Microsoft teams up with financial services industry, FBI to take down hacker botnets

Associate Editor

Updated Wed, Jun 5, 2013, 9:55 PM·8 min read

It turns out Microsoft was serious when it declared war on botnets: the company just announced that its Digital Crimes Unit has successfully disrupted more than 1,400 criminal networks. The company says the action was a coordinated effort between Microsoft and the financial services industry, noting that the FBI chipped in to help out with legal hurdles -- giving Redmond the leverage it needed to shut down malicious servers in both New Jersey and Pennsylvania. These machines had been infecting computers with Citadel malware, a keylogger that allowed cyber criminals to skim account information from victims. According to Reuters, authorities don't yet know the identities of the criminals involved, but Microsoft thinks the ringleader lives in eastern Europe, and may be working with 80 or more accomplices. The company has already filed a civil lawsuit, listing the lead hacker as "John Doe No. 1" in the complaint.

Microsoft says it will use the data it collected from the operation to help ISPs find more efficient ways to detect and notify users if their computer is infected. The company also pledges to make the information available through its own cyber threat intelligence program. Check out the firm's full press announcement for yourself after the break.

Show full PR text

Microsoft, financial services and others join forces to combat massive cybercrime ring
Microsoft works with financial services industry leaders, other industry partners, and law enforcement to disrupt a global cybercrime operation responsible for over half a billion dollars

REDMOND, Wash. – June 5, 2013 – In a coordinated operation, Microsoft Corp., in cooperation with leaders in the financial services industry – including the Financial Services – Information Sharing and Analysis Center (FS-ISAC), NACHA – The Electronic Payments Association, the American Bankers Association (ABA) – Agari, and other technology industry partners, as well as the Federal Bureau of Investigation, announced it has successfully disrupted more than a thousand botnets that are responsible for stealing people's online banking information and personal identities. The FBI took coordinated separate steps related to the operation. Botnets are networks of compromised computers infected by malicious software to be controlled by cybercriminals known as botherders. This cooperative action is part of a growing proactive effort by both the public and private sector to fight cybercrime, help protect people and businesses from online fraud and identity theft, and enhance cloud security for everyone.

This coordinated disruption resulted from an extensive investigation that Microsoft and its financial services and technology industry partners began in early 2012. After looking into this threat, Microsoft and its partners discovered that once a computer was infected with Citadel malware, that malware began monitoring and recording a victim's keystrokes. This tactic, known as keylogging, provides cybercriminals information to gain direct access to a victim's bank account or any other online account in order to withdraw money or steal personal identities. This means that when victims are using their computers to access their bank or online accounts, cybercriminals can use the stolen information to quietly pilfer those same accounts as well. Microsoft also found that in addition to being responsible for more than half a billion dollars (USD) in losses among people and businesses worldwide, the Citadel malware has affected upwards of five million people, with some of the highest number of infections appearing in the U.S., Europe, Hong Kong, Singapore, India, and Australia. Citadel is a global threat that is believed may have already infected victims in more than ninety countries worldwide since its inception.

"The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world," said Brad Smith, Microsoft general counsel and executive vice president, Legal and Corporate Affairs. "Today's coordinated action between the private sector and law enforcement demonstrates the power of combined legal and technical expertise and we're going to continue to work together to help put these cybercriminals out of business."

Last week, supported by declarations from financial services leaders and other industry partners, Microsoft filed a civil suit against the cybercriminals operating the Citadel botnets, receiving authorization from the U.S. District Court for the Western District of North Carolina for Microsoft to simultaneously cut off communication between 1,462 Citadel botnets and the millions of infected computers under their control. On June 5, Microsoft, escorted by the U.S. Marshals, seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania. Microsoft also provided information about the botnets' operations to international Computer Emergency Response Teams (CERTs), so these partners could take action at their discretion on additional command and control infrastructure for the botnets located outside of the U.S.

As stated by the FBI, the FBI also provided information to foreign law enforcement counterparts so that they could also take voluntary action on botnet infrastructure located outside of the U.S. The FBI also obtained and served court-authorized search warrants domestically related to the botnets.

This operation serves as a real world example of how public-private partnerships can work effectively within the judicial system, and how 20th century legal precedent and common law principles dating back hundreds of years can be effectively applied toward 21st century cybersecurity issues.

"Today's actions represent the future of addressing the significant risks posed to our citizens, businesses, and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software," said FBI Executive Assistant Director Richard McFeely. "Creating successful public-private relationships-in which tools, knowledge, and intelligence are shared-is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI. We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible."

Because the operators used the malware to steal victims' online banking credentials and make fraudulent transactions, financial services industry leaders including FS-ISAC, NACHA, ABA, and Agari supported Microsoft's civil lawsuit by serving as declarants in the case. This operation is the second in which Microsoft has worked with the financial services industry to disrupt a family of botnets.

"Crimes used to happen through stickups, but today criminals use mouse clicks," said Greg Garcia, a consultant and former Department of Homeland Security cyber official serving as a spokesperson for the three major financial industry associations. "This action aims to stop the ongoing harm of these Citadel botnets against people and businesses worldwide, and you can be assured that we will continue to partner with the public and private sectors to help financial institutions protect our customers from threats like this."

Other organizations that played a part in the legal or technical aspects of this operation include Agari, A10 Networks, and Nominum. In particular, in addition to supporting Microsoft's lawsuit with a legal declaration, Agari, a partner of FS-ISAC, provided forensic data gathering based on the terabytes of email data that Agari collects from sources across the Internet to protect against email threats such as phishing. Meanwhile, A10 Networks and Nominum provided Microsoft advanced technology to support the disruptive action.

Due to the size and complexity of the threat, Microsoft and its partners do not expect to fully eliminate all of the botnets using Citadel. However, it is expected that this action will significantly disrupt the botnets' operation, making it riskier and more expensive for the cybercriminals to continue doing business and allowing victims to free their computers from the malware. To help protect people from any remaining instances of this threat, it is critical that victims rid their computers of Citadel by using malware removal or anti-virus software as quickly as possible to help prevent additional security issues.

Immediately following the disruption, Microsoft will use the threat intelligence gathered during the seizure to work with Internet Service Providers and Computer Emergency Response Teams worldwide to quickly and efficiently notify people if their computer is infected. Microsoft will be making this information available through its Cyber Threat Intelligence Program (C-TIP), including the recently-announced cloud-based version of the program. For computer owners worried that their computers might be infected, Microsoft offers free information and malware removal tools at http://support.microsoft.com/botnets. Additionally, the FBI is providing information on its website about botnets to educate the public on how to protect themselves. Many financial services industry organizations provide resources, tips, and tools to individuals and companies on how to help protect themselves.

Like many of Microsoft's past botnet operations, this investigation once again revealed how criminals are adapting and evolving their attack methods to continue to infect people's computers with malware. In this case, Microsoft found that the cybercriminals are using fraudulently obtained product keys created by key generators for outdated Windows XP software to develop their malware and grow their business, demonstrating a continued connection between software piracy and global cybersecurity threats. This discovery showcases that in addition to exercising safe online practices like running modern, updated and legitimate software and using firewall and antivirus protection, people also need to be using modern versions of Windows software to better prevent malware, fraud, and identify theft.

Engadget
You can finally use passkeys to sign into your Microsoft account
Microsoft is celebrating World Password Day by helping to kill them. The company has finally launched consumer passkey support for Microsoft accounts, nearly two years after Apple and Google.
37m ago
Engadget
Peloton’s pandemic-era fairy tale is officially over
Peloton is struggling, as it is laying off 15 percent of its workforce. The CEO is also stepping down.
55m ago
Engadget
The best noise-canceling earbuds for 2024
Active noise cancellation is a big feature on most wireless earbuds now. These are the best noise-canceling earbuds you can get today.
2h ago
Engadget
Over 200 militia groups and users are using Facebook to organize nationwide, new report states
Extremist militia groups are using Facebook to spread conspiracy theories and organize.
3h ago
Engadget
Apple discounts MLS Season Pass to $69 for the rest of the season
Apple is now selling the pass, which typically costs $99, for $69 for the remainder of the 2024 season
3h ago
Engadget
Bose's SoundLink Max is its largest portable Bluetooth speaker with 20-hour battery life
Bose's largest portable Bluetooth speaker is built for the outdoors.
4h ago
Engadget
Audible is testing book recommendations based on your Prime Video habits
Audible is launching a new recommendation category based on your Prime Video data.
4h ago
Engadget
The best smart home gadgets for your first apartment
The Engadget staff has reviewed many smart home devices and these are the ones we think will work great in a new apartment or for anyone just getting acquainted with having a connected home.
5h ago
Engadget
Google says its secure entry passkeys have been used a billion times
As part of World Password Day, Google is hyping up its achievements in that area and sharing updates on its latest efforts to bolster security
5h ago
Engadget
The Morning After: Microsoft’s OpenAI partnership was born from Google AI envy
The biggest news stories this morning: TikTok might be trying to circumvent Apple’s in-app purchase rules, Batman: Arkham Shadow is the first big exclusive VR game for the Quest 3, Rabbit denies claims its R1 virtual assistant is a glorified Android app.
5h ago
Engadget
Crunchyroll announces first price hike since Funimation purchase
Crunchyroll, like many other streaming services recently, is raising its subscription prices
6h ago
Engadget
Olivia Rodrigo, Drake and other Universal artists return to TikTok
TikTok and Universal Music Group have signed a deal that will allow Taylor Swift, Olivia Rodrigo, The Weeknd and other artists to return to the platform.
7h ago
Engadget
The best budget wireless earbuds for 2024
Here are the best budget wireless earbuds you can get right now, each of which comes in at $100 or less.
6 months ago
Engadget
T-Mobile finally owns Ryan Reynolds-backed Mint Mobile
Over a year after announcing it would acquire Mint Mobile for up to $1.35 billion, T-Mobile has closed the deal.
8h ago
Engadget
Anthropic now has a Claude chatbot app for iOS
Anthropic has released a Claude mobile app for iOS that any user can download for free.
9h ago
Engadget
Take-Two is shutting down the studios behind Rollerdrome and Kerbal Space Program 2
This one's a bummer.
16h ago
Engadget
Snapchat will finally let you edit your chats
Snapchat will finally join most of its messaging app peers and allow users to edit their chats.
18h ago
Engadget
A researcher is suing Meta for the right to ‘turn off’ Facebook’s news feed
The Knight First Amendment Institute at Columbia University is suing Meta on behalf of a researcher who wants to release a browser extension that would allow people to “effectively turn off” their algorithmic feeds.
19h ago
Engadget
Microsoft’s OpenAI partnership was born from Google envy
It turns out the lay of today’s AI landscape can be traced back to fear, jealousy and intense capitalist ambition. Emails revealed in the Department of Justice’s antitrust case against Google show Microsoft executives expressing alarm and envy over Google’s AI lead.
20h ago
Engadget
Explore Starfield's barren planets at 60 fps on Xbox Series X starting this month
Starfield's May update adds the option to target 30, 40, 60 fps or an uncapped frame rate on Xbox Series X.
22h ago

Microsoft teams up with financial services industry, FBI to take down hacker botnets

Latest Stories

You can finally use passkeys to sign into your Microsoft account

Peloton’s pandemic-era fairy tale is officially over

The best noise-canceling earbuds for 2024

Over 200 militia groups and users are using Facebook to organize nationwide, new report states

Apple discounts MLS Season Pass to $69 for the rest of the season

Bose's SoundLink Max is its largest portable Bluetooth speaker with 20-hour battery life

Audible is testing book recommendations based on your Prime Video habits

The best smart home gadgets for your first apartment

Google says its secure entry passkeys have been used a billion times

The Morning After: Microsoft’s OpenAI partnership was born from Google AI envy

Crunchyroll announces first price hike since Funimation purchase

Olivia Rodrigo, Drake and other Universal artists return to TikTok

The best budget wireless earbuds for 2024

T-Mobile finally owns Ryan Reynolds-backed Mint Mobile

Anthropic now has a Claude chatbot app for iOS

Take-Two is shutting down the studios behind Rollerdrome and Kerbal Space Program 2

Snapchat will finally let you edit your chats

A researcher is suing Meta for the right to ‘turn off’ Facebook’s news feed

Microsoft’s OpenAI partnership was born from Google envy

Explore Starfield's barren planets at 60 fps on Xbox Series X starting this month

About

Sections

Contribute

Buying Guides