U.S. and international authorities arrested 10 cyberhackers allegedly involved in massive fraud and piracy of as many as 11 million PCs and theft of as much as $850 million.
The FBI also said it received critical help from experts at Facebook (NASDAQ:FB), the No. 1 social networking site, which helped identify malware that infected the PCs for nearly two years until October.
The ringleaders devised the so-called “Butterfly Botnet,” which stole critical data such as credit card numbers, bank account numbers and other identifiable information. They used malware called Yahos to compromise PCs and lift the information.
Facebook, of Menlo Park, Calif., which claims to have slightly more than a billion “members,” didn't indicate how many had been affected by the ring. Mark Hammell, the company's chief threat researcher, said it detected the invasions as long ago as 2010 but required law enforcement assistance.
“We realized we didn't have the ability to stop it completely,” Hammell said.
The FBI Cyber Division and International Operations Division, working with counterparts abroad, managed to bust the ringleaders and arrest at least two of the developers of the malware.
The FBI said it has search warrants for more arrests.
Officials declined to say how many suspects were arrested in the ring. Besides the U.S., police arrested other alleged perpetrators in the UK, Bosnia and Herzegovina, Croatia, Macedonia, the Czech Republic, Peru and New Zealand.
The FBI, though, urged all “regular computer users” to check their anti-virus software frequently, as well as to disconnect from the Internet when PCs aren't in use.
On Aug. 10, Facebook signed a consent decree with the U.S. Federal Trade Commission in which it acknowledged it had misled members about their online privacy and agreed to be monitored for compliance for the next 10 years.
Facebook also agreed to pay civil penalties as high as $16,000 per infraction if it violates the agreement. At the time, neither the FTC nor Facebook discussed the Yahos probe.
Facebook's plea followed by a day a similar consent decree signed by Google (NASDAQ:GOOG), the No. 1 search engine, which also agreed to pay a record fine of $22,500 for inadequately protecting privacy of its Google Members.
“We intend to monitor closely Facebook's compliance with this order,” FCC Chairman Jon Leibowitz said at the time.
Facebook urged its members to check the safety of their devices at on.fb.me/InfectedMSE. Users of products from Apple (NASDAQ:AAPL) were immune, though.
Shares of Facebook rose 66 cens to close at $28.24 in Thursday trading.
David Zielenziger is a veteran editor and journalist who has written for newspapers including the Baltimore Sun, Asian Wall Street Journal and EETimes, as well as for...