Cybercrime, police-FBI blitz against “Andromeda network” hackers
A blitz at the end of a joint investigation by the Italian police and the US FBI has dismantled the Italian branch of the infamous “Andromeda Network”: it is one of the most enduring and insidious “botnets” operating worldwide, responsible for the infection of millions of computers used by hackers to spread large-scale computer viruses. The Postal and Communications Police service, under the direction of the Rome Public Prosecutor, dismantled 2 ‘command & control’ servers and around 150 domains located in Italy. The investigation was carried out in close collaboration with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Center (Ec3), the Joint Task Force for IT Crimes (J-CAT), Eurojust and Private – Industry Partners. Together, international partners have acted against 1500 servers and domains, which have been used to spread Andromeda malware.
It is, in technical jargon, a botnet, a network of hundreds of thousands of computers infected by cyber criminals to take control without the knowledge of the legitimate owners. PCs can then be maneuvered and used as a vehicle for commissioning countless computer crimes. Owners of infected computers (meaningly, computer-zombies) do not suspect anything. All they notice is that their PCs are a little slower than usual. Taking control of systems, hackers are able to exploit them to carry out large-scale illegal activities, such as the theft of personal data, passwords, credit card numbers, addresses, phone numbers and sensitive data.
The operation started a year ago, when, after more than four years of investigations, the Verden Public Prosecutor’s Office and the Luneburg Police (Germany), together with the US authorities and the European agencies Europol and Eurojust, took over the ‘existence of an international criminal infrastructure called Avalanche, used to launch, distribute and manage global malware attacks, including Andromeda. Sharing the data acquired during the Avalanche operation laid the foundations for the creation, at a global level, of a task force made up of investigators from 15 countries, through which the Andromeda survey: Austria, Belgium, Finland, France, Italy, Netherlands, Poland, Spain, United Kingdom, and Australia, Belarus, Canada Montenegro, Singapore and Taiwan. Patiently reconstructed the complex network of servers and computers that made up the botnet, the police and judicial authorities of the 15 countries have thus initiated a coordinated simultaneous extinguishing action (technically called ‘takedown’) of the infected computer systems, which led to the disruption of the criminal structure.