Federal Agents Just Brought Down the World’s Worst Botnet

An international operation led by the Department of Justice has disabled a hacking network that generated losses of more than $100 million in the U.S. since 2011. In an announcement on Monday, the department also disclosed charges against a 30-year-old Russian allegedly behind the Gameover Zeus botnet, a web of hundreds of thousands of infected computers used to steal money from bank accounts.

Gameover Zeus, which first emerged in September 2011, infected somewhere between 500,000 and 1 million computers, putting them in the control of hackers in Russia and Ukraine, according to legal documents (PDF) unsealed today. The main purpose of creating such a network, federal officials said, is to steal banking credentials and then use them to make wire transfers overseas.

The botnet’s capabilities sound plenty scary. Let’s say the hackers got a log-in and password for an account at Bank X and arranged for a fraudulent wire transfer. The bots could be used to attack the bank’s network to distract from examination of the transfer, says Brett Stone-Gross, a researcher for Dell SecureWorks who helped with the technical aspects of the takedown. It would even become harder for the account holder to alert the bank of fraudulent activity.

“This botnet caused a tremendous amount of damage,” Stone-Gross says. “It probably caused more damage than any other botnet previously, based on the amount of financial fraud.”

The hackers used the same network to spread a malicious program called Cryptolocker, which takes control of a computer, encrypts its contents, and demands ransom from the user to regain access to his files. The program is likely the work of the same group of hackers, says Stone-Gross.

The federal indictment unsealed at a court in Pittsburgh on Monday names Evgeniy Mikhailovich Bogachev, a Russian citizen and resident of the Black Sea city of Anapa, as the head of the group controlling the botnet. He might also be the author of the original Zeus malware, which emerged in 2007. U.S. authorities tracked his online activities by monitoring a computer server in the U.K. used to administer the botnet.

The international cooperation behind the takedown is impressive. The Justice Department press release mentions law enforcement units from Australia, the Netherlands, Germany, France, Italy, Japan, Luxembourg, New Zealand, Canada, Ukraine, and the U.K.

The real question now is how long it takes the criminals to construct a new network, and whether the U.S. indictment limits Bogachev and his allies—that is, if he is the mastermind depicted in the indictment.

Before it's here, it's on the Bloomberg Terminal.