In an unprecedented takedown, U.S and European police have managed to take down one of the larger cybercrime crime factions in the world.
U.S. and European officials say they’ve knocked out a cybercrime group accused of inflicting hundreds of millions of dollars in losses worldwide, putting five key suspects in custody.
The European Union police agency said Thursday the sweep was “unprecedented in its scale” and resulted in the seizure of 39 servers and hundreds of thousands of internet domains used by the Avalanche network, a major player in the market for cybercrime services.
Unlike some past seizures – which grabbed crooks’ infrastructure while leaving the masterminds free to reorganize their networks – officials say they’re confident they’ve struck a fatal blow this time.
“We have arrested the top, the head of the snake,” Fernando Ruiz, the head of operations at Europol’s Cybercrime Center, told media outlets ahead of the announcement. “We are sure that this will have a very huge impact.”
Ruiz called Avalanche “the perfect example of crime as a service,” saying the massive network was rented out by players across the underworld to send spam, direct malicious software and to recruit money mules.
As a cybercriminal, Ruiz said, “you will contact this organization, and this organization will give you all you need.”
He said the arrests Wednesday followed months of preparation and years of investigation by law enforcement agencies. In a separate statement, the U.S. Department of Justice said 40 different countries were involved and accused the network of hosting some of the world’s most pernicious malware as well as several money laundering campaigns.
Joint Statement on Dismantling of International Cyber Criminal Infrastructure Known as Avalanche
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania and Special Agent in Charge of the Federal Bureau of Investigation’s Pittsburgh Division Robert Johnson issued the following statement today:
“November 30 began the start of a multi-national operation to dismantle a complex, criminal network of worldwide computer servers known as Avalanche. This network hosted more than two dozen of the world’s most pernicious types of malware and several money laundering campaigns.
“The operation is being conducted by the United States Attorney’s Office for the Western District of Pennsylvania, the FBI – Pittsburgh Division, and the Computer Crime and Intellectual Property Section of the United States Department of Justice, in close cooperation with the Public Prosecutor’s Office Verden and the Luneburg Police of Germany, Europol and Eurojust, located in The Hague, Netherlands, and investigators and prosecutors from more than 40 countries.
“The operation involves an unprecedented and ongoing effort to seize, block and sinkhole more than 800,000 malicious domains associated with the Avalanche network.
“The operation involves arrests and searches in five countries. More than 50 Avalanche servers worldwide were taken offline.
“The Avalanche network, which has been operating since at least 2010, is estimated to involve hundreds of thousands of infected computers worldwide. The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network.
“Additional information on the dismantling of Avalanche and several Western Pennsylvania victims of Avalanche-based malware attacks will be provided early next week.”
German Interior Minister Thomas de Maiziere told reporters at a press conference in the town of Lueneburg that the size of the operation was “unique.”
The network came into focus in 2012 after German officials began looking into the spread of fake police ransomware – an early form of extortion software designed to trick users into thinking their computers had been locked down by law enforcement – according to Orla Cox, the director of security intelligence at Symantec Corp., a California-based security firm which participated in the investigation. That inquiry eventually widened to include dozens of other law enforcement agencies investigating a wide array of misdeeds.
German authorities alone would eventually record 1,336 crimes in connection with the group. Neither U.S. or European officials would issue precise figures but both said losses connected to the gang’s activities reached into the hundreds of millions.
German officials suggested other, potentially lower-ranking members of the gang appear to have escaped the global dragnet.
Prosecutors there said they were able to identify 16 people at the group’s “leadership level” and a court in the German town of Verden had issued arrest warrants for seven of them. It’s not clear how many, if any, of the seven people being sought by German authorities overlap with the five individuals arrested Wednesday.
Ruiz, of Europol, declined to give any details of those arrested or even say where they had been detained, saying the countries where the arrests took place had asked not to be identified.
Cox, with Symantec, confirmed that some suspects were still at large but said law enforcement was still pretty sure they’d beaten Avalanche, given the sheer scale of what they’d seized.
“We can never say it’s completely done, but confidence levels are high this time around,” Cox said.