Deputy Attorney General James Cole Delivers Remarks at Press Conference for Gameover Zeus and Cryptolocker Operations
Good afternoon and welcome, everyone.
Today, we are here to announce that, over the weekend, the Department disrupted two extremely damaging cyber threats – the financial botnet known as Gameover Zeus and the malicious software known as Cryptolocker. Gameover Zeus has secretly diverted millions of dollars to bank accounts of criminals across the globe while Cryptolocker – a ransomware scheme – has shutout hundreds of thousands of users from their own computers and data and demanded that victims pay to get access back to their own machines and information.
We also have identified and charged one of the leaders of the Eastern European cybercriminal gang that is responsible for these schemes. Evgeniy Bogachev, a Russian national, has been indicted in Pittsburgh, Pennsylvania for his role as an administrator of the Gameover Zeus botnet. Bogachev – a true 21st Century criminal who commits cybercrimes across the globe with the stroke of a key and the click of a mouse – is also charged in a newly unsealed criminal complaint in Omaha, Nebraska, for orchestrating a related botnet scheme. These crimes have earned Bogachev a place on its list of the world’s most-wanted cyber criminals.
As alleged in the unsealed indictment, Gameover Zeus is the most sophisticated and damaging botnet we have ever encountered. Frequently targeting the computers of small and mid-size businesses, the Gameover Zeus software intercepts passwords and other private information that can be used to conduct wire transfers, and then initiates or re-directs wire transfers from victims’ bank accounts to foreign bank accounts controlled by the criminals. Individual fraudulent wire transfers conducted through Gameover Zeus commonly exceed $1 million. At least one fraudulent wire transaction amounted to $6.9 million. Security researchers estimate that between 500,000 and 1 million computers worldwide are infected with Gameover Zeus, and that approximately 25 percent of the infected computers are located in the United States. The total losses worldwide are unknown, but we believe that losses exceed $100 million to U.S. victims alone. Because many of the victims are small- and mid-sized businesses, their accounts typically do not have the same legal protections afforded to consumer accounts, so such losses can be devastating.
Cryptolocker is a form of “ransomware,” a type of malicious software that prevents victims from accessing their computer files until they make a ransom payment to the criminals. It is the most sophisticated form of ransomware we have yet seen. Once it infects a victim’s computer, Cryptolocker encrypts its files and displays a ransom note on the screen, instructing victims to pay hundreds of dollars – typically in the cryptocurrency Bitcoin – to receive a password to decrypt their files. As of April 2014, Cryptolocker had attacked more than 200,000 computers, and more than half of those attacks occurred here in the United States. In its first two months of operation alone, it has been estimated that the criminals behind Cryptolocker collected over $27 million in ransom payments from victims seeking to get access to their files back.
As you will hear described in a moment, this law enforcement operation deployed innovative legal and technical approaches designed to block and disrupt these malicious computer codes, at the same time we used traditional legal tools to collect and seize evidence and to identify and charge those involved. We worked with private-sector security experts to master the Gameover Zeus software and expose its weaknesses; we obtained a criminal investigative order from a federal court to identify the infected computers; and we obtained a civil order from the same court to establish a new server so that the infected computers could be redirected and stopped from surreptitiously communicating with computers controlled by the criminals.
This operation simply would not have been possible without the strong partnerships we have established with other governments and with private industry. The Gameover Zeus botnet affects victims around the world and rests on cyber infrastructure set up by the criminals in a half dozen countries. So our success has depended heavily on our close coordination with our law enforcement counterparts around the world. And we have worked extremely well with private sector industry leaders, who provided needed assistance to identify and research malware, and to pinpoint and fix the software vulnerabilities that the criminals have exploited. This flexibility, and these combinations – of traditional and innovative legal and technical tools, and of multi-national and multi-stakeholder partnerships – are what is required to combat modern cyber threats like Gameover Zeus and Cryptolocker.
And now, I am especially pleased to welcome Leslie Caldwell, who has recently taken the reins as the Assistant Attorney General for the Criminal Division of the Justice Department. I would also like to welcome Dave Hickton, the United States Attorney for the Western District of Pennsylvania, and Robert Anderson, the Executive Assistant Director of the FBI. They will now describe today’s operation in greater detail. Finally, I would like to welcome Phyllis Schneck of the Department of Homeland Security, who will discuss how victims can ensure that they are properly cleaning and securing their computers.
Updated September 17, 2014