Spanish police have arrested three men responsible for one of the world’s biggest networks of virus-infected computers. All three men are Spanish citizens with no criminal records and limited hacking skills. The ‘Mariposa’ botnet was made up of nearly 13 million computers in 190 countries, including PCs inside more than half of Fortune 1000 companies and more than 40 major banks.
The criminals were aged 31, 30 and 25. The investigators believe that other arrests may follow.
The first member of the gang was arrested in early February, when he inadvertently logged into the network without disguising the address of his computer. His computer allowed the investigators to link to two more suspects who were arrested later in the month.
The botnet was monitored and rendered inactive in December, following an investigation by the FBI, the Spanish Guardia Civil and security experts around the world.
The network of computers (botnet) was designed to steal sensitive information, including usernames, passwords, banking credentials and credit card data, from online e-mail services and social media sites. One of the criminas had 800,000 pieces of personal data on his machine.
Some very high profile businesses were targeted. Christopher Davis, chief executive of security firm Defence Intelligence, was one of the firms invited to join the Mariposa Working Group, which was set up to deal with the botnet in May 2009. Davis said “It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised”.
A senior research advisor, Pedro Bustamante said the criminals behind the botnet did not have “advanced hacking skills”. “This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss,” he said.
The criminal gang made money by renting out parts of the botnet to other cyber-criminals in addition to selling stolen credentials and using banking and credit card information to make transactions via ‘money mules’.
Working with law enforcement agencies comes with a risk for security firms. After the botnet was closed down, Defence Intelligence were hit by a Distributed Denial of Service (DDoS) attack in an apparent act of retaliation. The firm remains determined to pursue such cases. Davis said “We will continue to fight the threat of botnets and the criminals behind them. We’ll start by dismantling their infrastructure and won’t stop until they’re standing in front of a judge”.
Resources for CIO and COO Professionals
Remember to bookmark the following ….
- CIOCOO.com
- add CIOCOO.com/feed/rss/ to your RSS feed
- and follow twitter.com/timbullock/ on Twitter
For more information, contact 
For copyright details, refer to http://ciocoo.com/legal/copyright/
For terms of use, refer to http://ciocoo.com/legal/terms-of-use/
© Copyright Tim Bullock 2010
