Global Police Crack Down on 'Gameover Zeus' Cybercrime Botnet
U.S. Assistant Attorney General Leslie Caldwell of the Justice Department's Criminal Division announces criminal charges and two global cyberfraud disruptions, Gameover Zeus and Cyrptolocker, at the Department of Justice in Washington on June 2.GARY CAMERON / Reuters
Breaking News Emails
Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
A U.S.-led international operation disrupted a crime ring that had infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and cyber extortion, the Justice Department said on Monday.
Authorities used technical and legal tactics to interrupt the botnet in an effort called Operation Tovar, shutting down the servers the cybercriminals used to control infected machines and causing those machines to "phone home" to servers controlled by law enforcement.
“These schemes were highly sophisticated and immensely lucrative, and the cybercriminals did not make them easy to reach or disrupt,” Leslie Caldwell, who heads the Justice Department's criminal division, told a news conference.
Byers Market Newsletter
Get breaking news and insider analysis on the rapidly changing world of media and technology right to your inbox.
The botnet, known as Gameover Zeus, or GOZ, derives its name from a version of the Zeus credential-stealing software, which U.S. court documents said have caused $100 million in losses to consumers and businesses since it first surfaced in 2007. Court documents released on Monday said that between 500,000 and 1 million machines worldwide were infected with the malicious software, or malware.
Its primary purpose was to capture banking credentials, though it has been known to change recipients of legitimate payments orders, for example targeting U.S. hospitals' payroll operations.
A botnet is a group of computers under the control of someone other than the computers' owners. They are typically assembled through viruses and are the key tool in spam, online bank fraud and denial-of-service attacks on websites.
GOZ was also used to distribute Cryptolocker, malicious software known as "ransomware" that encrypts data of an infected computer, making it inaccessible to the user. Cybercriminals would essentially take the machine hostage, promising to unscramble the data if the user paid them a ransom of as much as $700, the Justice Department said.
The U.S. Department of Homeland Security set up a website to help victims remove the GOZ malware: https://www.us-cert.gov/gameoverzeus. The European Cybercrime Centre also participated in the operation, along with Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, Ukraine and the United Kingdom.
Intel, Microsoft, security software companies F-secure, Symantec, and Trend Micro; and Carnegie Mellon University also supported the operation.
The suspect, who authorities said is known online as Lucky12345, is charged with writing computer code used to compromise banking systems and assist others in stealing banking credentials, according to court documents.
Prosecutors said the victims of the attacks included Capital One Bank, Bank of Georgetown in Washington, and First National Bank of Omaha. Bogachev and his group infected thousands of business computers with software that captured passwords, account numbers and other information used to log in to online bank accounts, prosecutors said.