On April 8, 2015, the FBI joined forces with Europol’s European Cybercrime Centre (EC3), the Dutch National High Tech Crime Unit, the Joint Cybercrime Action Taskforce (J-CAT), the International Cyber Crime Coordination Cell (IC4), as well as several private sector partners including Kapersky, Shaowserver and Intel Security to corporately target the Beebone botnet.
According to a press statement released by the FBI (1), the secondary infections installed by Beebone contains software that can steal banking login details and passwords. It also includes fraudulent anti-virus software and ransomware.
The FBI and its foreign partners seized approximately 100 domain names used by Beebone. Consequently, any computers infected with the botnet will be redirected to a sinkhole server operated by EC3 instead of to the criminals responsible for the malware. Victims’ identifications will then be disclosed and appropriate remediation carried out.
Joseph Demarest Jr., FBI Assistant Director for Cyber, said in the press statement:
“Botnets like Beebone have victimized users worldwide, which is why a global law enforcement team approach working with private sector is so important. The FBI is proud to join with our partners at Europol’s European Cybercrime Centre, the Joint Cybercrime Action Taskforce (J-CAT), and the Dutch National High Tech Crime Unite to defeat malicious botnets that have the potential to impact thousands.”
Europol added that although the botnet is not the most widespread of malware, it is extremely sophisticated, enabling “multiple forms of malware to compromise the security of the victims’ computers” (2).
FBI Collaborates with Security Companies
The FBI’s collaboration with a large number of private security companies and law enforcement agencies around the world follows a separate cyber-crime global operation. On April 9, 2015, international action conducted from the Interpol Global Complex for Innovation (IGCI) based in Singapore, targeted the takedown of the Simda botnet.
The malicious botnet compromised more than 770,000 computers in 190 countries around the world. As well as stealing victims’ banking details, the botnet established a backdoor Trojan to install further malware.
However, the Simda botnet is no more, following a highly coordinated takedown which seized more than 14 command-and-control servers, located in the US, Poland, Russia, Luxembourg and the Netherlands.
The successful takedown involved officers working simultaneously from the US FBI, the Dutch National High Tech Crime Unit, the Russian Ministry of the Interior’s Cybercrime Department ‘K’, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg (3). The operation also involved Interpol working with several private security firms including Kaspersky Lab, Microsoft, Japan’s Cyber Defense Institute for technical assistance and Trend Micro.
However, as Ars Technica writes, the taking down of the Beebone bonet was “something of a coup” due to the underlying malware that was so resistant to detection. As well as updating itself as many as 19 times a day, the Beebone relied on a pair of programs that reloaded one another. Authorities told the Associated Press that consequently, the programs acted as an insurance policy should one of them be removed.
“From a techie’s perspective, they made it as difficult as they possibly could for us,” Raj Samani, a Europol advisor told The Associated Press (4).
Need for Partnerships
The fact that so many of the world’s biggest and most powerful private security firms and law enforcement agencies are forced to work together to combat cyber-crime like this, proves the complexity, sophistication and widespread damage botnets such as the Beebone and the Simda cause.
As IDCC director Sanjay Virmani said in a press statement following the successful takedown of Simda:
“This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cybercrime. This operation has dealt with a significant blow to the Simda botnet, and Interpol will continue in its work to assist member countries protect their citizens from cybercriminals and to identify other emerging threats.”
Have you been a victim of a malware attack? We would love to hear our readers’ experiences and views on this rampant and highly sophisticated contemporary form of crime.