World’s biggest cyber crime gang thwarted by police.
It was one of the most sophisticated cyber crime campaigns ever mounted: a hacking spree that snared millions of victims worldwide and netted the gang behind it as much as half a billion pounds. Not content with raiding the bank accounts of their victims, the thieves blackmailed them, and then hijacked their computers to snare even more targets.
The criminal network behind it has now been hit by a global police operation. Channel 4 News was given exclusive access to the UK’s National Cyber Crime Unit (NCCU) as it helped in the take-down of the GameOver Zeus Crew, a notorious group of computer criminals believed to be based in Russia.
The gang used carefully crafted phishing emails to trick its way on to victims’ machines, often masquerading as urgent messages from HMRC or Companies House. Some corporate victims told Channel 4 News that the emails included specific details about their company to add to their authenticity.
The emails included an attachment or link, and when the recipient clicked on it they were infected with GameOver Zeus, a powerful new virus. It first checked whether the computer’s keyboard was set up in Russian, and if not, it installed a more complex virus which gave the criminal gang complete control over the machine.
“Anything you can do on your computer, they can do on your computer without you knowing,” said Stewart Garrick, who has led the NCCU’s investigation into the gang. “I know of more than 15,000 computers in the UK infected with this right now.”
The virus was used to blackmail victims, steal cash from their accounts, and then force the infected computer to snare other victims.
It gave the criminals real-time access to the victim’s entire online life: Channel 4 News was shown how the hackers can record videos of everything that appears on the screen, gather passwords for websites, and even switch on the webcam.
Blackmail is a key tactic, and the gang was behind a global extortion campaign that snared doctors’ surgeries, lawyers and even police stations. It used the virus to launch Cryptolocker, which scrambles the victims’ files and gives them deadline to pay a ransom of hundreds of pounds to get them back.
Eunice Power, a chef in Co Waterford, found the contents of her laptop scrambled. “This big red screen appeared saying ‘your files have been encrypted’. I checked the files and it was all gobbledy-gook, one after the other. I unplugged it thinking that would sort it out but it didn’t.
“At this point it was flashing up an amount of time, I had 72 hours to pay a ransom. I had an external back-up which was plugged in at the time so that was all encrypted. I could feel perspiration coming out through me. I didn’t believe anything could be so evil.”
The blackmailers demanded payment in the virtual currency Bitcoin. As Mrs Power struggled to make the payment work, the countdown hit zero.
“I lost everything: family photos, accounts, payroll, everything. If someone had robbed my house it would have been easier. It was devastating,” she said.
Her folders are still intact, meaning she can see which photos and documents she lost, but when she tries to open them, she is confronted with incomprehensible code.
Bank accounts targeted
Blackmail is just one option: the thieves’ main target is internet banking.
“They want to monetise the investment they’ve made in getting into your machine,” said Don Smith of Dell SecureWorks, which has spent years tracking the gang. “They are absolutely after dollars, pounds and euros.”
Once installed the virus waits for the computer to connect to online banking, and then alerts the criminal, who can manipulate what the victim sees on screen, throwing up fake pages and tricking them into authorising transfers out of their account.
With the criminals’ network disrupted, now is the time to protect your computer. There are three things you need to do:
1. Update your operating system (this is Microsoft Windows if you own a PC, or Mac OS if you have an Apple machine).
2. Install, update and run anti-virus software.
There are many options but try to buy it as a physical CD – that way you don’t risk downloading from a dodgy website.
There is more advice on the government’s Get Safe Online website.