June 23, 2011, 11:01 AM — Good news, good news, bad news on the global IT security front:
The good news is that this blog entry is not about LulzSec or Anonymous, even though it
Good news is that LulzSec and Anonymous are not the only hackers active right now and that this blog entry is not about either of them.
The other good news is that several hacker groups so old fashioned that they stick to (criminal) business rather than self-promotion have been broken up – or at least stung by arrests by the FBI and Ukranian state police, respectively.
The FBI didn't lock up any hackers in the larger of its two investigations, but did grab the gear used by a group that allegedly infected nearly a million users and pulled in $74 million in a sophisticated international operation that involved both distributing scareware" victims had to pay to fix, and steal bank-account information at the same time. The bureau captured 22 computers during raids in the U.S., including one at a data center in Reston, Va. Raids or investigations by police in the U.K., the Netherlands, Latvia, Germany, France, Lithuania and Sweden netted another 25 computers but included no arrests.
The group infected 960,000 computers and cost victims a total of $72 million.
The FBI cost customers even more by accidentally knocking several sites offline in what data-center managers said was a ham-handed operation to capture the hackers' gear.
SBU – the Ukranian state police -- said it has also broken up a hacker group that stole $72 million – though those gains were ill gotten mostly from people's bank accounts rather than directly through scareware.
The Ukranian SBU announced today in Kiev it had made 16 arrests after a multinational investigation that uncovered a gang using viruses to compromise the computers of victims and access bank accounts in other countries.
The groups are either the same or overlap heavily, though the relationship among them isn't clear according to FBI and SBU statements. The investigation that nailed the Ukranians is the same multinational effort in which the FBI botched that data-center raid.