WASHINGTON–Authorities in the U.S. and Britain are reporting they have stopped a massive hacking operation that infected computers worldwide, stealing at least $10 million from the United States alone.
According to law enforcement officials in both countries, they, along with several cybersecurity firms took control of a network of machines that distributed malicious software known as "Bugat," "Cridex" or "Dridex." This malware preyed on unsuspecting people by slipping into their computers, stealing passwords and siphoning money from bank accounts.
For distribution, authorities said, it relied on a network of enslaved computers. Experts say the botnet infected maybe 125,000 computers a year.
Separately, the U.S. Department of Justice also filed criminal charges against Andrey Ghinkul, a 30-year-old man who is believed to have been the hacker at the helm of the operation.
Ghinkul was recently arrested in Cyprus, and American prosecutors are seeking to have him extradited to stand trial in the United States.
According to the indictment, Ghinkul's high-tech thievery stretches back years, and others were involved. Investigators believe Ghinkul and others sent official-looking spam that tricked people to open infected e-mail attachments. Using that method, they were able to steal $3.5 million from Penneco Oil in Pennsylvania in 2012 and send that to bank accounts in Belarus and Ukraine, according to the indictment.
The same way, Ghinkul tried to steal nearly $1 million from the Sharon City School District in Pennsylvania in 2011, but wasn't able to pull it off, investigators said.
The takedown was conducted by government agents from the FBI, the British National Crime Agency, Europol's European Cybercrime Centre and the German Bundeskriminalamt.
Private companies involved included Dell SecureWorks, which told CNNMoney it led the operation of actually hacking the botnet that spread the malware, as well as cybersecurity companies Fox-IT, S21sec, Spamhaus and others.
Authorities are cautioning, however, that the shutdown is only a temporary setback for hackers. Police have taken out a distribution network – but not the malware itself. In fact, Proofpoint has seen Dridex being distributed by other botnets at the same levels as before, according to CNNMoney.