Inside the Takedown of Biggest Cybercriminal Gang to Date

Michael Vizard
Slide Show

The Cost of Cyber Crime

Cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions.

Trend Micro this week disclosed its participation in a multi-year international "Operation Ghost Click" effort that resulted in the arrest of a gang of cybercriminals that has been operating one of the largest botnet operations known to exist.

The effort to take down a network of over 4,000 bots has been under way since 2008, which both illustrates the patience and frustration generally associated with such efforts. According to Dave Sancho, senior threat researcher at Trend Micro, the group's favorite tactic was to insert malware into a select few ads on a Web site, and then divert people to a set of DNS servers that the group has been managing in order to distribute everything from fake anti-virus software to offers to buy various kinds of pharmaceuticals.

According to Trend Micro, the cyber crime group was operating as an Estonian company known as Rove Digital, which is the mother company of many other companies like Esthost, Estdomains, Cernel, UkrTelegroup and many less well-known shell companies.

Discovering the extent of the group's activities was one thing, coordinating the activities of the various enforcement agencies required to take down a cybercriminal organization that operates across multiple borders is another. Sancho says in the case the biggest challenge was first coordinating all the activities of the Federal Bureau of Investigation (FBI) in the U.S. with their counterparts in Estonia. Trend Micro also had to work with a variety of third-party organizations that help track cybercriminal activity to identify the extent of the group's activities, says Sancho.

What's most important, says Sancho, is that it's not enough to simply eliminate the IT infrastructure being used by the cybercriminals, but also make sure that there are no technicalities that would result in those criminals being set free to set up shop again in some other country. The takedown of Rove Digital won't eliminate cyber crime, but Sancho says it will put a noticeable dent for the time being in the volume of criminal activity.

In the meantime, the U.S. is continuing to work on putting the treaties in place that would help accelerate the overall process of bringing cybercriminals to justice. That process is going to require a little more patience. The good news, says Sancho, is that the arrest of these cybercriminal suspects should send a signal to the rest of cybercriminal community that it might soon be only a matter of time before law enforcement officials arrest more suspects that, in many cases, have already been identified.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.