Google announced Tuesday that it coordinated with industry partners to disrupt a botnet made up of a million infected devices, as well as suing its operators, which are believed to be based in Russia.
In a statement posted to its blog, Royal Hansen, vice president of security, and Halimah DeLaine Prado, general counsel, described how Google’s Threat Analysis Group tracked the Glupteba botnet that was infecting Windows and other Internet of Things devices.
“Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers,” they wrote.
Glupteba’s operators lost control of the botnet after Google and its partners disrupted their command-and-control infrastructure.
Hansen and Prado wrote that they think the lawsuit against the two operators of the blockchain-enabled botnet, filed in the Southern District of New York, will set a precedent that will create legal liabilities and risk for operators, and will help deter future activity.
They noted that blockchain technology allows botnets to recover more quickly from disruption, and Google is working with industry and government to combat the use of botnets such as Glupteba.
“We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on the Internet.”