Calgary Herald

Cybercrime fighters crush malicious botnet

Servers with shape- shifting software had hijacked 12,000 machines

- RAPHAEL SATTER

A new group of internatio­nal cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.

The eliminatio­n of the Beebone botnet is an early success chalked up by the Joint Cybercrime Action Taskforce, a co- ordination body created last year by the FBI, Britain’s National Crime Agency, Europol and host of other internatio­nal law enforcemen­t agencies.

It’s also an illustrati­on of the lengths many hackers go to defeat investigat­ors. Beebone’s masters deployed shape- shifting software that updated itself up to 19 times a day.

“From a techie’s perspectiv­e, they made it as difficult as they possibly could for us,” said Europol adviser Raj Samani, who spoke to The Associated Press on Wednesday, only an hour after authoritie­s wrested the last rogue server from the criminals’ control.

Botnet is the term applied to networks of hijacked machines which criminals or security agencies use to spread malicious software, empty bank accounts and launch attacks.

Beebone was modest by botnet standards, but Samani — the chief technology officer of Intel Security’s Europe, Middle East and Africa division — said it was stateofthe- art. Beebone relied on a pair of malicious programs that re- downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software’s code made it difficult for experts to blacklist the programs.

“In terms of size this is obviously small, but in terms of sophistica­tion ... we’re talking about an investment by the criminals,” he said.

The move is a big step for the Cybercrime Action Taskforce, set up in September in a bid to go after top- level Internet crime. A host of security groups — including Intel Security, Kaspersky and Shadowserv­er — provided assistance.

Europol would not name any of the victims of the botnet. Europol’s Paul Gillen said there had not yet been any arrests.

?? PAUL WHITE/ THE ASSOCIATED PRESS ?? Raj Samani, chief technology officer of Intel Security’s Europe, Middle East and Africa division, said the Beebone botnet relied on a pair of malicious programs that re- downloaded each other.
PAUL WHITE/ THE ASSOCIATED PRESS Raj Samani, chief technology officer of Intel Security’s Europe, Middle East and Africa division, said the Beebone botnet relied on a pair of malicious programs that re- downloaded each other.

Newspapers in English

Newspapers from Canada