Microsoft and the FBI have taken aim at a criminal botnet that may have stolen as much as a half billion dollars in the last one and a half years.
The operation targeted the 1,400 extant botnets that are controlled by the Citadel infection, which is tipped to have infected around 5 million computers. Put another way, assuming that every machine was online throughout the entire 18 month history of Citadel, each machine generated $100, a hefty sum.
At that level of per-device income, infecting computers remains a very lucrative business. Citadel was spread using corrupted copies of the Microsoft Windows operating system. The move was hardly a new trick, but it is one that has proven effective through time.
To get into the action, Microsoft received legal approval to assault and tear down the botnets. The company filed a suit against the criminals in operation of Citadel, and was given permission by the U.S. District Court for the Western District of North Carolina to “cut off” the ability of the component Citadel botnets to communicate. According to its own release, today, “Microsoft, escorted by the U.S. Marshals, seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania.”
Microsoft’s Digital Crimes Unite (we still love that name) has a long history of combating botnets and other forms of digital skulduggery, including whacking the Kelihos botnet, offering fat fees for more information on the Rustock botnet, and in fact taking down that selfsame network of illicit computers.
According to Reuters, a host of financial institutions were harmed by Citadel, all names that you are familiar with, including “American Express, Bank of America, Citigroup, Credit Suisse, eBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.” Surely each firm could stomach the loss of its part of the estimated $500 million in losses, but Citadel is not alone in the world of botnets, and it is certainly not the last of its kind.
Microsoft doesn’t expect to eradicate all Citadel botnets, though it does anticipate “significantly disrupt” the larger operation. The flow of dollars will quickly dry, it seems. To further clamp down on the Citadel network, Microsoft has promised to use collected data from its seizures, to inform other individuals that their computer is compromised.
All told, today marks the second time that Microsoft has worked with outside parties to taken on a massive, and depressingly successful successful digital ploy and scam that cost hundreds of millions of dollars. And it won’t be the last time, sadly.
Top Image Credit: Kevork Djansezian / Getty Images