The threat posed by criminal hackers who use networks of secretly hijacked computers has increased “dramatically” over the past several years, a top U.S. Justice Department prosecutor testified Tuesday.
Leslie Caldwell, the assistant attorney general for the department’s criminal division, said that such networks, known as “botnets,” have “caused enormous financial damage and innumerable invasions of Americans’ privacy.”
Caldwell’s testimony in a Senate hearing came a month after the FBI and Justice Department announced the dismantling of a botnet known as Gameover Zeus that had infected between 500,000 and 1 million computers worldwide and inflicted more than $100 million in losses.
Gameover Zeus operated like a hydra. Once a computer was infected, often after its user clicked on a malicious link or e- mail attachment, it became a “bot” and started communicating with other infected computers, creating a network of similarly afflicted machines. While communicating with each other, the bots also passed stolen banking information to servers that relayed that data to the hackers.
The hackers then committed their cyber burglary by exploiting the security hole bored by Gameover Zeus. When they determined the time was right, the hackers transfered funds from compromised bank accounts — frequently in excess of $1 million — through third parties known as “money mules.”
The U.S. Justice Department has charged a 30-year-old Russian, Evgeniy Mikhalilovich Bogachev, as the leader of the tightly-knit group of hackers responsible for developing and operating Gameover Zeus. He remains free in Russia.
Taking down Gameover Zeus required an international law enforcement response that involved the seizure of servers and the re-engineering of malware to prevent it from communicating with hackers. Computers are no longer communicating with the hackers, Caldwell said.
Such malware is lucrative for hackers, causing more than $9 billion in losses to Americans, Joseph Demarest, an assistant director at the Federal Bureau of Investigation, testified, at a hearing of the Judiciary Committee’s subcommittee on crime and terrorism. He added that more than 500 million computers worldwide are infected by botnet malware each year.
Botnets “are now recognized as the weapon of choice for cyber criminals,” said Senator Sheldon Whitehouse, a Rhode Island Democrat who is chairman of the panel.