The FBI and European law enforcement agencies dismantled a massive network of hacked computers that had been used to defraud victims of hundreds of millions of dollars, agencies announced Tuesday.
The Justice Department seized over $8 million in cryptocurrency from the hackers and removed their malicious code from an unspecified number of infected computers in the US and around the world, according to the announcement, which said around 200,000 were infected in the US and 700,000 globally.
It’s a blow to a hacking tool known as Qakbot that Russian-speaking ransomware gangs had used to cause “significant harm” to health care providers and government agencies around the world, the Justice Department said. The department said law enforcement agencies in France, Germany, the Netherlands and the United Kingdom helped with the takedown.
It’s the latest step in a more aggressive effort by the FBI in the last few years to target popular hacking tools that allow cybercriminals to fleece Americans out of millions of dollars. The goal is to use every possible legal authority to make business harder for cybercriminals who are still regularly disrupting American companies and local governments.
“This is a concerted effort to target the services that other cybercriminals are leveraging across the globe,” a senior FBI official said in an interview.
The tool the FBI targeted in this case, known as a botnet, is an army of infected computers that hackers often use for a variety of fraud as well as potentially disruptive hacks. It’s a cheap way to amass digital firepower that can knock critical services like schools or health care providers offline.
Qakbot has been around for about 15 years, but ransomware gangs’ use of the tool in recent years added urgency to the law enforcement effort to infiltrate the group’s infrastructure. The investigation culminated late last week, when the FBI redirected the botnet’s internet traffic through computer servers controlled by the bureau and then issued commands to some infected computers to uninstall the malicious software.
The hackers can rebuild their computer infrastructure after the takedown, but FBI officials are hoping that will take a while.
Qakbot “took them years to put together and it would be difficult and time consuming for [the hackers] to reconstitute in the same manner that they had before,” said the senior FBI official, who estimated that Qakbot had caused hundreds of millions of direct or indirect losses to victims since 2008.
Asked if there was more cryptocurrency held by the Qakbot operatives to seize, the FBI official said the takedown announced Tuesday focused on computing infrastructure, “but there’s other work to be done here, to include financial aspects.”