International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday.
A 23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia, after a lengthy investigation by Slovenian Criminal Police there along with FBI and Spanish authorities.
His arrest comes about five months after Spanish police broke up the massive cyber scam, arresting three of the alleged ringleaders who operated the so-called Mariposa botnet, stealing credit cards and online banking credentials. The botnet — a network of infected computers — appeared in December 2008 and infected more than half of the Fortune 1,000 companies and at least 40 major banks.
Botnets are networks of infected PCs that have been hijacked from their owners, often without their knowledge, and put into the control of criminals.
Jeffrey Troy, the FBI's deputy assistant director for the cyber division, said Tuesday that Iserdo's arrest is a major break in the investigation. He said it will take the alleged cyber mastermind off the street and prevent him from updating the malicious software code or somehow regaining control of computers that are still infected.
Officials declined to release Iserdo's real name and the exact charges filed against him, but said the arrest took place about 10 days ago and the man has been released on bond.
"To use an analogy here," said Troy, "as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood. And that is a huge break in the investigation of cyber crimes."
Troy said more arrests are expected and are likely to extend beyond Spain and Slovenia and include additional operators who allegedly bought the malware from Iserdo. Authorities would not say how much Iserdo supposedly charged, but said hackers could buy the software package for a certain amount, or pay more to have it customized or get additional features. Internet reports suggest the fees ranged from as much as $500 for basic packages to more than $1,300 for more advanced versions.
Cyber masterminds behind the biggest botnets aren't often taken down largely because it is easy for experienced hackers to hide their identities by disguising the source of their Internet traffic. Usually the computer resources they use are stolen. And the investigations are complex and technical, often spanning dozens of countries with conflicting or even non-existing cyber crime laws.
For instance, there have been no arrests yet in the spread of the Conficker worm, which infected 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and caused widespread fear that it could be used as a kind of Internet super weapon.
The Conficker botnet is still active, but is closely watched by security researchers. The infected computers have so far been used to make money in ordinary ways, pumping out spam and spreading fake antivirus software.
The Mariposa botnet, which has been dismantled, was easily one of the world's biggest botnets. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
The researchers that helped take down Mariposa — which is from the Spanish word for "butterfly" — first started looking at it in the spring of 2009.
Hackers spread the botnet by using instant-messaging malicious links to contacts on infected computers. They also used removable thumb drives and peer-to-peer networks to spread the botnet.
The investigation has included federal and international law enforcement as well as a team of more than 100 people, including FBI, members of a specialized botnet investigative team and the so-called Mariposa working group, which includes researchers and private industry experts.