FBI set to kill secret-stealing Russian 'botnet.' Is your computer infected?
The FBI has seized control of a Russian cybercrime enterprise, but to kill it completely, officials may ask to rip some malware out of your computer. US diplomatic secrets could be at stake.
(Page 4 of 4)
But with millions of botnets available to take down, why focus on Coreflood? Though the Coreflood gang took care to remain “below the radar,” investigators say they may have finally hit a nerve – a US government so sensitized to data theft by repeated cyberintrusions that it apparently decided enough was enough.Skip to next paragraph
Subscribe Today to the Monitor
“Part of the reason I think it received some attention by the government is that Coreflood steals an enormous amount of data,” says Don Jackson, director of threat intelligence for Dell SecureWorks in Atlanta, whose company is one of the few to study the botnet in detail since 2003.
Unlike a far more well-known banking botnet program called Zeus, which is programmed to know exactly which bits and bytes to go after to make money, financial records were “just part of volumes of information” that Coreflood stole.
“Coreflood itself is indiscriminate,” Mr. Jackson says. “It will steal all the information in your docs folder, it will steal all the passwords, all the e-mail accounts, upload all of that to the servers. Most of it may never be seen by the [Coreflood] operators. They're just searching for information in that vast data store that they can use. But within that information – because it does steal everything, and monitors everything – it transfers a lot of data back to the operators. And that includes information for sensitive government systems.”
In case of one key state police law enforcement computer system it infiltrated, Coreflood captured passwords so “you could tell which drug dealer had a civilian informant sign an affidavit in order to produce a warrant,” Jackson says.
Master key for embassy in Middle East
“One of the more telling pieces of information we found was a login – basically a master key to the networks at US embassies in Middle Eastern countries,” Jackson says. “Whether the operators [of Coreflood] realized they had that or not is one thing. But if they did, it’s a huge risk to have that in the hand of Russian criminals and the kinds of people they associate with.”
Asked to describe which embassies, Jackson said the master key was “for one US embassy in this case. We turned that over to the DOJ, and the State Department took measures – more than a year ago – and it’s been well taken care of.... That’s a good example of the kind of information Coreflood steals in systems that would really be worthy of the government's interest.”
Was there a tipping point that led the FBI to swoop in on Coreflood? Apparently it took Coreflood hammering several agencies, including Pentagon systems.
“The embassy systems [that were affected] were the State Department’s,” he says. “What I can say about it is that government and military systems were impacted by it – some many years ago…. Some agencies were aware of it a lot earlier than others.”
MONITOR QUIZ: How much do you know about cybersecurity?