How Avalanche, the World’s Largest Cybercrime Network, Was Taken Out
In one of the farthest-reaching investigations of its kind, a worldwide inter-agency task force took down a criminal network that had victims in nearly every country in the world.
Now called “Avalanche,” the criminal network was one of the largest botnets, or a system of hijacked computers and other devices, ever seen. Targeting banking institutions and private citizens’ finances, Avalanche was used to steal log-in information (phishing attacks), introduce malware, wire stolen money, and bring its targets’ tech capabilities to a standstill by overwhelming them with a surge in traffic (denial of service attacks). The Department of Justice puts the estimated cost of damage done by Avalanche in the “hundreds of millions” of dollars.
Just as big as the scale of the problem was the scope and duration of the investigation, which included agency officials from 30 different countries, with the U.S. Justice Department and Europol among them. In total, 221 servers were shut down and more than 800,000 domains were seized or blocked. The network had been operating since 2010 and was growing. Most botnets are about 0.1 percent that size.
However, aside from its breadth, Avalanche’s defense mechanisms made it particularly hard to investigate in the first place; that’s why it took four years to take down. The botnet used a trick called “fast-flux,” which hides its nefariousness behind constantly changing IP addresses. When a botnet employs “fast-flux,” it’s kind of like a shell game. To stop this, investigators used a method called “sinkholing,” which isolates the infected computers and prevents them from communicating with one another.
Read Wired‘s full story about the takedown here. To learn more about botnets watch the video below.