AMSTERDAM/BOSTON – A cybercrime operation that stole banking information by hacking more than 3 million computers in Indonesia, India and other countries has been disrupted by European police with assistance from three technology companies, officials said on Wednesday.
The European Cybercrime Centre at Europol, the European police agency, coordinated the operation out of its headquarters in The Hague, targeting the so-called Ramnit botnet, a network of computers infected with malware.
Working with investigators from Germany, Italy, the Netherlands and Britain, it was assisted by AnubisNetworks, a unit of BitSight Technologies; Microsoft Corp. and Symantec Corp. in dismantling the server infrastructure used by the criminals, Europol said.
“The criminals have lost control of the infrastructure they were using,” Paul Gillen, head of operations at Europol’s cybercrime centre, told Reuters.
Authorities simultaneously seized servers in four countries after Microsoft and the Washington-based Financial Services Information Sharing and Analysis Center sought a court order last week in U.S. court through a sealed lawsuit, according to Microsoft.
Symantec said on its blog that the two countries with the largest number of infected computers were India — where data shows that 27 percent of infections were uncovered — and Indonesia, with 18 percent. Vietnam, the United States, Bangladesh and the Philippines followed.
The security software maker said that the hackers had successfully attacked some 3.2 million PCs since 2010, though investigators believe only about 350,000 are currently infected with the Ramnit malware.
The malware, installed through links on spam email or infected websites, enabled culprits to take control of the PCs and use them for criminal activities.
Symantec described Ramnit as “a fully-featured cybercrime tool,” whose features include the ability to spy on web browsing sessions, steal “cookie” credentials used to authenticate visitors to banking sites and scan hard drives in search of sensitive passwords.
Vikram Thakur, a Symantec researcher, told Reuters that he did not expect any arrests to be made by authorities who are still searching for the ringleaders.
Europol has been coordinating cross-border efforts to take down criminal infrastructure on the Internet and bring to justice those responsible.
In November, U.S. and European authorities seized more than 400 secret website addresses and arrested suspects in an operation targeting black markets for drugs and other illegal services, known as Silk Road 2.0.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.