From the FBI Files
December 5, 2016
Joint Cyber Operation Takes Down Avalanche Criminal Network
Servers Enabled Nefarious Activity Worldwide
It was a highly secure infrastructure of servers that allegedly offered cyber criminals an unfettered platform from which to conduct malware campaigns and “money mule” money laundering schemes, targeting victims in the U.S. and around the world.
But the Avalanche network, which was specifically designed to thwart detection by law enforcement, turned out to be not so impenetrable after all. And late last week, the FBI took part in a successful multi-national operation to dismantle Avalanche, alongside our law enforcement partners representing 40 countries and with the cooperation of private sector partners. The investigation involved arrests and searches in four countries, the seizing of servers, and the unprecedented effort to sinkhole more than 800,000 malicious domains associated with the network.
It’s estimated that Avalanche was responsible for as many as 500,000 malware-infected computers worldwide on a daily basis and dollar losses at least in the hundreds of millions as a result of that malware.
The investigation into the highly sophisticated Avalanche network, initiated four years ago by German law enforcement authorities and prosecutors, uncovered numerous phishing and spam campaigns that resulted in malware being unwittingly downloaded onto thousands of computers internationally after their users opened bad links in e-mails or downloaded malicious attachments. Once the malware was installed, online banking passwords and other sensitive information were stolen from victims’ computers and redirected through the intricate network of Avalanche servers to back-end servers controlled by the cyber criminals, who wasted no time in using this information to help themselves to other people’s money. (included the following enforcement groups according to Europol– the Public Prosecutor’s Office Verden and the Lüneburg Police (Germany), the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice and the FBI, Europol, Eurojust and global partners)
One type of malware distributed by Avalanche was ransomware, which encrypted victims’ computer files until the victim paid a ransom to the criminal perpetrator. Other types of malware stole victims’ sensitive banking credentials, which were used to initiate fraudulent wire transfers. And in terms of the money laundering schemes, highly organized networks of money mules purchased goods with the stolen funds, enabling the cyber criminals to launder the illicit proceeds of their malware attacks.
How did these cyber criminals hear about the Avalanche network in the first place? Access to the network was advertised through postings—similar to advertisements—on exclusive underground online criminal forums.
“Cyber criminals can victimize millions of users in a moment from anywhere in the world.”
Scott Smith, assistant director, FBI Cyber Division
Because most cyber schemes cross national borders, an international law enforcement response is absolutely critical to identifying not just the technical infrastructure that facilitate these crimes, but also the administrators who run the networks and the cyber criminals who use these networks to carry out their crimes.
The FBI—with its domestic and international partners—will continue to target the most egregious cyber criminals and syndicates. But U.S. businesses, other organizations, and the general public need to do their part by protecting their computers and networks from malware and other insidious cyber threats. Don’t click on links embedded inside e-mails. Don’t open e-mail attachments without verifying who they’re from. Use strong passwords. Enable your pop-up blocker. Only download software from sites you trust. And make sure your anti-virus software is up to date.
Each of us securing our own devices—coupled with a coordinated law enforcement effort to combat ongoing cyber threats—will go a long way toward protecting all of us in cyberspace.
According to BlastingNews.com: The culmination of the joint task assignment meant the “final dismantling of more than 50 Avalanche network servers worldwide and the search and arrest of dozens in four different countries, marking the end of one cyber-crime infrastructure that will disrupt the entire criminal ecosystem.”
Update: In an outrageous move – From BleepingComputer.com on December 7th – A judge in the city of Poltava, Ukraine, has released the alleged leader of the Avalanche malware distribution network, despite the fact the crook was involved in a shootout with the local police special forces that came to arrest him. The judge may lose his job. His argument – all the proper paperwork for the man had not been filed. The report ends with – the soldiers and police have so far been unable to find him again. hmmmmmmm
Thanks to Comey and Lynch, we as citizens have developed a distaste and distrust for upper management at the FBI and DoJ. That said, I truly believe there are a lot of hardworking, new and seasoned professionals who are trying to face the security threats across the United States. One of the hardest hit areas of attack is cyberspace. The Avalanche network apparently was designed for criminal purposes using malware, ransomware, and other phishing programs.
Was the “Minecraft” game part of the same network? I don’t know but then that brings up equally scary thoughts of what any online site might be doing on hidden programs running as people play games. We already have ample evidence of targeting of ads through online searches, etc. Instead of trying to eliminate the freedom of speech from conservative sites, Google and others need to be removing all this trash.
Some of you may be wondering why I added this post –
To Make A Strong Point
NOT ONE Mainstream article in three pages of Google searching was pulled up on this. Only off mainstream sites articles and enforcement press releases across the globe were found. The one finally that showed up after three pages was ABC on a lone Pittsburgh article relating to Avalanche on a local matter. DUHHHHHHHHHHH
“START REPORTING THE NEWS”
Mainstream Media – get off the Trump crybaby crap and do your job or shut down and let off-stream sites take over reporting the real news not your FAKE news. While you guys are sitting here enabling the political leftist meme of news on tired, old whiney memes news – real world news is happening.
MAINSTREAM NEWS – FAKE REPORTING