Government Internet Freedom Technology

How a Russian Security Cracker Snatched 00M From Banks

Stay ahead of the curve... Get top posts first!

Thank you for subscribing!

Get updates on Facebook

In the Dark Web world of cyber hackers, “Slavik” achieved legendary stature years ago, then purportedly retired. Instead, authorities say he went on a dazzling crime spree that used more than 1 million infected computers to reach directly into U.S. banks and businesses to steal millions.

The details of Slavik’s handiwork continued to spill out Tuesday after the FBI named him as a leader of a computer crime syndicate that spanned several continents and funneled money around the globe — often without being detected.

The FBI has identified Slavik as Evgeniy Mikhailovitch Bogachev, a Russian national whose whereabouts remain a mystery. Prosecutors say he is responsible for two of the most sophisticated and destructive forms of malicious software in existence — Gameover Zeus and CryptoLocker.

His alleged bank heists topped 00 million, including nearly million from a bank in North Florida, 74,000 from a PNC bank account belonging to a plastics company in Pennsylvania, and 90,800 from the bank account owned by an assisted-living facility in Pennsylvania, court papers say.

Bogachev allegedly controlled a vast worldwide network that included computers in Canada, Germany, France, Luxembourg, Iran, Kazakhstan, the Netherlands and the United Kingdom. But the backbone of the infrastructure resided in the Ukraine, according to a senior U.S. law enforcement official who was not authorized to speak publicly because of the pending court cases.

The operation to dismantle the network began on May 7 in Donetsk and Kiev, Ukraine, two cities convulsing with political violence. Ukrainian police seized and copied key computers in the network, prosecutors said. On Friday, the FBI, working with police around the world, kicked off a 72-hour operation to shut down every command-and-control computer in the Zeus network.

By Saturday, CryptoLocker had ceased working. By Monday, police had freed more than 300,000 computers from the Zeus network.

Bogachev, 30, who lives luxuriously in Anapa, Russia, a beautiful seaside resort town of 60,000 on the northern coast of the Black Sea, and often sails his yacht to various Black Sea ports, remains a fugitive.

Gameover Zeus or P2P Zeus, emerged in September 2011. The malicious software is designed to steal confidential banking credentials and passwords.

The heist begins with a phishing e-mail designed to entice a computer user to click on a link. The link launches the virus, which surreptitiously infects the computer. The malware includes a key-logger that can capture every keystroke made by the user and injects codes that can replace a legitimate banking site with a fake site that asks the user for confidential information, such as credit card and Social Security numbers, while still allowing it to communicate with the legitimate site.

The computer becomes part of a network of infected computers, called a “botnet,” that can be controlled remotely by the criminals. The hackers’ computers accessed victim accounts and moved money from banks in Pennsylvania, to Atlanta, and then sent to the UK with ease.

To draw attention away from the massive transfers, the hackers often created a diversion, such as a denial of service attack that would bombard the website with traffic in an attempt to shut it down.

The syndicate also frequently targeted U.S. hospitals, taking control of the large payroll systems and redirecting direct deposits to hacker-controlled accounts, Peterson wrote.

The hackers also used the Zeus botnet to deploy CryptoLocker, the malware that encrypts a computer’s data and locks it up unless a victim pays a ransom. The ransoms, which reached as high as 50, had to be paid in untraceable money cards or bitcoin. The FBI estimates CryptoLocker infected 230,000 computers, including 120,000 in the U.S.

The FBI and private computer security firms have disrupted “botnets” before. Most “botnets” rely on a small number of “command-and-control” servers operated by the hacker that issue orders to the infected computers. Law enforcement can disrupt network by capturing and shutting down the command servers. But the Gameover Zeus network was different. Zeus made every infected computer part of the control structure, allowing them to traffic stolen data through any computer in the network.

“Gameover Zeus is the grandchild of the original Zeus and it’s much more sophisticated in every way,” says Tom Kellermann, chief cyber security officer for Trend Micro, a computer security firm in Dallas, one of many firms that gave technical assistance to the FBI.

A key break in the case came from a compromised computer server in the United Kingdom that FBI agents at first believed served as a communications hub for the hackers. British police secretly copied the contents of the server.

Once the FBI understood the network’s structure, the cyber squad devised a massive technical plan to take it down. Analysis of the network found the hackers need just 24 hours to completely update their system and respond to private industry attempts to block them, court papers say.

As part of the take down, the FBI seized the domain names so when the infected computers began their weekly check-in they were routed instead to a safe FBI-controlled computer.


Want our best on Facebook?

Facebook comments

“How a Russian Security Cracker Snatched 00M From Banks”