New Zealand Teen Nabbed in Big Botnet Bust

A New Zealand cybercrime police force nabbed an 18-year-old this week who goes by the cyber ID "AKILL," officials said. While the New Zealand officials haven't arrested the man, he is being interviewed in conjunction with a wider botnet crackdown involving the FBI and Dutch authorities.

The FBI said AKILL is believed to be the ringleader of an elite international botnet coding group that is responsible for infecting more than 1 million computers.

Botnets are networks of remotely controlled PCs that have been infected with malware viruses, adware and spyware that are installed remotely. The computers are then covertly used over the Internet for nefarious hacking activities like conducting distributed denial of service attacks (DDoS), collecting bank account information, and aiding in identity theft. The person controlling the botnets is a called a "botherder."

New Zealand's Waikato Crime Services Manager, Detective Inspector Peter Devoy, said AKILL is believed to be a co-conspirator in botnet-related activity that caused a DDoS attack at a Philadelphia university in February 2006.

The Philadelphia office of the FBI launched an investigation into the DDoS attack, which led the FBI to Ryan Brett Goldstein, 21, of Ambler, Pennsylvania. Goldstein was indicted on Nov. 1 by a federal grand jury in the Eastern District of Pennsylvania for botnet-related activity that caused the DDoS attack, the FBI reported.

A Tangled Web We Weave

In the midst of the university DDoS investigation, the FBI was able to neutralize a vast portion of the criminal botnet by disrupting the botnet's ability to communicate with other botnets, the bureau said. This particular investigation is still ongoing.

Police suspect New Zealand's AKILL, in cahoots with his partner in the U.S., may have used malware files to infect and control about 50,000 computers, which caused the server to crash and deny access to the university's 4,000 students, staff and faculty members.

Back on the Island

While in New Zealand, police said, AKILL designed a unique virus that utilized encryption and was undetectable by anti-virus software. "This program was viewed by the FBI as being very sophisticated malware," Devoy noted.

New Zealand police also said AKILL is the head of a botnet group call the "A-Team" that has members in the U.S. and in other countries. In a separate investigation with the Dutch Independent Post and Telecommunications Authority, New Zealand police say AKILL was involved with an adware scheme that may have infected 1.3 million computers.

The FBI, for its part, has also been working on what it calls "Operation Bot Roast," which the bureau announced last June. Since then, the FBI says eight individuals have been indicted, pleaded guilty or have been sentenced for crimes related to botnet activity. Additionally, 13 search warrants were served in the U.S. and by overseas law enforcement partners in connection with this operation, the FBI reports, noting that Operation Bot Roast has uncovered more than US$20 million in economic losses and more than one million victim computers.

"The public is reminded once again that they can play a part in thwarting botnet activity," noted FBI's Cyber Division Assistant Director James E. Finch.

"Practicing strong computer security habits such as updating anti-virus software, installing a firewall, using strong passwords and employing good e-mail and Web security practices are as basic as putting locks on your doors and windows. Without employing these safeguards, botnets, along with criminal and possibly terrorist activities, will continue to flourish," he added.

Major Problem

"The scope of the problem is clearly something that's endemic, primarily because it's so easy for hackers and gangs of hackers to infect and control, theoretically, millions of different PCs," Mike Haro, a senior security analyst for Sophos, told TechNewsWorld.

The sheer number of PCs associated with the FBI and New Zealand bust is somewhat unusual for recent botnets, Haro said.

"It's drawing an enormous amount of attention to one botnet, and it puts a lot of [hacker] resources at risk that could theoretically be eliminated through just one investigation or crackdown," Haro explained.

"What we're seeing is that botnets are usually between 1 and 10,000 PCs, because they fly under the radar and are better distributed. So if any law enforcement agencies take down any botnets of that size, the operations of a botnet organization are not as drastically affected," he added.

"There are no geographical boundaries on the Internet, and these cyber criminals are often in each corner of the world," Haro said. "It becomes very difficult to find [law enforcement] jurisdictions to track down these gangs."