Google disrupts cybercrime network infecting 1 million devices

Google said the network has targeted victims from the United States, India, Brazil and South-east Asia. PHOTO: REUTERS
Updated
Dec 08, 2021, 09:15 AM
Published
Dec 08, 2021, 06:27 AM

WASHINGTON (AFP) - Google said it has moved to shut down a network of about one million hijacked electronic devices used worldwide to commit online crimes, while also suing Russia-based hackers whom the tech giant said were responsible.

The so-called botnet of infected devices, which was also used to surreptitiously mine Bitcoin, was cut off at least for now from the people wielding it on the Internet.

"The operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism," wrote Mr Shane Huntley and Ms Luca Nagy from Google's threat analysis group on Tuesday (Dec 7).

Large technology companies such as Google and Microsoft are increasingly pulled into the battle against cybercrime, which is conducted via their products thus giving them unique understanding of and access to the threats.

Google said the network includes about one million Windows-using devices worldwide for crimes that include stealing users' credentials, and has targeted victims from the United States, India, Brazil and South-east Asia.

The company also filed a lawsuit in a New York federal court against hackers Dmitry Starovikov and Alexander Filippov seeking an injunction to block them from wrongdoing on its platforms.

Cyber-security experts first noticed Glupteba in 2011, which spreads by masquerading as free, downloadable software, videos or movies that people unwittingly download on to their devices.

However, unlike conventional botnets that rely on predetermined channels to ensure their survival, Glupteba is programmed to find a replacement server in order to keep operating even after being attacked, said Google's lawsuit.

As the botnet network combines the power of some one million devices, it possesses unusual power that could be used for large-scale ransomware or other attacks.

To maintain that network, the organisation "uses Google advertisements to post job openings for the websites" carrying out the illegal work.

The hackers also used Google's own services to distribute the malware - the Internet giant took down some 63 million Google Docs and terminated more than 1,100 Google accounts used to spread Glupteba.

The botnets can "recover more quickly from disruptions, making them that much harder to shutdown", Google said in a blog post. "We are working closely with industry and government as we combat this type of behaviour."

More On This Topic
Microsoft seizes 42 websites from a Chinese hacking group
Net of the living dead: Hacker-controlled zombie devices triple in Singapore

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top