Finally, FBI, Others Stop the Avalanche Network
If you follow stories about online thieves and cyberterrorism, the news is almost always about hackers getting away with a huge, damaging attack.
But in early December of 2016, the FBI and the United States Department of Justice released good news to the citizens of the U.S. and the entire world.
A major online "global crime-ware network," code named "the Avalanche Network" (Avalanche for short) had been taken down. Law enforcement authorities from Europe were also involved and helped bring down the criminals after a four-year investigation.
The official joint statement from the FBI and Justice that announced the news started like this:
"November 30 began the start of a multi-national operation to dismantle a complex, criminal network of worldwide computer servers known as Avalanche. This network hosted more than two dozen of the world's most pernicious types of malware and several money laundering campaigns," the statement said. "The operation involves arrests and searches in five countries. More than 50 Avalanche servers worldwide were taken offline."
So, what was Avalanche? Here are answers to the most asked questions about the situation:
How extensive was the effort to bring down Avalanche?
Authorities from 30 countries and investigative agencies, including Interpol and Europol, participated in the operation to "block and sinkhole" more than 800,000 malicious Avalanche domains that were responsible for significant monetary losses.
According to acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania, who was actively involved in the investigation, "The takedown of Avalanche was unprecedented in its scope, scale, reach and cooperation among 40 countries," said Acting U.S. Attorney Song. "This is the first time that we have aimed to and achieved the destruction of a criminal cyber infrastructure while disrupting all of the malware systems that relied upon it to do harm."
These were not harmless garage-based hackers. Avalanche was a big target and a huge victory, based on the scope of their illegal online deeds. "The Avalanche network, which has been operating since at least 2010, is estimated to involve hundreds of thousands of infected computers worldwide," according to the FBI. "The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network."
What kind of illegal activity was Avalanche up to?
According to a story about the event in USA Today, "Avalanche acted as a criminal company that sold and rented criminals cloud-hosted software which allowed them to take over systems, infect networks, launch ransomware or create enormous robot networks to send spam, A cybercrime security strategist was quoted as saying that Avalanche, "would do whatever you wanted. You just had to call them, say 'I need command and control service,' or 'I need to infect this type of people or this type of business,' and they'd do it." Of course, they did all that service for a price: In many ways, this type of network starts to run like a legitimate software business, only this software does damage to other computers and innocent victims.
Who else was involved, beside the FBI and Interpol?
As you might imagine, it took a collection of agencies and organizations, working closely together, to bring down such a large target. Assisting in the effort were the Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT), the Shadowserver Foundation, Fraunhofer Institute for Communication, Registry of Last Resort, ICANN and domain registries from around the world. The Criminal Division's Office of International Affairs also provided significant assistance.
The big break for authorities came when police in Germany "reverse engineered" the malicious code that Avalanche was using. Once that was accomplished, investigators turned to cybercrime experts with the FBI to help trace activity back the computer/servers the cyber criminals were using. Some of those servers were in the U.S. and Canada.
What kind of harm could Avalanche's efforts have on us?
The Avalanche network was not out for fun and games, which is why they Feds wanted to badly to take them down. The computers and computer systems that were infected with Avalanche-associated malware were often taken over for criminal activity, such as stealing computer users login credentials, plus sensitive personal or company data, such as credit account or banking information. Investigators said that the criminal masterminds could also encrypt user files—making them inaccessible to their owners—and later demand a ransom from the victim to regain access to those files. Avalanche-placed malware gave criminals the power to have unauthorized remote access to infected computers. A network of infected computers was likely used to conduct a certain kind of large-scale attack called a distributed denial-of-service (DDoS) attack.