7 Recent Wins Against Cybercrime
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
May 24, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt21bac01319517f3d/64f0d45ca28258461d3325d7/01.jpg?width=700&auto=webp&quality=80&disable=upscale)
The mind-numbing frequency with which new data breaches and attacks happen these days can sometimes cause the impression that cybercriminals have free reign to do what they want.
In reality, law enforcement organizations in the US and in several other countries have been recently notching up some important and impressive wins against cybercriminals. Just like a majority of large cybercrime operations are international in scope, the arrests, website takedowns, and prosecutions have also often been the result of extensive collaboration between US agencies and their counterparts around the world.
The most recent case in point are indictments that were announced against members of GozNym, a cybercrime operation that is believed to have stolen millions of dollars from the online bank accounts of companies in the US and elsewhere.
It's too soon to see what impact these actions will have on cybercrime activity over the next few years. In some cases, law enforcement actions have had an immediate short-term impact. Last year's takedown of the Webstresser DDoS-for-hire service, for example, is believed to have contributed to a broad decline in distributed denial-of-service (DDoS) activity through most of last year. Often, though, such positive outcomes have been transient and temporary at best.
Even so, the increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders. Here, in no particular order, are some of the more significant arrests, indictments, and takedowns over the past 18 months.
This month the US Department of Justice announced charges against 11 members of GozNym, an international cybercrime operation that stole money from bank accounts belonging to companies in the US and Europe.
US law enforcement agencies and counterparts in several other countries have accused the gang of infecting some 41,000 computers worldwide with malware for stealing online banking credentials and then using them to try and steal over $100 million.
Five members of the gang remain free in Russia. The other individuals are based in Georgia, Bulgaria, Moldova, and Ukraine; they are being prosecuted in their respective countries.
One individual, Krasimir Nikolov, was arrested in Bulgaria and extradited to the US in December 2016. He is accused of using stolen credentials to illegally access online banking accounts and transfer money from them to accounts held by the criminals. Nikolov has pleaded guilty to his role in the GozNym operation and is scheduled for sentencing in Pittsburgh this August.
The FBI, in collaboration with Europol and law enforcement agencies in Belgium and Ukraine, shut down xDedic, a Russian language online marketplace known for trading in stolen identities and selling access to previously compromised systems. US authorities issued orders to seize xDedic's domain in mid-January, and the site was forced offline shortly later.
At its peak, criminals could purchase access to some 70,000 compromised servers on xDedic belonging to organizations in more than 170 countries. For as little as $6, a criminal could purchase access to all of the data on a compromised system and also use it to attack others. The compromised systems were available from over 416 sellers who used xDedic as a platform to advertise and sell their services. US authorities have estimated the marketplace helped enable more than $68 million in fraud.
The xDedic takedown, like many others in recent times, was the result of a year-plus-long investigation involving teams from the FBI, IRS, and the DHS from the US side, teams from Belgium, and the Prosecutor General office in Ukraine in Europe.
Seventy-four individuals were arrested last June for their part in a massive business email compromise (BEC) operation spanning the US and at least four other countries. The arrests came at the end of a six-month-long coordinated law enforcement initiative dubbed Operation Wire Wire, involving the US departments of Justice, Homeland Security, and Treasury, and the Postal Inspection Service. Authorities seized nearly $2.4 million from members of the operation and disrupted another approximately $14 million in fraudulent wire transfers.
Forty-two of the alleged operators of the scam were arrested in the US, with another 29 in Nigeria. The three remaining members of the group were arrested in Canada, Poland, and Mauritius. Law enforcement officials in Indonesia and Malaysia contributed to the operation.
The FBI last year estimated that BEC scams have caused over $12 billion in losses to businesses globally between 2013 and 2018.
One reason why DDoS attacks have continued to be popular among criminals is the easy availability of DDoS-for-hire services. In April 2018, Europol and other European law enforcement agencies scored a major victory against such operations when they managed to shut down "Webstresser," one of the biggest DDoS-for-hire services at the time. At the time of the takedown, Webstresser had more than 136,000 registered users and had helped enable a staggering 4 million DDoS attacks worldwide. DDoS services were available to subscribers for as little as 15 euros a month, making it possible even for individuals with no technical knowledge to launch a crippling attack on a target with little effort.
Six administrators of the DDoS services were arrested in Canada, the UK, Serbia, and Croatia, and all computing infrastructure used for the operation was seized. Europol, working in coordination with police in a dozen countries, also took action against several top users of Webstresser's service in a campaign it called "Operation Power Off." Among those arrested were Webstresser clients in the UK, Netherlands, Australia, and Canada. The dismantling of the Webstresser operation is believed to have caused a sharp decline in DDoS attacks for most of 2018, but the numbers have begun trending up again recently.
One of the most significant victories in the fight against cybercrime came in February 2018 when authorities in the US and a dozen other countries shut down Infraud Organization, a group believed to be responsible for over $530 million in losses over a seven-year period. A total of 26 individuals in 17 countries were charged with wire fraud, money laundering, and a long list of other crimes.
In a charging document, the US government described Infraud Organization as a marketplace for trading in stolen identities, stolen credit and debit card data, financial data, and malware products. It also offered an escrow service for cybercriminals looking to transact in stolen data using cryptocurrency.
Law enforcement investigators estimated that Infraud had over 10,900 members at its peak from several countries including the US, Russia, Australia, Ukraine, Pakistan and Bangladesh.
A federal grand jury in New Jersey last November indicted two Iranian nationals for their alleged roles in creating and distributing SamSam, a particularly nasty piece of malware that hit several hospitals and government agencies in the US. Faramarz Savandi, 34, and Mohammad Mansouri, 27, of Iran were charged for crimes that resulted in them collecting some $6 million in ransom payments, causing over $30 million in additional losses to victims.
Victims of the SamSam pair included the cities of Atlanta (Ga.) and Newark (N.J.), the Port of San Diego, Hollywood Presbyterian Medical Center in Los Angeles, Allscripts Healthcare Solutions, and the Colorado Department of Transportation.
Savandi and Mansouri are believed to be operating out of Iran and remain fugitives from justice.
A federal grand jury in New Jersey last November indicted two Iranian nationals for their alleged roles in creating and distributing SamSam, a particularly nasty piece of malware that hit several hospitals and government agencies in the US. Faramarz Savandi, 34, and Mohammad Mansouri, 27, of Iran were charged for crimes that resulted in them collecting some $6 million in ransom payments, causing over $30 million in additional losses to victims.
Victims of the SamSam pair included the cities of Atlanta (Ga.) and Newark (N.J.), the Port of San Diego, Hollywood Presbyterian Medical Center in Los Angeles, Allscripts Healthcare Solutions, and the Colorado Department of Transportation.
Savandi and Mansouri are believed to be operating out of Iran and remain fugitives from justice.
The mind-numbing frequency with which new data breaches and attacks happen these days can sometimes cause the impression that cybercriminals have free reign to do what they want.
In reality, law enforcement organizations in the US and in several other countries have been recently notching up some important and impressive wins against cybercriminals. Just like a majority of large cybercrime operations are international in scope, the arrests, website takedowns, and prosecutions have also often been the result of extensive collaboration between US agencies and their counterparts around the world.
The most recent case in point are indictments that were announced against members of GozNym, a cybercrime operation that is believed to have stolen millions of dollars from the online bank accounts of companies in the US and elsewhere.
It's too soon to see what impact these actions will have on cybercrime activity over the next few years. In some cases, law enforcement actions have had an immediate short-term impact. Last year's takedown of the Webstresser DDoS-for-hire service, for example, is believed to have contributed to a broad decline in distributed denial-of-service (DDoS) activity through most of last year. Often, though, such positive outcomes have been transient and temporary at best.
Even so, the increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders. Here, in no particular order, are some of the more significant arrests, indictments, and takedowns over the past 18 months.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024