World Bulletin/News Desk
A U.S.-led international operation disrupted a crime ring that had infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and cyber extortion, the Justice Department said on Monday.
Authorities used technical and legal tactics to interrupt the so-called botnet's operations, shutting down the servers the cyber criminals used to control infected machines and causing those machines to "phone home" to servers controlled by law enforcement.
"These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt," Leslie Caldwell, who heads the Justice Department's criminal division, told a news conference.
The botnet, known as Gameover Zeus, or GOZ, derives its name from a version of the Zeus credential-stealing software, which U.S. court documents said have caused $100 million in losses to consumers and businesses since it first surfaced in 2007. Court documents released on Monday said that between 500,000 and 1 million machines worldwide were infected with the malicious software, or malware.
Its primary purpose was to capture banking credentials, though it has been known to change recipients of legitimate payments orders, for example targeting U.S. hospitals' payroll operations.
A botnet is a group of computers under the control of someone other than the computers' owners. They are typically assembled through viruses and are the key tool in spam, online bank fraud and denial-of-service attacks on websites.
GOZ was also used to distribute Cryptolocker, malicious software known as "ransomware" that encrypts data of an infected computer, making it inaccessible to the user. Cyber criminals would essentially take the machine hostage, promising to unscramble the data if the user paid them a ransom of as much as $700, the Justice Department said.
The U.S. Department of Homeland Security set up a website to help victims remove the GOZ malware: https://www.us-cert.gov/gameoverzeus .
The suspect, who authorities said is known online as Lucky12345, is charged with writing computer code used to compromise banking systems and assist others in stealing banking credentials, according to court documents.
Bogachev and his group infected thousands of business computers with software that captured passwords, account numbers, and other information used to log in to online bank accounts, prosecutors said.