The Federal Bureau of Investigation in the US, with the help of Microsoft and authorities spread across numerous countries, has cracked down on vast crime ring that used an array of malicious computer networks to commit more than half a billion dollars worth of bank fraud.
The technology giant, working with law enforcement and partners in the financial services industry, helped take down more than 1,400 botnets, or networks of computers infected with malicious software know as malware. Once installed, the malware, called Citadel, would monitor and record the victim’s keyboard commands. This allowed the cybercriminals behind the nefarious software to record personal identity information and gain access to bank accounts.
According to Microsoft, the Citadel malware “has affected upwards of five million people” in places as far apart as the US, Singapore, India, Australia and Europe. “The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world,” Microsoft’s general counsel Brad Smith said.
The action came after Microsoft filed a civil case against the alleged operators of the Citadel botnets last week and received the all-clear from a US Court to cut off communication between the botnets. The alleged criminals were only identified in the court documents as “John Does,” indicating that authorities are yet to track down the operators.
“[These] actions represent the future of addressing the significant risks posed to our citizens, businesses, and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software,” Richard McFeely, the FBI’s executive assistant director, said.
“We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible.”
Despite the vast, coordinated crackdown, Microsoft said that given the extent of the criminal operation it is likely some botnets using the Citadel malware are likely to remain in action.