FBI, international cybercrime task force beat botnet
A new group of international cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.
The elimination of the Beebone botnet is an early success chalked up by the Joint Cybercrime Action Taskforce, a coordination body created last year by the FBI, Britain's National Crime Agency, Europol and host of other international law enforcement agencies.
FBI Assistant Director for Cyber Joseph Demarest, Jr. said, "Botnets like Beebone have victimized users worldwide, which is why a global law enforcement team approach working with the private sector is so important. The FBI is proud to join with our partners at Europol's European Cybercrime Centre, the Joint Cybercrime Action Taskforce (J-CAT), and the Dutch National High Tech Crime Unite to defeat malicious botnets that have the potential to impact thousands."
Beebone acted as a "downloader," which installed other forms of malicious software on victims' computers without their consent or knowledge. An FBI cyber agent told CBS News this type of cybercrime opens the door to malware that can steal your information and your credentials to log into your bank account. It can also cause your computer to participate in other crimes.
Investigators are in the process of determining the number of victims in the United States and around the world that have been impacted by this botnet.
Botnet is the term applied to networks of hijacked machines which criminals or security agencies use to spread malicious software, empty bank accounts and launch attacks.
The FBI, working with foreign and domestic partners, seized approximately 100 domain names used by the botnet. Computers infected with Beebone will no longer report to the criminals responsible for the infection, and will instead feed into a server operated by Europol's European Cybercrime Centre, blocking further malicious activity from those machines and helping to identify victims.
The victory is an illustration of the lengths many hackers go to defeat investigators. Beebone's masters deployed shape-shifting software that updated itself up to 19 times a day. The software's constantly changing form made countermeasures more difficult.
"From a techie's perspective, they made it as difficult as they possibly could for us," said Europol advisor Raj Samani, who spoke to The Associated Press on Wednesday, only an hour after authorities wrested the last rogue server from the criminals' control.
Beebone was modest by botnet standards, but Samani - the chief technology officer of Intel Security's Europe, Middle East and Africa division - said it was state-of-the-art. Beebone relied on a pair of malicious programs that re-downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software's code made it difficult for experts to blacklist the programs.
"In terms of size this is obviously small, but in terms of sophistication, we're talking about an investment by the criminals," he said.
The move is a big step for the Cybercrime Action Taskforce, set up in September in a bid to go after top-level Internet crime. A host of security groups - including Intel Security, Kaspersky and Shadowserver - provided assistance.
Europol would not name any of the victims of the botnet. Europol's Paul Gillen said there had not yet been any arrests.