Quebec police on Thursday said they had brought down a network of computer hackers that turned thousands of machines into zombies and caused $45 million of damage in several countries.
Police arrested 17 people from Montreal, Jonquière, Rivière-du-Loup and Notre-Dame-du-Portage, among other cities. Ranging in age from 17 to 26 years old and including three minors, the suspects were released on their own recognizance.
Quebec Police Lieutenant Frédérick Gaudreau explained in a press conference that the suspects used software and other techniques to infect “thousands, indeed millions of computers” in order to turn them in zombies and to manage them remotely via the Internet.
The affected computers are believed to be involved in a number of attacks on Web sites, data theft, identity theft and other crimes. Police believe the suspects rented out use of the zombie network to third parties for malicious activities.
The suspects face charges of illegally using a computer to commit crimes and the possession of passwords used to commit an offence. The charges carry a maximum penalty of 10 years in prison. Other charges may follow once the computers seized in the raid have been analyzed.
On a table next to Lieutenant Gaudreau sat two pieces of evidence: computers and several bays of hard discs.
Gaudreau said the investigation had begun in the summer of 2006, following complaints by businesses, governmental institutions and other organizations.
The identity of the complainants, the motives of the suspects and the methods used to apprehend the suspects were not revealed as the investigation is continuing, police said. Gaudreau was also unable to confirm whether the suspects were affiliated with traditional organized crime gangs. The investigation was carried out with help from the RCMP and international law enforcement agencies.
Police said 39,059 computers were infected in Poland, 28,458 computers in Brazil, 26,169 computers in Mexico, 9,431 computers in Argentina and 8,510 computers in Germany. At least 3,383 computers would have been infected in Canada. Gaudreau indicated that some countries had systems which were poorly protected and vulnerable to botnets.
The damages include estimated costs to repair the systems of businesses affected by the attacks, not the value of the data or identities stolen. Those costs will be brought before the courts, police said.
Although the majority of compromised machines were probably personal PCs, it should still serve as a wake-up call to corporations around endpoint security, particularly in light of potential liability of corporate assets, said Mike Haro, senior security analyst with Boston, Mass.-based security technology vendor Sophos Inc.
“The fact that it makes headlines in Canada today, hopefully Canadian-based businesses will look at this and say, ‘What are we doing to ensure our company assets are not part of any kind of botnet?’” he said.
Corporations can protect themselves, said Haro, by employing network access control technology to ensure appropriate endpoint security like patch management and use of up-to-date patches.
Other preventative measures include heuristic space approach to seek out new variances, he added.
However, given that most IT budgets aren’t getting any larger and that a large portion of it is already allocated to security spending, Haro suggested corporations look to their security technology partners to assume greater responsibility.
Although the security technology is necessary, Haro acknowledged the need for processes given that endpoint security is still very much a user behavioural issue.
Actually, he said Sophos’ latest threat research indicates 6,000 machines are infected daily. “Surprisingly, the majority of those sites are not only adult-type sites, but we’re seeing legitimate sites being infected with malware,” he said.