Well, gee, ummm, thanks but. Hmmm…
FBI disrupts cybercrime operation by wiping malicious programs from hundreds of thousands of computers
Story by Kevin Collier •1h
The FBI quietly wiped malicious programs from more than 700,000 computers around the world in recent days, the agency said Tuesday, part of an operation to take down a major component of the cybercrime ecosystem.
The operation’s goal was to disrupt a long-running botnet, a network of computers linked together by the same malicious programs, called Qakbot. Qakbot is a versatile tool that has long been available for rent to cybercriminals who use it to gain initial access to a victim’s computers or files.
Botnets often rely heavily on hacking and exploiting computers that belong to individuals or companies who usually have no idea that their devices are moonlighting as an accomplice to cybercriminals. It is rare and often legally complicated, though not unprecedented, for the FBI to convince a court to let it kick hackers out of victims’ computers without their knowledge.
The FBI got a court’s permission to proceed with the operation on Aug. 21, according to a copy of the warrant. Agents proceeded to hack into Qakbot’s central computer infrastructure four days later, the FBI announced, and forced it to tell the computers in its botnet to stop listening to Qakbot.
Keith Jarvis, a senior researcher at the Atlanta cybersecurity company Secureworks, which was monitoring the botnet and its takedown, told NBC News that most computers infected with Qakbot were likely effectively fixed in the first few hours of the FBI operation.
In a media call after the announcement, an FBI official who requested not to be identified, said that the FBI developed a particular removal tool for the operation. Victims will not be notified that their devices had been fixed or that they had ever been compromised, he said.
However, the FBI gave the names and email addresses of some of the people who had been hacked to Have I Been Pwned, a website that allows anyone to check if they appear in certain major data breaches. Have I Been Pwned added 6.4 million email accounts tied to Qakbot to its database on Tuesday.
The FBI’s announcement said that law enforcement agencies in France, Germany, the Netherlands, the United Kingdom, Romania and Latvia all participated in the Qakbot takedown. The FBI official declined to say whether anyone was arrested as part of the Qakbot takedown or if any governments were part of the cybercriminal operations.
Bradley Duncan, a researcher at Palo Alto Networks, said that while some of the largest cybercrime gangs use Qakbot to infect companies, schools and hospitals with disruptive ransomware, the FBI’s action was unlikely to translate into a major reduction in cyberattacks. Hackers have plenty of other ways to break in, he said.
“Although any disruption is good, Qakbot’s disruption may not make a massive dent in ransomware operations,” Duncan said.