Skip to main content

FBI, Justice seize destructive 'botnet' in cybercrime takedown

By Terry Frieden, CNN Justice Producer
STORY HIGHLIGHTS
  • Hundreds of thousands of computers were taken over
  • Millions of dollars stolen from victims
  • 13 suspects believed to be overseas

Washington (CNN) -- Federal prosecutors filed a lawsuit Wednesday and FBI agents executed search warrants aimed at crippling a "botnet" that had infected millions of computers and caused financial losses estimated in the hundreds of millions of dollars.

No arrests have been made, but the criminal investigation continues and is focused on more than a dozen suspected foreign conspirators, according to senior FBI officials. The FBI would not say where the suspects are, but acknowledged the cyberschemes are consistent with those they have seen originating in Eastern Europe.

Another senior FBI official briefing reporters on the case late Wednesday said the case marked the first time the government had been able to take control of criminals' illegal servers and initiate commands to infected computers to "stop" stealing information or carrying out the commands of the perpetrators.

Federal agents said they had gone to court in Connecticut and received a temporary restraining order to disable the international "botnet," which uses a malicious software program known as Coreflood.

Federal law enforcement officials said this botnet had become a network of hundreds of thousands of computers infected with the Coreflood program, which installs itself by exploiting a vulnerability in computers run by Windows operating systems.

Authorities say Coreflood allowed the infected computers to be controlled remotely, which enabled operators to steal private personal and financial information.

A computer fraudulently subject to remote control is referred to as a "bot," short for robot.

The FBI said Microsoft had worked cooperatively with federal cybersleuths in the investigation.

The Justice Department in Washington said the U.S. Attorney in Connecticut had filed a civil complaint against 13 unnamed defendants, alleging they had engaged in wire fraud, bank fraud and illegal interception of electronic communications.

Search warrants were issued and searches conducted at four computer server locations in the U.S., officials said.

"Botnets and the cybercriminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," said FBI executive Shawn Henry. The actions taken to stop the threat posed by Coreflood are the first of their kind in the U.S. and reflect FBI efforts to make the Internet more secure, he said.

The overseas cybercriminals had established a command and control location inside the U.S. where hundreds of thousands of victims had lost millions of dollars, mostly funds stolen from bank accounts and credit cards.

However, the senior FBI officials said worldwide there were many millions of victims with total losses projected to be several hundred million dollars.