FBI Takes 10 Alleged Botnet Operators Offline
In the latest breakup of an alleged botnet ring, the FBI benefited from help provided by Facebook, which was the main conduit for its thieving activities. "What both cybergangs and individual cyberpunks often don't appreciate is the extent to which useful intelligence about them can be gathered from social media," said attorney Steve Lee.
12/13/12 3:13 PM PT
The Federal Bureau of Investigation has arrested 10 individuals from around the world, including the United States, which it alleges are part of an international cybercrime ring linked to the Yahos malware. Yahos is associated with the notorious Butterfly botnet, which compromised more than 11 million computer systems and resulted in an estimated US$850 million in losses from the theft of consumers' credit cards and bank accounts.
Facebook lent a hand in this latest takedown by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012.
The FBI received cooperation from its field offices around the country and counterparts in many nations. However, the role of Facebook stands out in this particular case, as it illustrates the necessity of public-private partnerships to stamp out cybercrime.
Taking down an almost billion-dollar syndicate would not be possible without these cooperative efforts, Robert Siciliano, CEO of IDTheftSecurity.com, told TechNewsWorld.
"In this case, Facebook -- being the platform that organized crime used to launch the attacks -- was in the best position to respond and coordinate with the FBI to thwart future attacks," he said.
Still, like most initiatives against cybercrime, there is only so much that can be expected from one particular bust. It is not unheard of for even high-profile botnet takedowns to be likened to games of whack-a-mole, with little change from an overall security perspective.
"This one botnet affected 11 million, and in time we will see these numbers quadruple -- and vast populations will continue to be affected by cybercrime as the single most lucrative get-rich-quick opportunity in history," said Siciliano.
Then again, cybersecurity is hardly a static industry -- and that's true of tactics used by law enforcement as well.
"Law enforcement is getting better at identifying cybercriminals, and I expect them to get better still, though cybercrime is still growing," said Steptoe partner Stewart Baker, former first assistant secretary for policy at DHS.
"'Whack-a-mole' is too harsh a word for this," he told TechNewsWorld. "We will never completely end cybercrime, just as we will never end other forms of fraud or other crimes generally. What we need to do is make it much more dangerous and much less profitable for the hackers. This is a small down payment on that goal."
As for this particular case, it is difficult to come to any conclusions, said Graham Cluley, senior technology consultant with Sophos.
"Facebook and the FBI haven't released much information, and we don't know how many, if any, gang members might still have their liberty," he told TechNewsWorld.
"Nonetheless, we can assume that once again things have just gotten a little bit hotter for this corner of the computer underground -- and with luck, some might consider whether it is wise for them to continue to follow a life of crime."
Behind the Scenes, a Different View
For cybergangs and the people who chase them, it is what is not being publicly announced that is most telling.
"What both cybergangs and individual cyberpunks often don't appreciate is the extent to which useful intelligence about them can be gathered from social media," Steve Lee, managing partner of Steve Lee & Associates, told TechNewsWorld.
"Through Facebook particularly, but also through other social networking interfaces, there are unusually potent opportunities for law enforcement to socially engineer meetings, stings, obtain IP addresses, observe behaviors and even capture images from bad actors," he pointed out.
If the cybergang that was the subject of the recent takedown compartmentalized itself like an al-Qaeda cell, he continued, then it's possible this will amount to "whack-a-mole on steroids." However, if the cybergang's members have been less than fastidious about isolating themselves from other members, as is probable, then more than 10 are likely to be at risk, Lee said.
"That said, we can expect others to learn, adapt and overcome. Unfortunately, their processes and procedures tend, for the most part, to be steps ahead of the good guys that are typically in a reactive posture," he noted.
So, while the game board has not permanently tilted against the black hats, the federal authorities have made cyberplunder more difficult, expensive and risky for the bad guys, Lee concluded -- for now, at least.