eWhite House Watch - Full Article

Malware Crackdown

Over the past two months, the FBI has cracked down on multiple fraud scams and Internet malware programs.

 

In late April 2014, the FBI brought to our attention that retailers in nine states across the country had been affected by a group of Nigerian criminals conducting a school impersonation scam. Carried out through both e-mail and telephone, a member of the criminal group poses as a school official and uses social engineering to coax the worker into revealing private information. This allows the criminals to learn about a school’s purchasing account with large office supply stores. A third party is used as a hub to ship the bulk orders to, and this person is often also a victim of the social engineering techniques. “They usually fall for an online employ to work from home or they have entered into what they think is a virtual romance,” says Special Agent Alla Lipetsker, who has been investigating these groups for quite some time. Those individuals carrying out this scheme are members of the African Cyber Criminal Enterprise (ACCE), a network of predominantly Nigerian criminal actors who engaged in computer-assisted frauds. Lipetsker urges that to avoid being defrauded, retailers and school systems must be attentive about telephone and online orders and be sure to always independently verify order information.

 

In mid-May 2014, the FBI carried out an international cyber takedown of a stealthier scam for a computer malware program known as Blackshades. Swedish national Alex Yucel and U.S. citizen Michael Hogue are believed to have co-developed the software that has been sold and distributed to thousands of people in over 100 countries and has been used to infect more than half a million computers internationally. Those who have facilitated in the process of spreading the malware have also been charged and arrested. These actions are part of an international law enforcement operation involving eighteen other countries. So far, police have made more than 90 arrests and conducted over 300 searches have been conducted worldwide. Malware is malicious software whose sole purpose is to damage or perform other unwanted actions to computer systems. Specifically, Blackshades allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer ransom, and use the computer in distributed denial of service attacks.

 

The FBI offers ways to protect your computer from malware:

  • Make sure you have updated antivirus software on your computer.
  • Enable automated patches for your operating system and web browser.
  • Have strong passwords, and don’t use the same passwords for everything.
  • Use a pop-up blocker.
  • Only download software – especially free software – from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
  • Don’t open e-mail attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an e-mail, even if you think it looks safe. Instead, close out of the e-mail and go to the organization’s website directly.

 

In early June 2014, the FBI and the Department of Justice announced a multinational effort to disrupt yet another malware program. This program, known as GameOver Zeus, is believed to be responsible for the theft of millions of dollars from businesses and consumers in the U.S. and several other countries and is predominately spread through spam e-mails or phishing messages. Differing from Blackshades, GameOver Zeus is reported to be a more sophisticated type of malware intended specifically to steal banking and other credentials from the computers it infects. The infected computers become part of a global network of compromised computers known as a botnet – a powerful online tool that cyber criminals can use for their own purposes. The decentralized, peer-to-peer command and control infrastructure of GameOver makes the botnet takedown much more difficult. In addition to criminal charges in the case, further success was granted when officials obtained civil and criminal court orders that authorized measures to server communications between the infected computers. Evgeniy Bogachev, a Russian and Ukrainian based cyber crime gang leader responsible for the development and operation of GameOver Zeus, was added to the FBI’s Cyber’s Most Wanted list. FBI Executive Assistant Director Robert Anderson explains how this has been the most sophisticated cyber takedown the FBI has ever engaged in, and that “the efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.”

 

As Americans become more reliant on modern technology and as rates of cyber crime continue to rise, it is more important than ever to protect yourself and to secure your information. The Department of Homeland security offers insight into understanding and combating cyber crimes at http://www.dhs.gov/topic/cybersecurity.

 

 

Sources:

http://www.fbi.gov/news/stories/2014/april/understanding-school-impersonation-fraud/understanding-school-impersonation-fraud

http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown

http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/gameover-zeus-botnet-disrupted

Leave a Reply