Koobface gang turns off command servers, as Russian police explain lack of action

Filed Under: Facebook, Featured, Law & order, Malware, Social networks

Facebook logo and Koobface suspectsThe publication of a detailed investigation into alleged members of the Koobface malware gang appears to have had an instant impact.

The C&C (command and control) servers at the heart of Koobface have stopped responding, and the individuals uncovered by the report have been busy deleting their profiles on social networks, where they had left digital clues as to their identities.

Although social networking accounts have been wiped, security researchers and law enforcement agencies have archives of the vast amount of material already published by Koobface gang members, including photographs, movies, and locations as they checked into sites such as FourSquare.

That data can be used in a variety of ways. For instance, FourSquare logins can be displayed on Google Earth, allowing researchers to replay how individuals have moved from place to place at certain times.

Locations tracked on FourSquare, displayed on Google Earth

Ryan McGeehan, a member of Facebook's security team, was quoted in the press, expressing his delight that releasing information about the five men's alleged activities had already had an impact:

"The thing that we are most excited about is that the botnet is down. Our decision to become transparent about this has had a 24-hour impact. Only time will tell if it's permanent but it was certainly effective."

Meanwhile, Russia's anti-cybercrime unit has claimed that there's a very good reason that it hasn't investigated the Koobface gang - it hasn't been asked to.

According to a report from Reuters, the Interior Ministry's K Directorate says that it has received no official request to look into the activities of the Koobface gang, alleged to be based in St Petersburg.

"An official request needs to be filed to the K Directorate first, and when it's filed, we will certainly investigate and work on it," said Larisa Zhukova, a representative at the cyber unit, told Reuters. "The request must come from the victim, that is Facebook. Because anyone can say or write anything, but it is all unfounded so far."

All that we see from this is that it can be very difficult to co-ordinate investigations into cybercriminal activity when there are multiple countries involved. One thing is clear, however, the people identified in the report are clearing up the various breadcrumbs they have left lying around the net.

Read: The Koobface malware gang - exposed!

, , ,

You might like

8 Responses to Koobface gang turns off command servers, as Russian police explain lack of action

  1. busybevie · 825 days ago

    It has been my experience that cockroaches like this just move on and resurface elsewhere. Until they are captured and imprisoned they remain a threat.

  2. bigugly · 825 days ago

    An interesting concept for the police to adopt - "No-one formally asked me to investigate this burglary/murder/assault, so i haven't done anything about it."

    What do they do about murders, I wonder - wait till the victim is reincarnated so he can make a complaint?

    • LLCJ826 · 825 days ago

      This is typical of any beureuacracy; the bigger an organization gets, the more it resists any kind of movement.

    • anon · 825 days ago

      This could be code for "We don't have to resources at this time to investigate this".

    • someone · 824 days ago

      This is normal behaviour in a free country.
      Police forces are not allowed to investigate anything on their own. They need to be mandated by someone.

      When there's a murder you first have someone reporting a corpse found or a missing person or hearing shots. Only then they will investigate.

      Any state allowing its police force to search homes or people for no apparent reason is a totalitarian state.

  3. Guest · 825 days ago

    Well, this is Russia ;)

  4. fred · 824 days ago

    Everyone knows you have to submit requets in triplicate and after two mails the third is put in the spamfolder and ignored. Doh!

  5. Bill · 823 days ago

    The russian police are almost as bad as the Bank of America IRA department...No, Bank of America IRA department is a far less competent.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.