5 Jun 2014

The man behind the ‘Swiss Army knife’ for hackers – GameOver Zeus

“Cybercrime royalty” – that’s how one security researcher described Evgeny Bogachev, the man the US Government accused on Monday of being behind the world’s most advanced computer crime network.

Mikhailovich

At just 30 years old, he has achieved legendary status among the global underground of hackers who specialise in using computer viruses to haul in vast sums of money.

GameOver Zeus, the virus Bogachev is believed to have crafted, has been responsible for the theft of up £500m in the past few years, making it the largest cybercrime spree in history.

The code was brilliantly effective for two reasons.

Firstly, it could be regularly tweaked and altered making it very difficult for anti-virus software to detect.

Secondly, it was a kind of Swiss Army knife for hackers: once installed secretly on a victim’s machine, it could be used to do anything from turning on the webcam to throwing up fake web pages to trick victims into transferring money from their bank accounts.

Bogachev’s career path is a fascinating glimpse into the development of computer viruses from back bedroom business to a global industry.

Zeus first appeared in 2007, when it was used to steal information from, among others, the Department of Transportation. Pretty soon criminals were using it to target bank accounts – the most direct route to easy profits. Just like legitimate computer software, Zeus’s developers released a steady stream of updates, each of which introduced new functions useful to hackers.

And like legitimate software, it was vulnerable to piracy. By 2010 copies of Zeus could be bought for a few thousand pounds and in May 2011, perhaps inevitably, the code was leaked.

On the one hand it meant anyone could get hold of a copy, but on the other it meant an end to the string of updates that allowed the virus to escape detection.

By this time Bogachev had, according to anti-virus maker McAfee, retired and handed over the code to a competitor. It turns out, according to the US Department of Justice, he was simply moving to a higher level of operation.

GameOver Zeus is a terrifying new development which solves one of the key flaws in the original virus: someone, somewhere had to tell the network of infected computers what to do.

If law enforcement could trace back to this so-called “command and control” computer, they could not only shut the network down, but potentially also identify the criminal.

GameOver Zeus gets round this by using some fiendishly clever tactics. Firstly, infected computers are able to control other virused machines, so among a group of, say 10 victim computers the hacker needs only communicate with one to make the group do his bidding.

Secondly, an infected computer will call out for instructions to hundreds of computer addresses each day. The hacker needs only be sitting at one of the computer addresses to issue instructions. But law enforcement don’t know which one, so they’re faced with the task of following hundreds of false leads.

Unlike other viruses, GameOver Zeus was, to coin a phrase, “not available in shops”. It was the closely guarded property of a relatively small group who used it to steal amounts unprecedented in cybercrime history.

If the charges against Bogachev are correct, he was an integral part of the operation, and had therefore shifted his role from being a master code-writer who made cash from selling his virus, to being one of the world’s greatest hackers-for-hire.

Such a shift may have seen his wealth increase massively, but it’s also earned him a place on the FBI’s most wanted list.

Follow @geoffwhite247 on Twitter.