Microsoft, FBI And International Agencies Disrupt Massive Citadel Botnet Cyber Crime Ring

   on June 06 2013 6:10 AM
  • Microsoft Reaches Settlement With Nitol Botnet Defendants
    Microsoft curtailed threats to PCs stemming from Nitol botnet by reaching a settlement with Peng Yong, the operator of 3322.org, where the botnet was identified to be hosted. Reuters
  • Microsoft sign
    The Microsoft logo hangs from a window during the grand opening of Microsoft's first retail store in Scottsdale, Arizona October 22, 2009. Reuters
  • Investigators with the Federal Trade Commission look at computer monitors in the FTC internet lab where cyber crime investigations take place, in Washington March 22, 2010.
    Investigators with the Federal Trade Commission look at computer monitors in the FTC internet lab where cyber crime investigations take place, in Washington March 22, 2010. REUTERS
1 of 3

Microsoft Corporation (NASDAQ:MSFT) said on Wednesday that, in a joint operation with the Federal Bureau of Investigation and other agencies, it disrupted a far-reaching cyber crime network that was responsible for $500 million in losses to consumers, banks and other financial institutions.

Microsoft in a press release said “it has successfully disrupted more than a thousand botnets that are responsible for stealing people’s online banking information and personal identities.”

These networks known as Citadel Botnets have infected more than five million personal computers in more than 90 countries across the world, with the maximum attacks having occurred in the U.S., Europe, Hong Kong, Singapore, India and Australia.

However, the company press release also notes that, "Due to the size and complexity of the threat, Microsoft and its partners do not expect to fully eliminate all of the botnets using Citadel."

According to Microsoft, Citadel Botnets are bundled with pirated Windows software and have hidden key loggers. Once a computer is infected with Citadel malware, it records a user's every keystroke on the affected computer and then transmits it to a master server, which is controlled by cyber criminals known as botherders.

As a result, when users access their bank accounts online, they unwittingly provide access to banking passwords and other confidential information to the botherders, enabling them to withdraw money or commit other crimes using the victim’s bank accounts and personal identity.

Last week, Microsoft received a court order to “simultaneously cut off communication between 1,462 Citadel botnets and the millions of infected computers under their control, in a civil suit filed with the U.S. District Court for the Western District of North Carolina," the release said.

Microsoft officials escorted by federal marshals seized data and evidence of the botnets from infected computer servers in two data-hosting facilities in New Jersey and Pennsylvania. 

The company said it will work with internet service providers and computer emergency response teams on the intelligence gathered during the raids and let users know if their computer is infected.

The FBI said it is coordinating with other international cybercrime prevention agencies to capture the criminals. Although the Citadel disruption drive disabled the botnets, their creators and perpetrators of the cyber crime remain unidentified.

"We are upping the game in our level of commitment in going after botnet creators and distributors," FBI Assistant Executive Director Richard McFeely said in an interview with Reuters.

"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and - if we can - get U.S. criminal process on these botnet creators and distributors," he added.

According to the Reuters report, Microsoft said that the Citadel Botnet creators are likely stationed in the Ukraine or Russia, because the Citadel software does not target computers or financial institutions in these countries in order to avoid trouble with law enforcement officials there.

The FBI and Microsoft expect the massive assault to land a big blow to the operations of cyber criminals using Citadel Botnets. Microsoft said that the current disruption will make it “riskier and more expensive" for cyber criminals to operate and it will help the victims to clean their computers using malware tools.

Microsoft said information about the infected machines will be available through its Cyber Threat Intelligence Program, or C-TIP, and added that it offers free information and malware removal tools on its website.

Join the Discussion