Microsoft and the FBI break up a $500m-theft botnet Citadel
Microsoft and the FBI have taken down a massive network of hijacked home computers that are involved in more than £323m ($500m) theft from bank accounts. A keylogging program had been installed remotely by the Citadel network in approximately five million computers with the intention of stealing data. Among the 1,400 or more networks of the Citadel botnet, approximately 1,000 are alleged to have been put to halt.
An in line and in time action in 80 countries by banking bodies, tech firms and police force gave an hand in disrupting the network. Microsoft’s digital crimes unit spokesman, Richard Boscovich, said that the criminals will feel the pain.
Password and login credentials for the online bank accounts acquired from the compromised computers were used by the cybercriminals behind Citadel in cashing. Huge number of banks that include Royal Bank of Canada, Fargo, HSBC, PayPal, Bank of America and American Express, were stolen cash by use of this method. After online release of Zeus, a core computer code that is being used widely as a cybercrime kit, Citadel then emerged. Zeus was turned into a separate cybercrime toolkit by underground coders who had banded together. The toolkit proved to be popular quickly in many malicious hackers.
Microsoft said, in a blogspot that detailed its actions, that citadel had also grown due to bundling of the malicious code, which takes over a PC, with windows pirated versions. Millions of the infected computers were distributed around the world. They were mainly concentrated in Australia, India, Hong Kong, Western Europe and North America.
The identity of the botnet’s controller is yet unknown despite the widespread action, that involved confiscations of servers that involved the co-ordinated running of Citadel.
Microsoft has however initiated a ‘John Doe’ lawsuit against the nicknamed Aquabox anonymous controller who is believed to be in Eastern Europe. FBI, Europol and other police forces from other countries are also working together to identify the 81 ‘lieutenants’ who saw the successful running of the Aquabox.
The infected computers were blocked from receiving the security updates. This helped them in maintaining the computers in their network. Microsoft is now helping people in cleaning their computers.