Application security, Threat Management, Incident Response, Malware, Phishing, TDR

FBI nabs eight in second anti-botnet operation

The FBI announced today that it has charged eight U.S. residents with using powerful botnets to conduct internet fraud and to launch other malicious attacks.

The bust, the culmination of the FBI's Operation Bot Roast II, netted eight men who profited in a number of ways, including lifting sensitive credentials off victims' computers, unleashing punishing DDoS attacks or leasing zombie computers to other offenders, authorities said.

"Today, botnets are the weapon of choice for cybercriminals," FBI Director Robert Mueller said in a statement. "They seek to conceal their criminal activities by using third-party computers as vehicles for their crime. We see the diverse and complex nature of crimes that are being committed through the use of botnets. Despite this enormous challenge, we will continue to be aggressive in finding those responsible."

Since the FBI announced the launch of Operation Bot Roast last June, eight people have been indicted, pleaded guilty or been sentenced, the agency said. Another 12 search warrants have been served in the United States and by overseas law enforcement. The investigation has turned up more than $20 million in fraud losses and more than one million compromised PCs.

But security experts said that without true international cooperation, authorities are barely making a dent in the influx of botnets, which are most pervasive in countries with lax laws.

"I think this is a fairly small impact on the larger problem," Joe Stewart, a researcher at SecureWorks, told today. "There's thousands of these guys. I notice a distinct lack of any arrests being made in Russia, Ukraine and Eastern Europe."

In the most recent bust, the FBI collaborated with the U.S. Secret Service and New Zealand police to take down the suspects.

The eight men arrested were: Ryan Goldstein, 21, of Ambler, Pa.; Adam Sweaney, 27, of Tacoma, Wash.; Robert Bentley of Panama City, Fla.; Alexander Paskalov, 38; Azizbek Mamadjanov, 21, of Florida; John Schiefer, 26, of Los Angeles; Gregory King, 21, of Fairfield, Calif.; and Jason Downey, 21, of Dry Ridge, Ky.

The main goal of bot herders is to infect users' machines by social engineering. Once they own the machines, the cybercrooks can use their zombie army to steal personal information, install spyware or adware or launch DDoS attacks.

"It's a marketplace," Stewart said. "They run it very much like a business and a market, loosely modeled on legitimate activity. They kind of have that attitude. Some of them feel that this is a legitimate business."

Ari Tamman, vice president of channels at Promisec, told today that to stop the botnet problem from persisting organizations must move from "analyzing logs to [deploying] more actionable software."

"They can easily control millions of computers remotely," he said. "When you have control of a whole army of computers that doesn't even know they're being controlled, nobody is going to do a lot about it."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.