils of war that the gangs had (see reference links).
Let's finish out big with one of the most massive, but simple, takedowns. The Zeus botnet was another massive thorn in the side of many victims. It spread through infected spam emails, and would sit on computers gathering information. You should know the drill by now. It operated by gathering banking details from infected computers, which were then used to transfer money through a series of “mules” until it could make its way out of the United States and to the international ringleaders. It's estimated that they tried to steal nearly $220 million dollars.
After the scam was first noted in late 2009, the FBI began a large investigation to round up the entire crime ring. Combined raids arrested the 5 suspected ringleaders in the Ukraine, and rounded up over a hundred mules located across the United States, the Netherlands and the United Kingdom. The FBI's official statement noted it as one of the largest cyber crime cases that they had ever investigated.
Hopefully these stories will give you a little hope for the future of the Internet. While cyber crime is a nasty plague, there have been some pretty big victories.
- Image Credit: Morguefile\Mconnors
- 56 Arrested in DarkMarket Sting, Says FBI, http://www.wired.com/threatlevel/2008/10/56-arrested-in/
- More than 100 Arrests as FBI Uncovers Cyber Crime Ring, http://www.bbc.co.uk/news/world-us-canada-11457611
- FBI Arrests "Mastermind" of Mariposa Botnet Computer Code, http://www.telegraph.co.uk/technology/7913767/FBI-arrests-mastermind-of-Mariposa-botnet-computer-code.html
- How the M00p Malware Gang Was Brought Down, http://www.wired.com/threatlevel/2011/10/m00p-takedown/
- Romanian Police Arrest 70 Phishers and Fraudsters, http://nakedsecurity.sophos.com/2010/04/07/romanian-police-arrest-70-phishers-fraudsters/
- Official FBI Report on Zeus Arrests, http://www.fbi.gov/news/stories/2010/october/cyber-banking-fraud/cyber-banking-fraud