Showing posts with label GAMEOVER ZEUS. Show all posts
Showing posts with label GAMEOVER ZEUS. Show all posts

Tuesday, February 24, 2015

U.S. ASSISTANT AG CALDWELL ANNOUNCES REWARD FOR LEADER OF MALWARE CYBER-GANG

 FROM:  U.S. JUSTICE DEPARTMENT
Assistant Attorney General Leslie R. Caldwell Announces Reward for Cyber Fugitive at Washington Foreign Press Center
Washington, DCUnited States ~ Tuesday, February 24, 2015

Good afternoon, thank you all for joining us.

Today, we are announcing a reward for information leading to the arrest and/or conviction of Evgeniy Bogachev, an alleged leader of a tightly knit gang of cyber criminals based in Russia and Ukraine who were responsible for the development and operation of both the Gameover Zeus and Cryptolocker malware.

Gameover Zeus was one of the most sophisticated and damaging botnets ever encountered, infecting between 500,000 and one million computers worldwide, and causing more than $100 million in financial losses to businesses and consumers in the United States alone.

On top of that, the Cryptolocker ransomware infected more than 250,000 computers worldwide, and targeted companies big and small, as well as individuals.

In May and June 2014, we were able to wrest control of the Gameover Zeus botnet from the criminals and take Cryptolocker offline.  This was thanks to an unprecedented action orchestrated by law enforcement and private sector partners in 10 different countries.

Today, due to the work of the FBI and its partners, Gameover Zeus has been neutralized and is out of the criminals’ hands and Cryptolocker remains non-operational.  

But one significant part of the puzzle remains incomplete, as Bogachev remains at large.  Although we were able to significantly disrupt the Gameover Zeus and Cryptolocker criminal enterprise, we have not yet brought Bogachev himself to justice.

We must not allow international borders to shield criminals from the law.  As more nations join the fight against international cybercrime, the number of countries once perceived as sanctuaries is shrinking, and will continue to shrink.  

In the case of Bogachev, the same international coalition that brought down his botnet is now chasing him.

We appreciate the State Department shining the light on this important case again today.  This reward will reinvigorate the efforts to find Bogachev and encourage others to join the hunt.

I am confident that Bogachev will one day be caught and brought to face justice in the United States.

Tuesday, June 3, 2014

ASSISTANT AG CALDWELL'S REMARKS FOR GAMEOVER ZEUS AND CRYPTOLOCKER OPERATIONS AND RELATED CYBER THREAT

FROM:  U.S. JUSTICE DEPARTMENT 
Assistant Attorney General Leslie R. Caldwell Delivers Remarks for the Gameover Zeus and Cryptolocker Operations and Related Criminal Charges
Washington ~ Monday, June 2, 2014

Good afternoon and thank you, Deputy Attorney General Cole, for the warm welcome.   It is indeed a pleasure to return to the Justice Department, and an honor to serve as the head of the Criminal Division.   I am reminded today, however, of how much the cyber threat landscape has changed since I last worked as a federal prosecutor.

Evgeniy Bogachev and the members of his criminal network devised and implemented the kind of cyber crimes that you might not believe if you saw them in a science fiction movie.   By secretly implanting viruses on computers around the world, they built a network of infected machines – or “bots” – that they could infiltrate, spy on, and even control, from anywhere they wished.   Sitting quietly at their own computer screens, the cyber criminals could watch as the Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers and networks in the United States.   And then the criminals turned that information into cash by emptying the victims’ bank accounts and diverting the money to themselves.   Typically, by the time victims learned they had been infected with Gameover Zeus, it was too late.

The Cryptolocker scheme, by contrast, was brutally direct about obtaining victims’ money.   Rather than watch and wait, the cyber criminals simply took the victim’s computer hostage until the computer owner agreed to pay a ransom directly to them.   They used sophisticated encryption – a tool originally designed to protect data from theft – to make it impossible for victims to access any data stored on their computers.  The criminals effectively held for ransom every private email, business plan, child's science project, or family photograph – every single important and personal file stored on the victim’s computer.   In order to get their data back, computer owners had to hand over their cash.   As with Gameover Zeus, once you learned you were infected with the Cryptolocker malware, it was too late.

As the Deputy Attorney General mentioned, these schemes were highly sophisticated and immensely lucrative, and as you can imagine, Bogachev and his co-conspirators did not make them easy to reach or disrupt.   But under the leadership of the Justice Department, federal prosecutors, FBI agents and analysts, foreign law enforcement authorities in more than 10 different countries, and numerous private sector partners joined together to disrupt both these schemes.

Here is what we did: first, on May 7, in coordination with the FBI, Ukrainian authorities seized and copied key Gameover Zeus command servers in Kiev and Donetsk.   Then, on Monday, May 19, as you will hear from U.S. Attorney Dave Hickton, we obtained sealed criminal charges against Bogachev in Pittsburgh charging him with illegal hacking, fraud and money laundering.   We took more steps on Wednesday, May 28, obtaining civil court orders against Bogachev and his co-conspirators based on federal laws that prohibit ongoing fraud and the illegal interception of communications.   These orders allowed us to cause the computers infected with Gameover Zeus to cease communicating with computer servers controlled by the criminals, and instead to contact a server established by the court order.   The court also authorized us to collect information necessary to identify the victim computers so that we can provide that information to public- and private-sector entities that can help the victims rid their computers of the infection.   At the same time, our foreign law enforcement partners seized critical computer servers used to operate Cryptolocker, which resulted in Cryptolocker being unable to encrypt victim files.

Beginning in the early morning hours on Friday and continuing through the weekend, the FBI and foreign law enforcement then began the coordinated seizure of computer servers around the world that had been the backbone of Gameover Zeus and Cryptolocker.   These seizures took place in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the United Kingdom.   Recognizing that seizures alone would not be enough because cyber criminals can quickly establish new servers in other locations, our team began a carefully timed sequence of technical measures to wrest from the criminals the ability to send commands to hundreds of thousands of infected computers, and to direct those computers to contact the server that the court had authorized us to establish.   Working from command posts in the United States and at the European Cybercrime Centre in the Hague, Netherlands, the FBI and our foreign counterparts—assisted by numerous private sector partners—worked feverishly around the clock to accomplish this re-direction and to defeat various defenses built into the malware, as well as countermeasures attempted in real time over the weekend by the cyber criminals who were trying to retain control over their network.

I am pleased to report that our actions have caused a major disruption of the Gameover Zeus botnet.   Over the weekend, more than 300,000 victim computers have been freed from the botnet – and we expect that number to increase as computers are powered on and connected to the internet this week.   We have already begun providing victim information to private sector parties who are poised to assist them.   I am also pleased to report that, by Saturday, Cryptolocker was no longer functioning and its infrastructure had been effectively dismantled.    Through these court-authorized operations, we have started to repair the damage the cyber criminals have caused over the past few years, we are helping victims regain control of their own computers, and we are protecting future potential victims from attack.  

Over the next few days and weeks, our investigators and prosecutors will work with private-sector partners to notify infected victims and provide links to safe and trusted tools that can help them rid themselves of Gameover Zeus and Cryptolocker and then close the vulnerabilities through which their computers were infected.  We will work with our foreign partners to continue the disruption of the botnet’s technical infrastructure and identify additional victims.  And we will do our best to ensure that the operators cannot re-establish control over the infected machines and thus continue their lucrative enterprise.

These legal and technical measures, as cutting edge as they are, are far from a complete solution to these sophisticated threats.   We fully expect that these schemes will re-emerge and evolve as the criminals target and infect new victims.   That is why we are combining these measures with criminal charges against the defendant Evgeniy Bogachev for his role as an administrator of both schemes.   We are asking Russian law enforcement to take action to bring this defendant and those working with him to justice, and will work with our counterparts to do so.   As Deputy Attorney General Cole stated, it is only by combining traditional law enforcement actions with the type of innovative legal and technical measures announced today that we can begin to fully address modern cyber threats.

I want to thank all those who contributed to this operation, and in particular our private sector and international partners who worked so closely with us on this sophisticated operation.   And now I would like to invite U.S. Attorney Dave Hickton of the Western District of Pennsylvania to make remarks.

Thank you.

Search This Blog

Translate

White House.gov Press Office Feed