Lethal Botnet’s Masterminds Brought Down
Three men were arrested in Spain last month, who were accused of one of the biggest computer crimes in cyberspace history. Known as Mariposa, the Spanish word for butterfly, it was a botnet that infected more than 13 million PCs with a virus that stole credit card numbers and other sensitive data. Discovered last year, the Mariposa has infected machines in over 190 countries, and at more than 500 of the world’s largest companies, and even 40 major financial institutions, before it was shut down on December 23rd, 2009.
Two internet security firms, the Defence Intelligence Inc. (Canada) and Panda Security S.L. (Spain), helped Spanish police crack the case and find the culprits. “It was so nasty, we thought ‘We have to turn this off. We have to cut off the head,'” said Chris Davis, CEO of Defence Intelligence Inc. The virus modus operandi was simple and elegant, secretly taking control of infected machines and turning them into ‘slaves’, and creating a virtual army with them called ‘botnet’. After stealing login credentials and recording key strokes, the data would be sent from the slave computer to a central control centre, from where the information was accessed by the ringleaders.
Mariposa gained its initial ground by exploiting vulnerabilities in Microsoft’s Internet Explorer, and then spread by infecting USB flash sticks and spamming on instant messaging software, also Microsoft’s. Microsoft has made no comment about this.
The three men who were arrested had the aliases of “Netkairo”, “Ostiator” and “Johnyloleante,”. Not only did they use the information they stole for personal gain, they also gave control over millions of the infected machines to other hackers. The work done by the two security firms and the Spanish police cannot be underestimated, as while it is expected that such botnet networks will be eventually shutdown, catching the culprits behind them is a different matter. Mark Rasch, former head of the U.S. Department of Justice computer crimes unit, says that these viruses are a constant occurrence, and Mariposa is just one of the biggest, and hence is in such public view. “Mariposa’s the biggest ever to be shut down, but this is only the tip of the iceberg. These things come up constantly.” He also warned that it is very improbable only three men were behind this entire crime, and that it would not require much criminal masterminding to put the network back online soon.
The power of Mariposa is quite scary, and can paralyse an entire country’s computer systems, and police are glad that the “criminal mentality” of those that were behind the virus “wasn’t very sophisticated”. They themselves did not realise the power of Mariposa, and police believe that the men were not expert hackers, but instead had bought the virus on the black market, and not created it themselves. A recent cyber attack in Estonia based on a similar virus crippled the entire country’s vital computer infrastructure, though it was much less powerful than the Mariposa. One can only consider the world fortunate, that Mariposa’s power was not realised to its fullest, for it could have easily destroyed an entire country’s computer network. The ironic thing is, that after terrorizing the world for almost a year, the Mariposa ringleaders did not seem to have made much money, apart from a comfortable living.