Analecta Cyber Company Blog: FBI, hackers bust bank-robbing botnet

2015-10-19

FBI, hackers bust bank-robbing botnet

A television station based in Salisbury, Maryland has reported a massive hacking operation involving computers from all over the world. American and British police working in collaboration with each other have managed to stop the hack, which was able to steal at least $10 million from the United States alone.


Just this week, U.S. prosecutors announced they had manage to stop the malware used in the hacking. With the help of several cyber security firms, they took control of a network of machines that distributed malicious software known as "Bugat," "Cridex" or "Dridex." The malware was capable of stealing passwords and siphoning money from the bank accounts of the victims. Experts stated that the botnet may have infected about 125,000 computers a year and hackers relied on this type of distribution to find more victims.

Hackers targeted Pennsylvania

Investigators believe that the hacker and his team sent official-looking spam email messages that tricked people into opening poisonous email attachments. According to the indictment, they were able to steal $3.5 million from an oil company in Pennsylvania in 2012 and send the money to bank accounts in Belarus and Ukraine. Investigators added that through this same strategy hackers tried to steal nearly $1 million from a school district, also in Pennsylvania, in 2011, but weren’t able to pull it off.

The takedown was conducted by government agents from the FBI in cooperation with other international crime agencies and several security companies.

According to experts, the spread of the malware immediately stopped when police in Cyprus arrested the main hacker in the cyber crime scheme.

Next came the operation to grab the botnet itself.

The botnet is now under the control of an organization called, The Shadowserver Foundation, a little-known group of professional hackers who volunteer to make the Internet safer for the public.

Although experts say that this was only a temporary setback for hackers because law enforcement has not taken out the malware itself as it was still being distributed by other botnets, according to another cyber security firm.