Long a puzzling challenge, the FBI seems to be making strides in tackling international coordinated scams, in this case, scareware. Scareware, the practice of providing fake infection notifications to users’ computers, and then offering to sell solutions to problems that don’t exist, has been quite a boon as of late for fraudsters. FBI claims the current bust uncovered a ring which had bilked customers out of an estimated $72 million. Not bad for a little scammer work, very bad for unsuspecting customers.
What is interesting is the manner in which the FBI was able to coordinate the bust with 7 other countries, a none-too-trivial feat. While they were able to seize 22 computers in the U.S., there were also 25 computers in France, Germany, Latvia, Lithuania, the Netherlands, Sweden, and the United Kingdom. The U.S. Justice Department made the announcement, noting that it was a coordinated effort between law enforcement in all the host countries, definitely not a one-man-band.
This follows trends we’ve been noting for some time. Scam operations of all different flavors rely heavily on a global distributed approach, not a single attack source. This makes law enforcement jump though amazing hoops to try to bring legally binding prosecution, especially trying to comply with local laws in all countries who may be involved, and not get the case thrown out for a single improper procedure, no trivial task. To add to the difficultly, tracking a complex operation realtime, which is likely to have a dynamic nature, will have resources (and evidence) moving seamlessly from one country to another. This means law enforcement would need incredibly fast response and tracking information to have any prospect of getting to the “smoking keyboard” before it sprints to another country and/or jurisdiction.
Understandably, the techniques aren’t forthcoming, and for good reason, for every one caught there are multiple others that they still hope to, so we’ll see what the half-life is of their current bag of tricks. As malware and attacks continually morph to avoid detection, techniques to pursue their makers must also, keeping law enforcement on its toes. Latvian authorities seized 5 bank accounts believed to be connected to the scam, giving a clue of where the nexus of the operation affecting an estimated 960,000 victims may have been.
Author Cameron Camp, ESET