International LEA Cyber Crime Operations of 2015


What was so different in 2015? Wasn’t it just more of the same? Well, not quite. As the year has ended, lets look back at some unprecedented cases that redefined risk and loss resulting from cyber attacks and international cooperation amongst International Law and Enforcement agencies. There is a common denominator that groups them as one: The mob has fully moved into the Web.  I feel there is no such thing as ‘disorganized cybercrime' hence 'Organised and concerted International action against cyber crime is the need of the hour"

Examples of LEA Cyber Crime operations in 2015:


  • An international operation involving law enforcement organisations, government cyber security teams and private organisations has targeted the Dorkbot botnet. Europol, Interpol, the US department of homeland security, the US National Cyber Investigative Joint Taskforce and the FBI partnered with Microsoft and other private sector organisations to disrupt the Dorkbot infrastructure, including command and control servers in Asia, Europe, and North America. This included seizing domains to disrupt the botnet operators’ capacity to control their victims’ computers.
    Source: ComputerWeekly, 7 December 2015
  • FBI, Security Vendors Partner for DRIDEX Takedown – Multiple command-and-control (C&C) servers used by the DRIDEX botnet have been taken down by the Federal Bureau of Investigation (FBI), following the action taken by the National Crime Agency (NCA) in the UK.
    Source: TrendMicro, 13 October 2015
  • In a global operation coordinated by the INTERPOL Global Complex for Innovation in Singapore, a group of leading IT companies including Kaspersky Lab, Microsoft, Trend Micro and Japan’s Cyber Defense Institute, in collaboration with law enforcement agencies, have disrupted the Simda criminal botnet – a network of thousands of infected PCs around the world.  Source: Kaspersky, 13 April 2015
  • The [Beebone] botnet takedown, known as Operation Source, was led by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Most EU member states and law enforcement partners around the world coordinated in the action. The Dutch High Tech Crime Unit led the J-CAT effort. The U.S. Federal Bureau of Investigation provided valuable support. Source: Intel Security, 9 April 2015
  • A law enforcement operation led by Europol and assisted by Symantec, Microsoft,  and a number of other industry partners, has today seized servers and other infrastructure owned by the cybercrime group behind the Ramnit botnet (detected by Symantec asW32.Ramnit.B). The group has been in operation for at least five years and in that time has evolved into a major criminal enterprise, infecting more than 3.2 million computers in total and defrauding large numbers of innocent victims. It is hoped that today’s operation will strike a significant blow against the resources and capabilities of the gang.Source: Symantec, 25 February 2015
  • International operation targeting GameOverZeus and Cryptolocker malware variants. These malware variants are estimated to have cost the UK £500 million in losses.Coordinated activity across 10 countries led to the botnet behind the malware being taken offline for two weeks, allowing the public to take steps to protect themselves (e.g. update anti-virus). Combined with extensive global media coverage 32% drop in GameOverZeus infections, estimated £100 million in losses prevented. Source NCA-UK
  • UK investigation targeting the users of Blackshades, a Remote Access Tool able to access users’ webcams. FBI intel - over 1100 UK-based purchases on Blackshades. NCCU coordinated a week of arrests, involving ROCUs, MPS & Police Scotland, targeting 50+ individuals for Pursue action. 20 arrests across 10 Regions. Remaining individuals subject to Prevent activity – cease & desist letters, visits by ROCU & NCA officers, media coverage Linked to a global day of action with over 100 arrests in the US, Australia, Asia & Europe. An important test of the NCCU’s coordination of UK law enforcement.


Comments

Popular posts from this blog

Consumer Dispute resolution under the Telecom Act 2023

Types of Cyber Attacks

What to do when police does not take your FIR?