A prolific botnet has finally fallen—but there are still plenty to go.
Last Friday, at the request of the FBI, Spanish police officers arrested Russian hacker Peter Levashov while he holidayed in Barcelona with his family. The reason: Levashov is thought to be better known as Peter Severa, a cybercriminal who controlled the Kelihos botnet. Now, the Justice Department has announced that at the time he was seized the FBI simultaneously began the task of dismantling his nefarious creation.
The army of weaponized computers corralled by Levashov had been running since 2010 and at times numbered as many as 100,000 devices. According to the Justice Department, his malware scoured computers running Windows for usernames and passwords, as well as intercepting network traffic to the same ends. It leveraged those details and its presence on devices to provide a platform from which to send spam e-mail and perform ransomware attacks, and it was even hired out to other cybercriminals. A New York Times report contains more detail on Levashov himself, including his possible collusion with the Russian government.
The FBI has now neutralized the Kelihos botnet by creating dummy servers, which receive requests for instructions that are sent out by infected devices, and blocking those instructions from making it to the devices. The crackdown was made possible by new powers that allow the FBI to remotely access computers that it doesn’t have in custody. The government is also logging the IP addresses of the infected devices so that their users can be alerted to the problem in order to remove the botnet malware from their computers.
It’s a significant piece of work on the part of the FBI, and a clear signal that the U.S. government is cracking down on one of the most pernicious cyber threats of the day. But this is just one of very many botnets in use around the world—some of which commandeer millions of devices.
The threat looks set to get worse before it gets better. As connected devices proliferate in our homes and offices, there are more and more pieces of hardware available to do cybercriminals’ bidding. In fact, the situation appears to be getting so bad that we made the so-called botnet of things one of our 10 breakthrough technologies of 2017.
The fear is that increasingly large botnets could be used to carry out attacks that are targeted at Internet infrastructure providers—like the one that took down parts of the West Coast’s Web last October. So far, attacks have been relatively small and short-lived, but the increasingly centralized nature of the Internet means that they could one day become catastrophic—whether that means leaking vast quantities of data or simply taking the Internet offline.
Congress is aware of the scale of the problem, and clearly government agencies are too. So the fall of Kelihos is a positive step, but the first of many still required.