GameOver ZeuS: Combatting the Global Threat of CyberCrime

Although cybercrime is no longer a new threat to global security, it has remained an important and growing concern for both domestic and international law enforcement agencies. The very nature of cybercrime requires American law enforcement agencies to reach out to their international counterparts to work together in tracking down criminals. This need for international cooperation has led state leaders to create new pieces of legislation that monitor and prosecute those who commit international cybercrimes.

The FBI Cyber Division has the definitive top 10 most wanted list of international cyber criminals with the list split fairly evenly between those from Russia and China. The Chinese suspects work under the PRC’s 3rd Department of General Staff while the Russians are mainly independent with strong ties to the Russian mob. One suspect on the list is not an individual but rather a group called “JabberZeus Subjects”, a collective of criminals who are infecting millions of computers across the world with a malicious piece of software known as “GameOver ZeuS”. Zeus’s success comes from the number one suspect on the FBI’s list, Evgeniy Mikhailovich Bogachev.


Bogachev is a 30 year old career criminal living openly and freely in Anapa, Russia. His software, known as GameOver ZeuS or GOZ, is a botnet that uses keylogging or form grabbing to acquire banking information and then makes transactions through “money mules”, typically individuals who fall victim to phishing attacks. GOZ also installs “Cryptolocker”, malicious software known as ransomware that blocks access to critical files or documents until a fee is paid. GOZ spreads through spam and compromised URLs, infecting computers in 226 countries with the majority in the United States of America and Europe. GOZ communicates with other infected systems through a P2P network, allowing them to attack vulnerable infrastructures in tandem. GOZ has been used as a network for DDOS attacks against financial institutions and can prevent victims from accessing their compromised accounts. This has led to over $100 million in losses for victims in the USA alone.

The spread of GOZ has prompted coordinated efforts by law enforcement officials in Canada, Britain, the Netherlands, Ukraine, and Luxembourg to stop the spread of the malware at its source. Led by FBI agents in Pittsburg, Omaha, and Washington D.C., a federal grand jury in Pittsburg unsealed a 14-count indictment against Evgeniy Bogachev for “conspiracy, computer hacking, wire fraud,  bank fraud and money laundering in connection with his alleged role as an administrator of the Game over Zeus botnet.” Although the charges are an important step to bringing Bogachev to trial, the FBI faces a number of problems with prosecution. The FBI must rely on cooperation with Russian officials to turn over Bogachev and although cooperation with Russian authorities has been “productive”, there has been little effort made to turn Bogachev over to the international legal organizations seeking his arrest.

Since 2001, the international community has been working together to address cybercrime, improve investigative techniques, and increase cooperation amongst nations to combat cyber criminals. Beginning with the Budapest Convention, the international community has begun creating treaties that work to prevent cybercrime. However, due to the complexity of creating a standard set of rules dictating the prosecution of criminals around the world, there still is much work to do. Cyberterrorism and cyber-warfare is also an important topic of discussion and there has been increasing legislation to combat this growing threat. Trade agreements such as the Wassenaar Arrangement which ban the sale of weapons have now been expanded to include hardware and software that can be used to compromise the infrastructure of a nation’s telecommunication systems.

What does the future hold for law enforcement agencies combatting criminals sitting behind their desks thousands of miles away? Increased cooperation between governments is the first step, allowing law enforcement agencies to apprehend suspects and to take them to trial. Beyond that, creating systems that are increasingly more secure and complex to thwart the next GOZ is critical. Finally, it is imperative that the general public is educated on how to protect themselves against phishing and other common techniques used by computer criminals.


Photo Courtesy of “Cliff” (License)

U.S. at Risk for Cyberattack

The United States would lose a cyberwar if it fought one today, warned Michael McConnell a former US intelligence chief. McConnell, a retired US Navy vice admiral who served as President George W. Bush’s director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War.

McConnell also told the Senate Committee on Commerce, Science and Transportation, in a hearing on cybersecurity. “We’re the most vulnerable, we’re the most connected, we have the most to lose . . . as a consequence of not mitigating this risk, we are going to have a catastrophic event.” McConnell is now an executive vice president for the consulting firm Booz Allen Hamilton’s national security business.

The hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of sophisticated cyber attacks originating in China.
Democratic Senator Jay Rockefeller, the co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation and panel’s chairman said “National security and our economic security are at stake.”

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that government intervention would probably be needed to crack down on the “Wild West” the Internet has become. The greatest threat to the United States comes from cyber espionage and cyber crime, he said, calling them a “major source of harm to national security.”

Scott Borg, director of the US Cyber Consequences Unit, also warned of the economic damage from cyber attacks. “The greatest damage to the American economy from cyber attacks is due to massive thefts of business information . . .This type of loss is delayed and hard to measure, but it is much greater than the losses due to personal identity theft and the associated credit card fraud.”

“[The United States needs a] national strategy for cybersecurity that matches our national strategy that guided us during the Cold War, when the Soviet Union and nuclear weapons posed an existential threat to the United States and its allies.” McConnell said in his prepared remarks. Although US President Barack Obama’s appointment of a cybersecurity coordinator in December and his national cybersecurity initiative were moves in the right direction, McConnell said they were not enough. McConnell pointed out that the United States spends more on missile defense than it does on cybersecurity; even though, the latter could compromise the future prosperity of our nation and destroy the global financial system.

He called for establishing a National Cybersecurity Center modeled after the National Counter Terrorism Center set up after the attacks on New York and Washington of September 11, 2001. The center would work as a cybersecurity hub for the Federal government, state governments, local governments, and private sector. As such it handle information sharing and integration, situational awareness and analysis, coordination and collaboration.

To address this problem Senators Jay Rockefeller, and Olympia Snowe, introduced a bill that would create new cybersecurity regulations for private companies designated as critical infrastructure. The Cybersecurity Act was introduced in April 2009, and has been rewritten several times after complaints from the private sector. The bill would also require a national licensing and certification program for cybersecurity professionals, and make it illegal to provide certain cybersecurity services without being licensed and certified. Some versions of the bill would have also allowed the President of the United States to order that parts of the Internet under attack to be shut down.

As of now the Cybersecurity Act has not been passed by either house of the Congress and is under review in the Senate Committee on Commerce, Science and Transportation. For now the national cybersecurity is handled by a handful of federal agencies such as the F.B.I. and the Military.

Read more at Federal Times

Read more at Washington Post

Simulated Cyber Attack To Hit United States in First, Public Cyber War-Game

This morning at the Mandarin Oriental Hotel in Washington, DC, the Bipartisan Policy Center will launch a strategic, simulated cyber attack – in full view of the media – against a simulated United States Situation Room.

The goal of the simulation, called Cyber ShockWave, is to see how officials in key government positions would react to a real-time cyber attack, and to evaluate the split-second decisions required to counter such an attack.

The war-game will include former directors of intelligence agencies and homeland security advisers, including former DHS secretary Michael Chertoff, the former Director of National Intelligence John Negroponte, former White House Homeland Security Advisor Fran Townsend and former White House press secretary Joe Lockhart.

The participants will have no advance warning of the confines of the attack and will be expected to advise the President on how to respond to the events in real-time.

Look to the BPC’s website for a summary of events in the near future.

Intel Chief Warns of Likely Al-Qaeda Attack

CIA Director Leon Panetta told Congress on Tuesday that al-Qaeda is likely planting “clean-cut” operatives in the United States to carry-out new attacks.  A panel of high-level intelligence officials also articulated their belief that an al-Qaeda attack within the continental United States within the next six months was almost certain.  Panetta also stated that China’s recent hacking of private email accounts were a warning of impending cyberterrorist attacks.  He also warned that current U.S. screening methods, even when implemented correctly, could still miss the “lone wolf” agents with tenuous or unrecognizable terrorist ties.  This warning comes amidst recent reports from the Marine Times echoing the sentiment that al-Qaeda may be down, but not out.