Politicians, security researchers and others involved in the fight against cybercrime often compare the situation to efforts to combat traditional organized crime. Some of the tricks and tactics are comparable, and so are the motives, but there’s one major difference between the two groups: Cybercriminals have virtually no fear of being caught. The chances of a cybercriminal being caught, prosecuted and actually serving time in prison are incredibly small, especially in relation to the volume of cybercrime activity occurring today.
“The absence of cross-border agreements and lax enforcement even when there are anti-cybercrime laws in some parts of the world combine to make it near impossible to put a dent in online crime. Legal statutes around the world are slow to respond to the threat even when investigations pinpoint the source of cybercrime,” said Ryan Naraine, senior security evangelist at Kaspersky Lab.
So when law enforcement agencies make an arrest, even if it doesn’t seem like it’s significant in the overall scheme of things, the arrest usually makes news. The last year has seen a number of fairly noteworthy arrests and disruptions of cybercrime operations around the world. Here’s a look at some of the more significant and effective arrests in recent months.
- Anonymous No Longer Anonymous: The hacking collective known as Anonymous has been conducting attacks against selected commercial and political targets for several years and law enforcement agencies have been struggling to get inside the organization and take it down for just as long. One of the first big successes was a series of arrests by law enforcement in several countries of Anonymous members in several countries. The people arrested were accused of launching attacks against sites in Chile, Colombia and other countries.
- Feds Nab Sabu: In March 2012, law enforcement had perhaps its biggest success to date against Anonymous, when agents arrested Sabu, a reputed leader of the Anonymous offshoot known as LulzSec. The arrest of Sabu sent shockwaves through the underground community and began a slow unraveling of the group. Sabu, whose real name is Hector Xavier Monsegur, has been cooperating with the FBI and his sentencing has been delayed several times, most recently in February.
- Alleged Zeus Botmaster Stole $100M: The ZeuS crimeware kit has probably caused more damage and financial losses in the recent years than any other, and authorities have been tracing its use, trying to follow the trail back to the creator of the kit or the people who run the various ZeuS botnets. In January, law enforcement agents in Malaysia arrested a man named Hamza Bendelladj, whom they say is the operator of the one of the larger ZeuS botnets, responsible for $100 million in thefts from various U.S. banks.
- Butterfly Botnet’s Wings Clipped: Botnets, like the ones operated by users of ZeuS, are key tools in the cybercriminals’ arsenal. They’re used for spam, DDoS attacks and bank fraud operations and it’s difficult to pin down their operators. One notable recent success was an operation by authorities in New Zealand, the United States, the UK and other countries that arrested 10 people alleged to be involved in operating the Butterfly botnet. That botnet used the Yahos malware to infect users on Facebook and authorities say the attackers stole roughly $1 billion over the years.
- Carberp Malware Gang Busted: Banking Trojans such as Carberp are a dime a dozen, but that doesn’t mean that law enforcement agencies aren’t going after the attackers behind these pieces of malware. The successes have been slow in coming, but in 2012 authorities in Russia arrested several men allegedly involved in the operation of Carberp. The profits that the Carberp gang allegedly brought in are relatively small–$2 million—but each arrest in this area is an important step in making a dent in cybercrime.
- The SpyEye Who Loved Me: Along with Zeus, SpyEye is one of the more popular banking Trojans in use today, and the two piece of malware are in fact closely related. In July 2012 authorities arrested Pavel Cyganok, 28, of Lithuania, and Ilja Zakrevski, 26, of Estonia, for allegedly using the SpyEye Trojan to pilfer the online banking credential of their victims. They were subsequently charged by the Metropolitan Police Central e-crime unit with violating the UK’s Computer Misuse Act. Meanwhile, a third man, Aldis Krummins, 45, of Latvia found guilty of laundering money in conjunction with the investigation.
- Mega Bust Takes Down MegaUpload: Cybercrime takes many forms, and it’s not always an obvious violation such as using malware or committing identity theft. In January 2012, law enforcement agents from the U.S. and New Zealand collaborated on a takedown of the MegaUpload file-sharing service and conducted a dramatic raid of the house of Kim Dotcom, the service’s founder. New Zealand government officials later apologized to Dotcom, saying they overreached and conducted illegal electronic monitoring on his communications. More than a year later, most of the case is still unresolved.
- Japan Cracks Down on Malicious Android Apps: As users have moved more and more of their daily computing to mobile devices, attackers have followed in droves. In October 2012, a group of five Android developers in Japan were arrested for allegedly creating an information stealing virus, stashing it in a seemingly legitimate Android application, and disseminating to some 90,000 devices where it stole more than 10 million pieces of personal information from infected devices.
- Spain Says No Mas to Ransomware: Spain has emerged as one of the tougher countries in which to operate if you’re a cybercriminal. The country has been cracking down on malware gangs, carders and other attackers for several years now. In February eleven suspected cybercriminals were arrested in a joint Europol-Spanish law enforcement operation in Spain and UAE. Suspects are alleged to have operated the Police Virus, a piece of ransomware that accused its victims of committing some crime before locking their machines down and demanding the payment of a €100 fine. The malware also stole data. In all, the gang was estimated to net more than €1 million annually.
- Hacking the Grid: In June 2012 a Pennsylvania man was arrested after a Massachusetts grand jury issued a four-count indictment alleging that he hacked into computer networks belonging to the U.S. Department of Energy (DoE) and the University of Massachusetts and tried to sell access to a DoE supercomputer for $50,000 to an undercover FBI agent.
While the cybercrime situation is still quite bad, these operations show that the law enforcement agencies around the world are beginning to make some progress.
“Any state is going to be interested in building an effective mechanism for combating things like cybercrime. However, it can only be effective when the powers of a state are combined with those of private companies such as telecommunications operators, Internet service providers, antivirus vendors, electronic payment systems, etc., that have the capabilities and expertise to assist law enforcement agencies to investigate cybercrime. As a company possessing unique knowledge and experience in this sphere Kaspersky Lab supports the law enforcement agencies of various states when they conduct such investigations. An effective system of collaboration between states and private companies, however, should not just focus on investigating cybercrimes that have already been committed; the system should also be capable of coming up with and implementing measures that, first and foremost, prevent cybercrime,” said Igor Chekunov, chief legal officer of Kaspersky Lab.