Hackers controlling millions of PCs disrupted in Europol sweep

Reuters News
Posted: Feb 25, 2015 3:50 PM

By Anthony Deutsch and Jim Finkle

AMSTERDAM/BOSTON (Reuters) - A cybercrime operation that stole banking information by hacking more than 3 million computers in Indonesia, India and other countries has been disrupted by European police with assistance from three technology companies, officials said on Wednesday.

Europol's European Cybercrime Centre coordinated the operation out of its headquarters in The Hague, targeting the so-called Ramnit botnet, a network of computers infected with malware.

Working with investigators from Germany, Italy, the Netherlands and Britain, it was assisted by AnubisNetworks, a unit of BitSight Technologies; Microsoft Corp and Symantec Corp in dismantling the server infrastructure used by the criminals, Europol said.

"The criminals have lost control of the infrastructure they were using," Paul Gillen, head of operations at Europol's cybercrime center, told Reuters.

Authorities simultaneously seized servers in four countries after Microsoft and the Washington-based Financial Services Information Sharing and Analysis Center sought a court order last week in U.S. court through a sealed lawsuit, according to Microsoft.

Symantec said on its blog that the two countries with the largest number of infected computers were India - where data shows that 27 percent of infections were uncovered - and Indonesia, with 18 percent. Vietnam, the United States, Bangladesh and the Philippines followed.

The malware, installed through links on spam email or infected websites, enabled culprits to take control of the PCs and use them for criminal activities.

Symantec described Ramnit as "a fully-featured cybercrime tool," whose features include the ability to spy on web browsing sessions, steal "cookie" credentials used to authenticate visitors to banking sites and scan hard drives in search of sensitive passwords.

Vikram Thakur, a Symantec researcher, told Reuters that he did not expect any arrests to be made by authorities who are still searching for the ringleaders.

Europol, the European police agency, has been coordinating cross-border efforts to take down criminal infrastructure on the Internet and bring to justice those responsible.

In November, U.S. and European authorities seized more than 400 secret website addresses and arrested suspects in an operation targeting black markets for drugs and other illegal services, known as Silk Road 2.0.

(Editing by Alison Williams, Richard Valdmanis and G Crosse)