The publication of a detailed investigation into alleged members of the Koobface malware gang appears to have had an instant impact.
The C&C (command and control) servers at the heart of Koobface have stopped responding, and the individuals uncovered by the report have been busy deleting their profiles on social networks, where they had left digital clues as to their identities.
Although social networking accounts have been wiped, security researchers and law enforcement agencies have archives of the vast amount of material already published by Koobface gang members, including photographs, movies, and locations as they checked into sites such as FourSquare.
That data can be used in a variety of ways. For instance, FourSquare logins can be displayed on Google Earth, allowing researchers to replay how individuals have moved from place to place at certain times.
Ryan McGeehan, a member of Facebook’s security team, was quoted in the press, expressing his delight that releasing information about the five men’s alleged activities had already had an impact:
"The thing that we are most excited about is that the botnet is down. Our decision to become transparent about this has had a 24-hour impact. Only time will tell if it's permanent but it was certainly effective."
Meanwhile, Russia’s anti-cybercrime unit has claimed that there’s a very good reason that it hasn’t investigated the Koobface gang – it hasn’t been asked to.
According to a report from Reuters, the Interior Ministry’s K Directorate says that it has received no official request to look into the activities of the Koobface gang, alleged to be based in St Petersburg.
“An official request needs to be filed to the K Directorate first, and when it’s filed, we will certainly investigate and work on it,” said Larisa Zhukova, a representative at the cyber unit, told Reuters. “The request must come from the victim, that is Facebook. Because anyone can say or write anything, but it is all unfounded so far.”
All that we see from this is that it can be very difficult to co-ordinate investigations into cybercriminal activity when there are multiple countries involved. One thing is clear, however, the people identified in the report are clearing up the various breadcrumbs they have left lying around the net.
Read: The Koobface malware gang – exposed!
8 comments on “Koobface gang turns off command servers, as Russian police explain lack of action”
It has been my experience that cockroaches like this just move on and resurface elsewhere. Until they are captured and imprisoned they remain a threat.
An interesting concept for the police to adopt – "No-one formally asked me to investigate this burglary/murder/assault, so i haven't done anything about it."
What do they do about murders, I wonder – wait till the victim is reincarnated so he can make a complaint?
This is typical of any beureuacracy; the bigger an organization gets, the more it resists any kind of movement.
This could be code for "We don't have to resources at this time to investigate this".
This is normal behaviour in a free country.
Police forces are not allowed to investigate anything on their own. They need to be mandated by someone.
When there's a murder you first have someone reporting a corpse found or a missing person or hearing shots. Only then they will investigate.
Any state allowing its police force to search homes or people for no apparent reason is a totalitarian state.
Well, this is Russia 😉
Everyone knows you have to submit requets in triplicate and after two mails the third is put in the spamfolder and ignored. Doh!
The russian police are almost as bad as the Bank of America IRA department…No, Bank of America IRA department is a far less competent.