GameOver ZeuS: Combatting the Global Threat of CyberCrime

Although cybercrime is no longer a new threat to global security, it has remained an important and growing concern for both domestic and international law enforcement agencies. The very nature of cybercrime requires American law enforcement agencies to reach out to their international counterparts to work together in tracking down criminals. This need for international cooperation has led state leaders to create new pieces of legislation that monitor and prosecute those who commit international cybercrimes.

The FBI Cyber Division has the definitive top 10 most wanted list of international cyber criminals with the list split fairly evenly between those from Russia and China. The Chinese suspects work under the PRC’s 3rd Department of General Staff while the Russians are mainly independent with strong ties to the Russian mob. One suspect on the list is not an individual but rather a group called “JabberZeus Subjects”, a collective of criminals who are infecting millions of computers across the world with a malicious piece of software known as “GameOver ZeuS”. Zeus’s success comes from the number one suspect on the FBI’s list, Evgeniy Mikhailovich Bogachev.


Bogachev is a 30 year old career criminal living openly and freely in Anapa, Russia. His software, known as GameOver ZeuS or GOZ, is a botnet that uses keylogging or form grabbing to acquire banking information and then makes transactions through “money mules”, typically individuals who fall victim to phishing attacks. GOZ also installs “Cryptolocker”, malicious software known as ransomware that blocks access to critical files or documents until a fee is paid. GOZ spreads through spam and compromised URLs, infecting computers in 226 countries with the majority in the United States of America and Europe. GOZ communicates with other infected systems through a P2P network, allowing them to attack vulnerable infrastructures in tandem. GOZ has been used as a network for DDOS attacks against financial institutions and can prevent victims from accessing their compromised accounts. This has led to over $100 million in losses for victims in the USA alone.

The spread of GOZ has prompted coordinated efforts by law enforcement officials in Canada, Britain, the Netherlands, Ukraine, and Luxembourg to stop the spread of the malware at its source. Led by FBI agents in Pittsburg, Omaha, and Washington D.C., a federal grand jury in Pittsburg unsealed a 14-count indictment against Evgeniy Bogachev for “conspiracy, computer hacking, wire fraud,  bank fraud and money laundering in connection with his alleged role as an administrator of the Game over Zeus botnet.” Although the charges are an important step to bringing Bogachev to trial, the FBI faces a number of problems with prosecution. The FBI must rely on cooperation with Russian officials to turn over Bogachev and although cooperation with Russian authorities has been “productive”, there has been little effort made to turn Bogachev over to the international legal organizations seeking his arrest.

Since 2001, the international community has been working together to address cybercrime, improve investigative techniques, and increase cooperation amongst nations to combat cyber criminals. Beginning with the Budapest Convention, the international community has begun creating treaties that work to prevent cybercrime. However, due to the complexity of creating a standard set of rules dictating the prosecution of criminals around the world, there still is much work to do. Cyberterrorism and cyber-warfare is also an important topic of discussion and there has been increasing legislation to combat this growing threat. Trade agreements such as the Wassenaar Arrangement which ban the sale of weapons have now been expanded to include hardware and software that can be used to compromise the infrastructure of a nation’s telecommunication systems.

What does the future hold for law enforcement agencies combatting criminals sitting behind their desks thousands of miles away? Increased cooperation between governments is the first step, allowing law enforcement agencies to apprehend suspects and to take them to trial. Beyond that, creating systems that are increasingly more secure and complex to thwart the next GOZ is critical. Finally, it is imperative that the general public is educated on how to protect themselves against phishing and other common techniques used by computer criminals.


Photo Courtesy of “Cliff” (License)

"Smart Grid" Potentially Vulnerable to Cyber Attack

With the recent popularity of all things “green” has come the idea that the electrical grid itself, needs a makeover. Given the aged nature of the current grid, and blackouts and brownouts becoming part of the public consciousness, the call for a “smart grid” has grown. You may have even seen television commercials promoting certain companies’ potential utility in achieving this goal. However, according to members of the Institute of Electrical and Electronics Engineers (IEEE), a smart grid would likely pose a far greater security risk than today’s “dumb” grid.

A major part of moving towards a “smart grid” is a move towards open communications standards, which are more vulnerable to attack. With the advent of open communication, hackers can more easily access sensitive data remotely.

Increasing use of automated, unmanned stations creates the very real possibility that hackers could gain control of sensitive data more easily and use this data for personal gain, or to wreak havoc on society. The vulnerable data is used to set electricity prices and balance supply and demand. If a hacker were to gain access to this data, they would be able to manipulate electricity markets in order to make a profit. In addition, the data may be used to destabilize the grid, causing blackouts. This is not, however, an argument for keeping the old, “dumb” grid. Rather, it is a warning to fix potential security flaws in the developing “smart grid.”

U.S. Hacker Sentenced to 20 Years

U.S. hacker Albert Gonzales was convicted of three counts of computer fraud and will serve 20 years in prison.  Gonzales was a part of a trio of hackers who stole more than 130 million credit and debit card numbers by hacking into retailers’ payment systems and payment processing services.  One judge referred to the attack as “. . . the largest and most costly example of computer hacking in US history.”

Gonzales was initially accused last August along with two Russian co-conspirators.  As part of his plea agreement, Gonzales turned over over $1 million in cash, a condo in Miami, a car, a diamond ring, and several high-end watches.  Assistant Attorney General Lanny Breuer of the Department of Justice noted that these types of attacks are attempted on a daily basis by cyber criminals, and the credit card numbers of unsuspecting American consumers are the likely targets.  As such, Bruer stated that “[t]hese sentences – some of the longest ever imposed for hacking crimes – send a powerful message to hackers around the globe that U.S. law enforcement will not allow [hackers] to breach American computer networks and payment systems, or illegally obtain identities.” Read more here.

The frequency and complexity of hacking crime rings and identity theft has increase over the last 12 months.  For a similar story from late 2009 click here.