UPDATE–Law enforcement agencies in Europe and the United States...

[humble3d]

UPDATE–Law enforcement agencies in Europe and the United States, including Europol and the FBI, ran a coordinated takedown of the GameOver Zeus botnet on Friday, seizing servers and disrupting the botnet’s operation. Authorities say that the same botnet has been used to distribute the CryptoLocker ransomware and they’re now looking for a 30-year-old Russian whom they say is connected to the operation of the botnet.

Systems Affected

Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8

Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

GameOver is a separate strain of malware from the more well-known Zeus Trojan and the botnet built using GameOver has proven to be a hard target for researchers and law enforcement. The GameOver Zeus botnet uses a P2P architecture, which makes it difficult to disrupt because of the decentralized command-and-control infrastructure. Many malware authors and botnet operators have shifted to this architecture in the last few years because of the advantages it offers in resisting takedowns and removal attempts.

GameOver Zeus is used as part of a wire fraud scheme that involves stealing financial credentials from infected users’ computers and then sending money from the victims’ accounts to those controlled by the attackers. GameOver often is distributed to victims through other botnets, specifically the Cutwail botnet.

On May 30, authorities working out of the European Cybercrime Center (EC3) worked with a number of security companies and researchers to takedown the botnet and seize the servers that were part of the botnet. The Shadowserver Foundation, Abuse.ch, CrowdStrike, Microsoft and several other companies were part of the takedown. The FBI has identified Evgeniy Mikhailovich Bogachev as the alleged controller of the GameOver Zeus operation.

“This big, and very successful, operation has been an important test of the EU Member States’ ability to act fast, decisively and coordinated against a dangerous criminal network that has been stealing money and information from victims in the EU and all over the globe. Over many days and nights cyber police from several EU countries in EC3 operation rooms maximized the impact of this joint investigation. We get better and better after each such operation, and many more will undoubtedly follow,” said Troels Oerting, head of the EC3.

The U.S. government sinkholed some of the servers involved in the GameOver Zeus botnet, redirecting traffic from infected machines to servers they control. This is a common tactic used as part of botnet takedowns, but is not always completely effective, especially against P2P botnets that don’t rely on one or handful of key C&C servers.

On Monday, the US-CERT issued a technical warning about Zeus GameOver, telling users to be wary of the malware.

“GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks,” the warning says.

This is not the first time that researchers and authorities have gone after a Zeus botnet. In 2012, Microsoft took down some servers used as C&C points for Zeus, but because GameOver Zeus uses a P2P architecture, the operation didn’t put a dent in that malware operation.

“This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data,” said Deputy Attorney General Cole. “We succeeded in disabling GameOver Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world.”

The Department of Justice charged Bogachev with conspiracy, wire fraud, computer hacking, bank fraud and money laundering in connection with the operation of GameOver Zeus. Authorities also say he was responsible for running the CryptoLocker infrastructure, a highly profitable ransomware operation.

http://threatpost.com/fbi-european-authorities-go-after-gameover-zeus-botnet/106405

Get free tools to see if they have you...

http://www.us-cert.gov/ncas/alerts/TA14-150A

Powerful computer virus could start emptying bank accounts in a fortnight unless Britons protect against attack now, National Crime Agency warns

More than 15,000 in the UK may already be infected by 'Gameover Zeus'

The virus could cost the British economy millions, experts warn

The software can also lock computers and demand a ransom to unlock

Computer users were last night warned to take urgent action to protect themselves from a global cyber virus pandemic.

Police across the globe launched an unprecedented attack on high-tech criminals behind software causing misery to millions.

The computers of more than 15,000 people in the UK are already infected with a virus that could cost our economy ‘millions’, the National Crime Agency (NCA) warned.

But the grip of those behind the so-called ‘malware’ has been weakened by a counter attack on the servers which control the software.

Computer experts said computer users must install anti-virus software and update their operating systems to the latest versions to stop it regaining its hold.

Those who fail to do so risk having their valuable data, including precious photographs, music and personal files held to ransom.

In the worst cases, victims could lose access to their bank accounts which could be systematically drained by the criminal network.

The software, called Gameover Zeus, has spread worldwide but has been temporarily disabled by the international effort by law enforcement agencies.

Potential victims can protect themselves but have only a short time to do so before the hackers can rebuild their network.

The international effort by forces including the NCA, Interpol and Europol, targeted the ‘command and control’ servers behind the virus.

Now iHackers are targeting the US as Australians told to change their iCloud passwords after cyber attack

Hackers will be able to install new ones, but it is thought that there will be a window of opportunity of at least two weeks for computer users to protect themselves.

Many of those whose computers have already been infected will be contacted by their internet service providers.

The software installs itself on a computer when the victim clicks on a link in an unsolicited email or via a website.

In the worst cases, victims could lose access to their bank accounts which could be systematically drained

In the worst cases, victims could lose access to their bank accounts which could be systematically drained

It then sends out more emails to lure further victims, without the knowledge of the computer users, and spreads quickly across the internet.

The virus lays dormant until it spots an opportunity to steal personal details such as online banking information and passwords.

It then transmits this information back to the criminal network who use it to drain the victim’s accounts.

In a further twist, if the user is not a ‘viable’ victim then the software locks the information on the computer and holds it to ransom.

At the moment the software demands one Bitcoin, an untraceable form of online currency favoured by criminals, which is around £300.

The U.S. Government admitted that at least one police force has been forced to pay this ransom to release sensitive files.

The software can lock the information on a computer and hold it to ransom - one Bitcoin, an untraceable form of online currency favoured by criminals, which is around £300. File picture

The software can lock the information on a computer and hold it to ransom - one Bitcoin, an untraceable form of online currency favoured by criminals, which is around £300. File picture

Last night, the U.S. Justice Department filed papers accusing a Russian named Evgeniy Mikhailovich Bogachev as being the leader of the gang behind the software.

The complaint claims the software has been responsible for the loss of more than $100m from individuals and a string of major companies.

Andy Archibald, of the NCA, said: ‘Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals.

‘By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.

‘Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action.

‘Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.’

Computer users who fear they could fall victim to the virus are advised to install anti-virus software and ensure their operating system has the latest security updates.

It is thought that the gang first check if a target’s keyboard is in Russian and only strike if it is another language.

Eunice Power is one British victim who has been blackmailed by the cyber criminals.

After corrupting files on her computer, the gang offered to fix the problem for several hundred pounds.

HOW USERS CAN PROTECT THEIR COMPUTERS AGAINST MALWARE ZEUS

Potential victims can protect themselves but have only a short time to do so before the hackers - whose attempts have been temporarily thwarted - can rebuild their network.

The US Department of Homeland Security urged users to install anti-virus software on their computer and ensure that the latest operating systems were also installed on their computers.

If systems do not offer automatic updates, people should enable it, the department said.

It also advised changing passwords, as original passwords may have been compromised during the infection.

The National Crime Agency advised computer users to consult the Government-backed getsafeonline.org website.

From that website, computer users can download tailored anti-virus software which has been provided for free by eight companies.

Symantec also advised computer users to review all their bank and credit card statements for irregularities.

It also advised being cautious when handling unsolicited or unexpected emails, particularly during the two-week window before hackers rebuild their network.

Experts have also warned users to back-up all valuable data.

Many of those whose computers have already been infected will be contacted by their internet service providers.

Miss Power, a chef who runs a business from home, told Channel 4 News: ‘I could actually feel perspiration coming out through me.

‘I lost everything: family photographs, recipes, payroll, my accounts package. It was devastating.’

The attack was so complex that an external storage unit that was connected to the computer at the time was targeted by the gang, preventing Miss Power from accessing it.

AEV Ltd, a varnish factory in Birkenhead, was hit with ‘utter disaster’ when the criminals hacked into the company’s bank account to fake two payments costing £100,000.

The criminals created two fake payment pages and tricked an employee of the company into authorising them.

Managing director Jonathan Kemp said: ‘It started out as a normal day and ultimately by the afternoon in a period of three minutes we were £100,000 down.’

Although the company was refunded by the bank, Mr Kemp said he spoke to other companies who had been hit by the scam, accumulating their losses at £3.5 million.

Stewart Garrick, from the National Cyber Crime Unit, said that solicitor firms, police stations in America and academic institutions had been targeted.

Charlie McMurdie, former head of the national ecrime unit, described the threat as a ‘cyber plague’ and warned that it could also be used to target mobile phones.

She said: ‘Once one of these plagues is released everybody will pick up on it, adapt it and people around the world will be using these sorts of virus to carry out crime.

‘It’s not just computers, this kind of malware is now being hitting our mobile phones.’

‘It can have a significant impact on individuals and companies.’

She said that the virus ‘had been known about for a long period of time’ and said that warnings about the virus had been issued over the last few months.

http://www.dailymail.co.uk/news/article-2646537/Powerful-computer-virus-start-emptying-bank-accounts-fortnight-unless-Britons-protect-against-attack-National-Crime-Agency-warns.html

US Sailor convicted of hacking websites from aboard aircraft carrier

Leader of “Team Digi7al” was USS Truman’s nuclear reactor department sysadmin.

A 27-year-old now-former sailor pleaded guilty in a federal court in Tulsa, Oklahoma on May 20 to charges of conspiracy after leading a band of hackers in the US and Canada from onboard an aircraft carrier. Nicholas Paul Knight, who was the system administrator for the USS Harry S. Truman’s nuclear reactors department, was caught trying to hack into a Navy database while at sea.

Knight and a co-defendant—Daniel Kreuger of Salem, Illinois—were part of “Team Digi7al,” a collective of hackers who attacked at least 24 websites in 2012 in search of personally identifiable information. Knight himself hacked the Navy’s Smart Web Move website, a system for sailors to manage household moves during transfers between stations; that hack included about 220,000 service members’ Social Security numbers, dates of birth, addresses, and other personal data.

Other sites attacked by the group included ones operated by the Department of Homeland Security, the Library of Congress, Stanford University, Los Alamos National Laboratory, the Toronto Police Service, and the University of Nebraska-Lincoln.

The Naval Criminal Investigative Service caught Knight in a sting operation after it discovered he had been posting to Team Digi7al’s Twitter account from within the Navy's network while aboard the Truman. They set up a fake database server as part of the sting and monitored him as he breached it. Knight faces up to five years in prison and a $250,000 fine.

http://arstechnica.com/tech-policy/2014/05/sailor-convicted-of-hacking-websites-from-aboard-aircraft-carrier/

FBI chief Says ‘Be suspicious’ of government power

The head of the FBI says he understands why people worry about the scope of the government's powers, and in fact, he agrees with them.

“I believe people should be suspicious of government power. I am,” Director James Comey told the Senate Judiciary Committee on Wednesday morning.

“I think this country was founded by people who were worried about government power so they divided it among three branches,” he added.

In the months since Edward Snowden leaked documents detailing the country’s intelligence programs, Comey said that “it’s hard for me, sometimes, to find the space and time to talk about what I do and why I do it.”

Though the controversial surveillance raised privacy concerns and made people fret that the government was snooping on their behavior, Comey said that the FBIs programs are run responsibly. He added that those operations had also helped to track down kidnappers and save children.

Comey assumed his top post shortly after the Snowden revelations came to light last summer. While much of the public's outrage has focused on activities at the National Security Agency, the FBI has also come under fire for its use of national security letters and operations to track foreign terrorists operating in the United States.

One of those efforts, which allows the government to track people outside the U.S. who may be plotting terror attacks, is “extraordinarily valuable,” Comey told senators on the panel.

The efforts, which are authorized under Section 702 of the FISA Amendments Act, include a program called PRISM that taps into data networks at major Web companies like Google, Facebook and Skype. From there, agents can look at photos, emails and other documents people upload.

The FBI’s national security letters, which Comey said were not used to obtain bulk quantities of information about people, require banks, phone companies, Internet service providers and other firms to hand over details about their customers. Recipients of the letters are largely prohibited from revealing details about the letters they get, which critics say amounts to a “gag order.”

Legislation is advancing in the House and Senate that would rein in those and other government data collection programs.

The House is scheduled to vote on the bill, called the USA Freedom Act, on Thursday, but some privacy advocates have worried that it has been overly watered down in recent weeks.

Senate Judiciary Chairman Patrick Leahy (D-Vt.), who introduced the upper chamber’s version of the surveillance reform bill, said on Wednesday that he was pleased by the House’s progress.

Though he added that he remained "concerned some important reforms in that act were removed

_http://thehill.com/policy/technology/206786-fbi-chief-people-should-be-suspicious-of-government-power

[freeforever03]

I'm glad that the botnet was located and taken down. I hope they find the programer as well.