How Associations Helped Disrupt a Botnet

With the Citadel botnet possibly responsible for the theft of more than $500 million from bank accounts worldwide, several banking industry associations worked with Microsoft, the FBI, and more than 80 countries to help take the cybercrime network down.

The infiltration and takedown of a huge part of the Citadel botnet this week showed what can happen when the public and private sectors work together to fight cybercrime.

Microsoft led the private-sector effort to disrupt the major cybercrime ring, but a number of industry groups played roles as well. More details:

The situation: Over the past year and a half, authorities believe, a series of botnets— networks of connected computers that have been hacked and set up to transmit information unbeknownst to their owners—based in 90 different countries have stolen more than $500 million from the bank accounts of consumers and businesses. The targeted companies included American Express, PayPal, Bank of America, and Citigroup, according to Microsoft. The tech company got involved due to the way the botnet was spread—through malware-infected versions of Microsoft’s Windows XP sold on the black market, according to a report from Information Week.

The takedown: On Wednesday, Microsoft and the FBI took down approximately 1,000 of the 1,463 botnets in the Citadel ring. The company’s Digital Crimes Unit helped in several ways, providing information it gained from the  court-ordered seizure of servers from two U.S.-based hosting facilities to computer emergency response teams overseas. The FBI simultaneously offered  similar information to authorities abroad. Though the culprits behind the botnet remain at large, the results of the investigation are something of a breakthrough on the cybercrime front: The investigation is the first prominent example of the federal government and the private sector working together to stop this kind of ring.

How the associations helped: The takedown  wouldn’t have happened without the help of three industry groups: the Financial Services Information Sharing and Analysis Center (FS-ISAC);  the American Bankers Association (ABA);  and NACHA —  The Electronic Payments Association. The groups worked with the FBI and U.S. Marshals Service, offering details of how online banking credentials were stolen by the botnets and then used to initiate fraudulent transactions. “I am hopeful we have a model that will allow us to get closer and closer to those who are the ultimate perpetrators of these crimes,” ABA Vice President Doug Johnson said in an interview with Reuters.

Although the reach of the botnet has been hobbled, information security experts warn that the danger is far from over—especially with the botnet’s creators still at large.

“While it’s good to see botnets like Citadel being shut down, without arrests I feel we are simply treating symptoms rather than the disease,” information security consultant Brian Honan  noted in a tweet cited by Information Week.


Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!