International authorities have arrested a computer hacker believed
responsible for creating the malicious computer code that infected as
many as 12 million computers, invading major banks and corporations
around the world, FBI officials told The Associated Press on Tuesday.
A
23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia,
after a lengthy investigation by Slovenian Criminal Police there along
with FBI and Spanish authorities.
His arrest
comes about five months after Spanish police broke up the massive cyber
scam, arresting three of the alleged ringleaders who operated the
so-called Mariposa botnet, stealing credit cards and online banking
credentials.
The botnet — a network of
infected computers — appeared in December 2008 and infected more than
half of the Fortune 1,000 companies and at least 40 major banks.
Botnets
are networks of infected PCs that have been hijacked from their owners,
often without their knowledge, and put into the control of criminals.
Jeffrey
Troy, the FBI's deputy assistant director for the cyber division, said
Tuesday that Iserdo's arrest is a major break in the investigation. He
said it will take the alleged cyber mastermind off the street and
prevent him from updating the malicious software code or somehow
regaining control of computers that are still infected.
Officials
declined to release Iserdo's real name and the exact charges filed
against him, but said the arrest took place about 10 days ago and the
man has been released on bond.
"To use an
analogy here," said Troy, "as opposed to arresting the guy who broke
into your home, we've arrested the guy that gave him the crowbar, the
map and the best houses in the neighborhood. And that is a huge break in
the investigation of cyber crimes."
Troy
said more arrests are expected and are likely to extend beyond Spain and
Slovenia and include additional operators who allegedly bought the
malware from Iserdo.
Authorities would not
say how much Iserdo supposedly charged, but said hackers could buy the
software package for a certain amount, or pay more to have it customized
or get additional features.
Internet reports suggest the fees ranged from as much as $500 for basic packages to more than $1,300 for more advanced versions.
Cyber
masterminds behind the biggest botnets aren't often taken down largely
because it is easy for experienced hackers to hide their identities by
disguising the source of their Internet traffic. Usually the computer
resources they use are stolen. And the investigations are complex and
technical, often spanning dozens of countries with conflicting or even
non-existing cyber crime laws.
For
instance, there have been no arrests yet in the spread of the Conficker
worm, which infected 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and caused widespread fear that it could be used as a kind of Internet super weapon.
The
Conficker botnet is still active, but is closely watched by security
researchers. The infected computers have so far been used to make money
in ordinary ways, pumping out spam and spreading fake antivirus
software.
The
Mariposa botnet, which has been dismantled, was easily one of the
world's biggest botnets. It spread to more than 190 countries, according
to researchers. It also appears to be far more sophisticated than the
botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
The
researchers that helped take down Mariposa — which is from the Spanish
word for "butterfly" — first started looking at it in the spring of
2009.
Hackers spread the botnet by using
instant-messaging malicious links to contacts on infected computers.
They also used removable thumb drives and peer-to-peer networks to
spread the botnet.
The investigation has
included federal and international law enforcement as well as a team of
more than 100 people, including FBI, members of a specialized botnet
investigative team and the so-called Mariposa working group, which
includes researchers and private industry experts.