AMSTERDAM / LONDON (Reuters) – One of the most prolific cyber criminals in Eastern Europe has been arrested in a joint operation involving Belarus, Germany and the United States, with the aim of dismantling a large computer network used to perform Financial scams, officials said Tuesday.
The national police in Belarus, working with the US Federal Bureau of Investigation. UU., He said they had arrested an anonymous citizen of Belarus on suspicion of selling malicious software who was described as administrator of the Andromeda network.
Andromeda can be described as a "botnet," or group of computers that have been infected with viruses to allow hackers to control them remotely without the knowledge of their owners, allowing them to install criminal tools to perform additional attacks .
The arrested individual is suspected of being the ringleader of the criminal network surrounding Andromeda, a collection of online tools for other criminals to mount malware or phishing attacks and other online scams, a Europol spokesman said.
"Andromeda was one of the oldest malwares on the market," said Jan Op Gen Oorths, a spokesman for Europol, the European Union's law enforcement agency.
The police operation, which had the help of Microsoft, was important both for the number of computers infected and because Andromeda had been used for several years to distribute new viruses.
The closing of the Andromeda botnet, announced on Monday, was designed by a working group coordinated by Europol that included several European law enforcement agencies, the FBI, the German Federal Office for Information Security and agencies in Australia, Belarus. , Canada, Montenegro, Singapore and Taiwan.
Europol, the Federal Bureau of Investigation of the USA. UU And the Belarus Investigative Committee has gradually published information about the operation in the last two days. No more arrests have been reported.
CYBER CRIME MASTERMIND
The Belarusian Interior Ministry in Minsk said the arrested man was born in 1983 and is a resident of the Gomel region.
Cybersecurity firm Recorded Future said they have "a high degree of certainty" that the 33-year-old Belarusian arrested person is "Ar3s", a prominent hacker in Russian-speaking cybercrime since 2004, to whom the company has identified as the creator of the Andromeda botnet, among other piracy tools.
Reuters could not reach Ar3s or confirm the identity of the alleged hacker and, therefore, does not name it.
However, a colleague of the telecommunications company where the individual is employed confirmed to Reuters that he had been arrested. The colleague did not provide more details.
The Belarusian authorities refused to name the alleged hacker. Europol declined to comment. The FBI was not immediately available to comment.
Officers had seized equipment from hacker offices in Gomel, the second city of Belarus, and he was cooperating with the investigation, the country's Research Committee said.
Belarusian authorities said the man accused other cybercriminals of $ 500 for each copy of Andromeda he sold to mount online attacks, and $ 10 for subsequent software updates.
Microsoft said that Andromeda's crime kit charged $ 150 for a keylogger to copy the keys to steal usernames and passwords. And for $ 250, it offered modules to steal data from forms sent by web browsers, or the ability to spy on victims using remote control software from the German firm Teamviewer.
Recorded Future said that members of online criminal forums where it was known that the Ar3s hacker was active have complained that he was last seen online around November 20.
German authorities, working with Microsoft, took control of the bulk of the network, so that information sent from infected computers was redirected to secure police servers, a process known as "sink".
Information was sent to the sink from more than 2 million unique Internet addresses in the first 48 hours after the operation began on November 29, Europol said.
Owners of infected computers are unlikely to know or take action. More than 55 percent of the computers that were found infected in a previous operation a year ago are still infected, Europol said.
Additional reporting by Andrei Makhovsky in Minsk; Jamillah Knowles in London and Mark Hosenball in Washington D.C .; Editing by Keith Weir