Europol said a global effort led by Microsoft Corp to stop one of the world’s biggest cybercrime rings has succeeded in wiping out the malicious computer networks that the gang used, known as the Citadel Botnets.
Microsoft’s Digital Crimes Unit, with help from authorities in more than 80 countries, on Wednesday cut off the servers controlling as many as 5 million infected PCs that belonged to the cybercrime operation, which is believed to have stolen more than US$500 million from bank accounts over the past 18 months.
“Basically the Citadel bug is now clean,” Troels Oerting, head of Europol’s European Cybercrime Centre, said on Thursday.
The details are still emerging about the individual roles that dozens of countries across Europe and Asia played in bringing down the estimated 1,400 botnets that were part of the Citadel operation.
Andy Archibald, interim Deputy Director of Britain’s National Cyber Crime Unit, said on Thursday that his agency had seized “a number of servers” as part of the effort and was closely working with the FBI on its investigation into Citadel.
Archibald said forensics experts were examining the servers.
Microsoft said on Wednesday that it had collected forensic evidence from two US-based Internet hosting providers, under a federal court order that the company obtained by filing a civil lawsuit against the unknown operators of Citadel.
Citadel was used against dozens of financial institutions by stealing passwords with key logging software. The victims include American Express, Bank of America, Citigroup, Credit Suisse, EBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, Microsoft said.
Botnets are armies of infected PCs, or bots, which run software forcing them to regularly check in with and obey “command and control” servers operated by hackers.
Besides financial crimes, botnets are also used to send spam, distribute computer viruses and attack computer networks.
Microsoft said in its court filing that it suspects the developer of the Citadel software, who goes by the alias Aquabox, lives in eastern Europe and works with at least 81 “herders,” who may be running the bots from anywhere in the world.
The Citadel software is programed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.