Burgeoning botnets!

Understanding large-scale computer infections and data breaches, part 1 of 2


By Robert E. Holtfreter, Ph.D., CFE, CICA, CBA

You've heard of the big-news breaches: Target, Home Depot, JPMorgan Chase, Michaels. Large and small organizations allow porous online systems to jeopardize their customers and diminish profits. Find out how cybercriminals use infectious malware to infiltrate web browsers and steal identities and personally identifiable information.

The author's views aren't necessarily those of the ACFE, its Board of Regents or employees. — ed.

Botnets abound! Those crafty high-tech e-robots that cybercriminals use to silently infiltrate personal computers and other devices are increasing worldwide. Fraudsters use botnets to distribute malicious software — malware — to steal personally identifiable information (PII) and identities and then link computers to form networks to spread viruses, attack computers and servers, and commit other kinds of crime.

In January of last year, Aleksandr Andreevich Panin pleaded guilty in an Atlanta federal courtroom to a conspiracy charge as the primary developer and distributor of the SpyEye malware, which he created to steal from financial institutions. (See Botnet Bust, FBI, Jan. 28, 2014.)

According to the FBI, Panin sold the SpyEye malware in underground hacking forums to more than 150 "clients" who paid from $1,000 to $8,500 for various versions. The cybercriminals then used the malware to infect more than 1.4 million computers and steal victims' PII and economic information to transfer hundreds of millions of dollars out of victims' bank accounts and into fraudsters' controls — a classic use of botnets.

The FBI busted the SpyEye botnet gang after a major joint investigation under the FBI's Operation Clean Slate (OCL) initiative designed to "eliminate the most significant botnets affecting U.S. interests by targeting the criminal coders who create them and other key individuals who provide their criminal services to anyone who'll pay for them."

PANIN'S STRATEGY AND DOWNFALL

One of the online underground ads for the SpyEye Zeus malware described it as a "banking Trojan with form-grabbing possibility," which meant that it was capable of infiltrating a victim's web browser and stealing his banking PII while he was involved in an online banking transaction. Another ad touted the malware's "cc grabber," which meant it could scan stolen PII specifically for credit card information.

Panin made a big mistake when he sold his malware online to an undercover FBI agent. He was ultimately arrested in July of 2013 at the Atlanta, Georgia, airport. But perhaps, more importantly, the FBI had used a search warrant to seize a server in Georgia (the U.S. state) and bust up the botnet and rid infected computers of the SpyEye Zeus malware at the same time. 



For full access to story, members may sign in here.

Not a member? Click here to Join Now.