If you search for cybersecurity or cybercrime under Google News the results can be depressing: so many cybercrimes, so few arrests. Yet I would argue that there are hopeful signs in the recent rash of law enforcement actions directed at cybercrime.
Unfortunately, these law enforcement “wins” don’t always receive the attention they deserve (or they get lost in the tweet-driven media storm that defines the political agenda in some parts of the world today).
This two-part article serves to draw attention to some of the positive news in the world of cybercrime deterrence, including a string of arrests.
Arresting development
So far this year, dozens of criminal hackers from around the world have been arrested, indicating that law enforcement agencies are getting better at cybercrime investigation.
"This suggests that cybercrime is becoming a riskier proposition for aspiring criminals."
This suggests that cybercrime is becoming a riskier proposition for aspiring criminals. I will have more to say on that after we run through a baker's dozen of this year’s more encouraging cybercrime headlines (that is: encouraging to law abiding citizens, discouraging to the criminally-inclined):
Linux malware campaign leads to 46-month sentence (Department of Justice, August 2017)
Russian citizen Maxim Senakh, co-conspirator in the Windigo Operation, had pled guilty in March to participating in a criminal enterprise that compromised "tens of thousands of computer servers throughout the world to generate millions of dollars in fraudulent payments" (DoJ). Senakh was indicted in January of 2015. Finnish authorities detained him in August of that year and extradited him to the US in February 2016. (Check out ESET's award winning Windigo research)
A pair of prolific malware authors arrested (Washington Post, July 2017)
Two Latvian men were accused in federal court in Virginia of running a malware service since 2006. They produced keyloggers and “Remote Access Trojans” used to compromise thousands of company computers in the US.
Nine arrested for Fireball malware (Mashable, July 2017)
The Chinese suspects arrested by Chinese authorities were accused of infecting tens of millions of computers with malware that generated fake clicks and diverted website traffic.
A five-year prison sentence for Citadel malware developer (Reuters, July 2017)
A Federal District Court in Atlanta sentenced Mark Vartanyan, known online as “Kolypto,” after he pled guilty to computer fraud charges. The Citadel malware was used to steal personal financial information from thousands of computers and enabled hundreds of millions of dollars to be taken from bank accounts.
Arrest made in Petya malware case (ZDNet and Ukrainian News, August 2017)
This may not be the person who wrote Petya, and details are still emerging, but authorities assert that this person was distributing Petya.
FBI arrests Wall Street insider (Cyberscoop, April 2017)
Man accused of using malware to steal valuable algorithms. A reminder that insiders are a serious threat, and insiders sometimes use malware.
Owner of malware crypter service arrested, plus six customers (Bleeping Computer, June 2017)
This is a case of police hitting the crimeware supply chain. The suspects were not writing malware but enabling its distribution.
Two Russians appeared in a UK court over an alleged clearing bank cyberattack (Law 360, April 2017)
This story has gone dark since the suspects appeared in court in April – so stay tuned.
Alleged spam king arrested (Krebs on Security, April 2017)
The capture of Pyotr Levashov was a classic “arrested while on vacation” win for law enforcement. He is better known as “Severa,” described by Brian Krebs as “the virtual linchpin connecting virus writers with huge spam networks.” Levashov allegedly ran the notorious Kelihos botnet, the dismantling of which will be covered in part two of this article.
Android banking malware gang arrested in Russia (Dark Reading, May 2017)
For those who think most cybercrime is “Russian on American”, it is refreshing to read that Russian authorities arrested “a group of 16 Russian hackers who managed to seize more than $800,000 from Russian bank customers using malware loaded onto Android devices” (especially because the criminal coders were in the process of refining their malware to hit banks in the UK, US, Germany, etc.). If you enjoy police video of cybercrime arrests, check out this report from our good friends at Group-IB.
DDoS perpetrator pleads guilty (Bleeping Computer, July 2017)
DDoS perpetrator who attacked Deutsche Telekom routers with Mirai malware pleads guilty.
Nine arrests made over Lurk banking Trojan (Bleeping Computer, January, 2017)
Nine more arrests for development and distribution of Lurk banking trojan and Angler exploit kit. Russian authorities arrested and jailed nine suspects, in addition to the 50 already detained in 2016 (pro tip: don’t mess with Russian banks).
Russian virus writer arrested in Spain (Reuters, January 2017)
A Russian virus writer was nabbed by Spanish law enforcement and FBI (Security Affairs, January 2017). A 32-year-old Russian citizen known as Lisov SV was arrested at Barcelona airport, accused of creating and administering the widely used banking trojan known as Vawtrak/Neverquest/Snifula (detected by ESET as Win32/PSW.Papras).
Law enforcement and cybercrime
Will these law enforcement “wins” be enough to defeat cybercrime? Of course not, but don’t under-estimate the deterrent effect that a growing number of arrests and prison sentences can create. Historical research in criminology suggests that only a small percentage of property crime offenders are hard-core criminals who never give up their life of crime.
Many criminals eventually desist, and the phenomenon of criminal desistance is well-documented in relation to “life-course transitions” such as marriage, parenthood, and legitimate employment. If we accept a rational choice theory of crime, then those life events, together with shifts in the risk landscape, like a well-publicized string of arrests, can tip the balance toward going straight.
An increase in the perceived risk of getting caught and being sent to prison can be a decisive factor in the constantly evolving risk-benefit assessment of criminal opportunities (think: “It’s not worth the risk now that I’ve got a kid to take care of and a decent job; besides, they’re arresting a lot more malware players these days”). We can but hope!
In part two, “Big trouble in dark markets”, I look at how takedowns on the “dark net” may be affecting cybercrime in 2017.
If you know of any significant cybercrime arrests I missed from my list, leave a comment and let me know."