Avalanche Network Stopped

How extensive was the effort to bring down Avalanche?

Authorities from 30 countries and investigative agencies, including Interpol and Europol, participated in the operation. The goal was to “block and sinkhole” more than 800,000 malicious Avalanche domains that were responsible for significant monetary losses.

Acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania, was actively involved in the investigation. “The takedown of Avalanche was unprecedented in its scope, scale, reach and cooperation among 40 countries,” Acting Attorney Song said. “This is the first time that we have aimed to and achieved the destruction of a criminal cyber infrastructure while disrupting all of the malware systems that relied upon it to do harm.”

These were not harmless garage-based hackers. Avalanche was a big target and a huge victory, based on the scope of their illegal online deeds. “The Avalanche network, which has been operating since at least 2010, is estimated to involve hundreds of thousands of infected computers worldwide,” according to the FBI. “The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network.”

What kind of illegal activity was Avalanche up to?

According to a story about the event in USA Today, “Avalanche acted as a criminal company that sold and rented criminals cloud-hosted software which allowed them to take over systems, infect networks, launch ransomware or create enormous robot networks to send spam. A cybercrime security strategist was quoted as saying that Avalanche, “would do whatever you wanted. You just had to call them, say ‘I need command and control service,’ or ‘I need to infect this type of people or this type of business,’ and they’d do it.” Of course, they did all that service for a price. In many ways, this type of network starts to run like a legitimate software business. Only this software does damage to other computers and innocent victims.

Who else was involved, beside the FBI and Interpol?

As you might imagine, it took a collection of agencies and organizations working together to bring down such a large target. Assisting in the effort were the Department of Homeland Security’s U.S.-Computer Emergency Readiness Team (US-CERT), the Shadowserver Foundation, Fraunhofer Institute for Communication, Registry of Last Resort, ICANN and domain registries from around the world. The Criminal Division’s Office of International Affairs also provided significant assistance.

The big break for authorities came when police in Germany “reverse engineered” the malicious code that Avalanche was using. Once that was accomplished, investigators turned to cybercrime experts with the FBI to help trace activity back the computer/servers the cyber criminals were using. Some of those servers were in the U.S. and Canada.

What kind of harm could Avalanche’s efforts have on us?

The Avalanche network was not out for fun and games. That’s why the Feds wanted to badly to take them down. The computers and computer systems that were infected with Avalanche-associated malware were often taken over for criminal activity. That included stealing users’ login credentials, plus sensitive personal or company data, such as credit account or banking information. Investigators said that the criminal masterminds could also encrypt user files—making them inaccessible to their owners. Then they could later demand a ransom from the victim to regain access to those files. Avalanche-placed malware gave criminals the power to have unauthorized remote access to infected computers. A network of infected computers was likely used to conduct a kind of large-scale attack called a distributed denial-of-service (DDoS) attack.