| |

More than 40 countries co-operate to take down major criminal computer network

Publication: 
CoNet Administrator
chiefofficersnet

It was called Avalanche and it was "specifically designed to thwart detection by law enforcement." But co-operation between enforcement agencies in more than 40 countries and private sector participants created a profile of it and that enabled it to be located and taken down. It had facilitated huge harms.

The operation created a "sink hole" into which more than 800,000 malicious domains were moved to prevent them being used again. There were arrests and seizures of servers in four countries.

The investigation started four years ago when German authorities became suspicious of many phishing and spam campaigns that installed, without the user's knowledge, malware on thousands of computers worldwide. The malware logged data and sent it to the criminals or was ransomware. Avalanche was not the criminals doing the harm, it was the network upon which those criminals could rent services to commit their crimes and be protected from detection.

But it's still happening. Only yesterday, we found illegal copies of our boss' book Sun Tzu and the Art of Litigation advertised on ibooklibrary.net and ridersradio.net. At ibooklibrary.net, there is a page saying there have been 362 downloads in two days. If they got malware along with their downloads, or if there was no download but only a drive-by installation, then they did so while attempting to download an illegal copy of a book. Some might consider that karma.

However, those responsible for hosting the sites containing illegal copies do not act sufficiently quickly to take down sites. Registrars deny that they are responsible for the domains. Yet both have benefited, financially, from the activities of criminals. That's money laundering and the authorities should be going after registrars and hosts to make them focus on their responsibilities as facilitators.

Currently, a large volume of spam, which is often the gateway to such sites, is coming from new domain types.

Our own techs have now banned all incoming mail from .bid, .link, .date, .online, .site and others which are, at present, widely used by dubious if not actively criminal enterprises.