Last month a then secret operation involving the US FBI was occurring in Ukraine. As the country was being pulled apart at the seams by a rebel insurrection in its eastern sector, FBI and Ukrainian authorities moved in on Evgeniy Mikhailovich Bogachev, 30, a stealthy computer hacker on the FBI’s most wanted list running one of the most sophisticated data theft operations in the world. Just seven days before the suspicious referendum was being held to provide Eastern Ukraine cities such as Donetsk more autonomy, Ukraine forces were not only fighting separatists, they were also working with US authorities to shut down what was one of the most threatening criminal computer hacking operations in memory.

GameOver Zeus

Daring operation in rebel infested Eastern Ukraine leads to seizure of control computers

Bogachev would be charged by the US Justice Department with conspiracy, computer hacking, wire fraud, bank fraud and money laundering for operating a computer virus called the GameOver Zeus malware. While Bogachev would elude authorities, they were able to shut down the operation, but it would take the coordination of multiple government agencies and culminate in a simultaneous raid around the world using both local authorities and sophisticated cyber crime weapons to stop the criminals from unleashing a worldwide epidemic of cyber botnet attacks.

Calling the GameOver Zeus computer network “the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” FBI Executive Assistant Director Robert Anderson Jr in an statement on Monday described the criminal plan. “By secretly implanting viruses on computers around the world, they built a network of infected machines – or “bots” – that they could infiltrate, spy on, and even control, from anywhere they wished.   Sitting quietly at their own computer screens, the cyber criminals could watch as the Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers and networks in the United States. And then the criminals turned that information into cash by emptying the victims’ bank accounts and diverting the money to themselves.”

The DoJ is expected to announce today that, after a successful coordinated operation in May, they will attempt to seize control of some 500,000 to 1 million computers worldwide that were unknowingly infected by the virus and worked to benefit the criminal ends of the computer hacking ring. But this conclusion didn’t come without international drama.

International intrigue leads to malware shutdown

The daring May 7 raid in Eastern Ukraine, as separatist forces were battling Ukraine officials for control of the region, was the first of many coordinated attacks. A correlated raid in Kiev that day, seizing the command computers and operations data of the criminal group, yielded a bounty of information that led to a worldwide raid on May 28 that was particularly delicate.  One key to this raid, as official DoJ / FBI communication tells the story, was making sure that none of the perpetrators could not communicate with each other or launch a cyber attack as they realized authorities were closing in.

GameOver Zeus and Cryptolocker

Beginning in the early morning hours on Friday and continuing through the weekend, the FBI and foreign law enforcement then began the coordinated seizure of computer servers around the world that had been the backbone of GameOver Zeus and Cryptolocker. These seizures took place in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the United Kingdom. Recognizing that seizures alone would not be enough because cyber criminals can quickly establish new servers in other locations, our team began a carefully timed sequence of technical measures to wrest from the criminals the ability to send commands to hundreds of thousands of infected computers, and to direct those computers to contact the server that the court had authorized us to establish. Working from command posts in the United States and at the European Cybercrime Centre in the Hague, Netherlands, the FBI and our foreign counterparts—assisted by numerous private sector partners—worked feverishly around the clock to accomplish this re-direction and to defeat various defenses built into the malware, as well as countermeasures attempted in real time over the weekend by the cyber criminals who were trying to retain control over their network.

The FBI estimates losses from the program to be in the region of $100 million and the leader of the attack, Bogachev, remains on the run, said to be hiding in Russia or Eastern Ukraine.