The US department of Justice has announced with not just a touch of self congratulations that they have taken down the Gameover Zeus and Cryptolocker botnets.
The Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers into the US which were then used to empty their accounts.
In contrast, the pernicious Cryptolocker was brutally direct obtain: stealing the victims’ money by locking the victims’ computers and forcing them to pay around $750 to get the decryption key. Justice claims that over the weekend more than 300,000 computers had been “freed” from the botnet.
But wait. The criminals, one named, behind the network were not yet apprehended. Evgeniy Bogachev apparently of Russia or Ukraine, is charged with illegal hacking, fraud and money laundering.
In other words, law enforcement agents identified the servers that were distributing Cryptolocker, worked with officials in the hosting countries and seized the servers.
Leslie Caldwell, the head of the Justice Department’s Criminal Division said in a speech: Evgeniy Bogachev and the members of his criminal network devised and implemented the kind of cyber-crimes that you might not believe if you saw them in a science fiction movie. By secretly implanting viruses on computers around the world, they built a network of infected machines – or ‘bots’ – that they could infiltrate, spy on, and even control, from anywhere they wished.”
If Mr. Bogachev desired to continue his lucrative life of cybercrime do you know how long it would take him to recruit new servers and continue his crime spree? About as long as it would take him to get online at a local coffee shop with WiFi access.
“Recognizing that seizures alone would not be enough because cyber criminals can quickly establish new servers in other locations, our team began a carefully timed sequence of technical measures to wrest from the criminals the ability to send commands to hundreds of thousands of infected computers, and to direct those computers to contact the server that the court had authorized us to establish,” Caldwell said.
Admittedly, now that he has been tipped off, Mr. Bogachev may invest some time and money into improving his own operational security. He will probably change his online hacker name, use a few more proxies to bounce through as he shops for botnets in various forums, and perhaps treat his associates with suspicion in case it was one of them that turned him in.
But taking down a botnet or two is about as effective as seizing a drug kingpin’s cash, drugs, and weapons. Without an arrest all you do is increase the operational costs for the bad guys as they improve their security.
Every Brogachev want-to-be has not learned the lesson that crime does not pay. They have learned it does indeed pay and you can get away with it if only you are more careful.
Cryptolocker and future variants will be back.