A newly-assembled international coalition of cyber cops says it’s hijacked a network of compromised computers that had been used by criminals to spread malicious software among at least 12,000 infected machines worldwide.
The Joint Cybercrime Action Taskforce—an agency launched last
year in partnership with law enforcement from the United States,
United Kingdom and the European Union—said on Thursday this week
that it’s seized the command-and-control server that had been
used to operate the so-called ‘Beebone’ botnet.
By taking control of the server, authorities can now keep the
botnet’s administrators from using a vast network of hacked
computers to launch attacks. Security experts say that upwards of
12,000 machines have already been compromised since 2009,
however, and that the operators of the zombie network had
executed malicious programs through those computers to steal user
data, including passwords and financial information.
Infected machines, according to the US Computer Emergency
Response Team (US-CERT), could be ordered to “distribute
malicious software, harvest users’ credentials for online
services, including banking services, and extort money from users
by encrypting key files and then demanding payment in order to
return the files to a readable state.” The compromised
machines would download and run other malicious program,
including ransomware and rootkits, and then rapidly change form
after an infection in order and before spreading in order to
evade detection.
Created in September 2014, the Joint Cybercrime Action Taskforce
was assembled by the US Federal Bureau of Investigation, the
National Crime Agency of the UK and Europol, among others, in an
effort to tackle widespread web crime.
According to the BBC, the FBI was involved in redirecting traffic
from the malicious domains used to control the botnet since those
sites mostly fell under US jurisdiction, and that the takedown
was conducted with the help of private security firms Intel,
Kaspersky Labs and Shadowserver.
We’ve taken down the #Beebone
polymorphic #botnet,
which facilitated #malware
downloads via W32/Worm-AAEH: http://t.co/YjnN5XfKhg
— McAfee Labs (@McAfee_Labs) April
9, 2015
“This successful operation shows the importance of
international law enforcement working together with private
industry to fight the global threat of cybercrime,” Europol
Deputy Director of Operations Wil van Gemert said in a statement.
Raj Samani, an advisor for Europol, told the Associated Press on Wednesday that the
shape-shifting mechanism of the malware spread by the botnet made
taking control of the network a tough feat to accomplish.
“From a techie’s perspective, they made it as difficult as
they possibly could for us,” he told the AP.
“The botnet does not seem the most widespread, however the
malware is a very sophisticated one, allowing multiple forms of
malware to compromise the security of the victims’
computers,” Europol said in a statement dispatched by the agency’s
headquarters in The Hague this week.
New Blog by me – Takedown! McAfee Labs Stops Beebone
Polymorphic Botnet – McAfee: https://t.co/r8pVm1bs6a #Beebone#botnet
— Raj Samani (@Raj_Samani) April
9, 2015
In its report, AP acknowledged that “Botnet is the term
applied to networks of hijacked machines which criminals or
security agencies use to spread malicious software, empty bank
accounts and launch attacks.” Indeed, documents disclosed by
Edward Snowden, a former contractor for the US National Security
Agency, revealed last year that the NSA ran a
“highly successful” botnet for spying purposes.
In January, the White House proposed changes to the US Computer Fraud and Abuse
Act that would incorporate new rules to target the sellers of
botnets with penalties under the CFAA.