WASHINGTON — The United States seized a global network of computer servers known as Gameover Zeus Botnet used by cyber-criminals to spread malware viruses and steal millions of dollars from businesses and consumers, the Justice Department announced Monday.
U.S. and foreign law enforcement agents in a separate action seized the computers that distributed malware known as “CryptoLocker” that freezes access to computer files until victims pay a ransom.
More than $100 million in losses were attributed to the schemes, which infected hundreds of thousands of computers, including a Massachusetts police department that paid a $750 ransom to restore its access to investigative files, digital mugshots and other administrative documents.
Deputy Attorney General James Cole described the Gameover Zeus operation, in which cyber thieves overtake computers to siphon often valuable financial information, the “most sophisticated and damaging botnet we have ever encountered.”
A 14-count indictment, unsealed Monday in Pittsburgh, charges Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, with directing Gameover Zeus. Charges include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. Bogachev is charged in Omaha with conspiracy to commit bank fraud for his alleged involvement with an earlier version of the Zeus malware called “Jabber Zeus.”
Court documents identify Bogachev as “Slavik,” a computer nickname for a notorious leader of a tightly knit gang of cyber-criminals based in Russia and Ukraine allegedly responsible for both Gameover Zeus and CryptoLocker. The hackers allegedly used the Gameover Zeus network of infected computers to distribute CryptoLocker. Federal investigators say Bogachev used other online names, including “Pollingsoon” and “Lucky12345.”
FBI Executive Assistant Director Robert Anderson described Bogachev as “one of the most prolific cyber-actors in the world.”
Cole said U.S. authorities were in contact with Russian officials in an attempt to secure Bogachev’s arrest, though the suspect — a boating enthusiast known to frequent ports along the Black Sea — remains a fugitive.
Gameover Zeus, also known as “P2P Zeus,” is responsible for nearly 1 million infections worldwide since its first attack in September 2011. The malicious software is used to intercept online banking transactions. The software remains on the infected computers, which become part of a compromised network of computers known as a “botnet.” The cyber-criminals can access computers in the botnet to retrieve compromised banking passwords or use the botnet to infect more computers.
Federal agents redirected botnet computers to Homeland Security cyber-squads to identify the infected computers, the Justice Department said. Once the computers are identified through their Internet addresses, private computer security companies will help victims remove the malware, the department said.
CryptoLocker, which first surfaced in Great Britain in September 2013, uses malware to encrypt computer files on infected computers. Once the computer is locked, the malware posts a ransom note on the screen demanding payments of about $700 in untraceable credit cards or Bitcoin to unlock the files.
If the victim fails to pay the ransom, the computer remains locked, and files are unrecoverable.
Computer security companies estimate that CryptoLocker infected more than 234,000 computers worldwide, including more than 100,000 in the USA, the Justice Department said.
Cole said members of Bogachev’s network “implemented the kind of cyber-crimes that you might not believe if you saw them in a science fiction movie.”
Justice officials have recently mounted an aggressive campaign against computer hackers.
Last month, the United States accused Chinese military officials of hacking into several U.S. companies, including Westinghouse and U.S. Steel, to steal trade secrets and intellectual property. It was the first time the United States had charged a state actor in a criminal cyber-espionage case.
In that case, Chinese hackers, officers in the Chinese People’s Liberation Army, downloaded massive amounts of industrial information over eight years that they used to undercut trade deals, the indictment said. In the case of Westinghouse, the United States says the Chinese hackers stole plans for nuclear plants as Chinese politicians negotiated for Westinghouse to build the facilities.
Other businesses named as victims in the indictment included SolarWold, the United Steel Workers Union, Allegheny Technologies and Alcoa.
China denied hacking U.S. computers and vowed retaliation if the charges are not dropped. After the indictment, Chinese officials summoned the U.S. ambassador to the Foreign Ministry and suspended a joint working group on cyber-security.
While the Gameover Zeus and Cryptolocker disruptions deal a blow to hackers, Mike Lloyd, chief technology officer for the computer security firm RedSeal Networks, says it’s only a matter of time before cyber-criminals devise a new method of attack.
“This is a cockroach problem – killing one of these just means there will be another one along soon,” Lloyd said. “As long as we are easy targets who are cheap to compromise, attackers will exploit our weaknesses. Our current security defenses are generally weak, haphazard and full of gaps.”
Source: USA Today