Menu

Microsoft engages cybergang that stole $500 million

Microsoft has orchestrated the bust-up of another top-tier botnet operation.

These bad guys – operators of the sprawling Citadel botnet -- make the fictional band of sophisticated thieves from the movie Ocean's 11 look like amateurs. Authorities estimate they've scored more than $500 million from banks in the United States and abroad by accessing online accounts and rerouting funds.

The software giant and the FBI, working with law enforcement and tech officials from some 80 countries, knocked out 1,000 of 1,400 of the Citadel botnets.

A botnet is a collection of hundreds to thousands of infected PCs that respond to commands routed through a command-and-control server, which is also an infected PC.

The bad guys running Citadel commanded as many as 5 million infected PCs, making Citadel one of the biggest botnet operations fueling spam, denial of service attacks and cyberespionage.

Citadel botnets supplied the computing power to steal from American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, among dozens of others.

The civil lawsuit Microsoft filed in the U.S. District Court in Charlotte, North Carolina identifies the ringleader as John Doe No. 1, aka Aquabox.

Investigators believe Aquabox is based somewhere in Europe and directs at least 81 helpers who run the botnets.

Background detail: How to pull off an Ocean's 11-like cyberheist.[1]

Legal maneuvers:

Microsoft has perfected a way to use civil courts to trip up cybergangs.[2]

Because Citadel is programmed to leave online banking accounts in the Ukraine or Russia alone, it's likely the gang members are based there.

Microsoft deserves credit for developing a process the respects laws and encourages law enforcement co-operation across multiple borders. That includes co-ordinating with ISPs and hosting services to cripple identify and cripple active botnets.

The company has done this twice before with the takedown and related civil prosecutions in 2011 of operatives involved in the Rustock botnet and in 2010 with the Waldec botnet.

The criminals remain at large. And sophisticated botnets will continue to function as the robust infrastructure enabling cybercrime. But the Citadel take-down, nonetheless, is on for the good guys. Microsoft's work in this arena serves notice that impunity is not absolute for cybercriminals.

"The bad guys will feel the punch in the gut,"Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, told Reuters.

The FBI told Reuters it is working closely with Europol and has obtained search warrants.

"We are upping the game in our level of commitment in going after botnet creators and distributors," FBI Assistant Executive Director Richard McFeely said in a Reuters interview.

"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and - if we can - get U.S. criminal process on these botnet creators and distributors."

back to top