Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. Cyber experts at the Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks.
“Cyber police officers, together with investigators of the Main Investigative Directorate of the National Police of Ukraine, under the procedural guidance of the Prosecutor General’s Office of Ukraine, exposed a large-scale service for mass distribution of electronic messages.” states the press release published by the Ukrainian police. “It is established that all works of the service are carried out exclusively at the request of interested clients. With this resource, it was possible to buy activated accounts in large numbers to various mail resources, social networks, payment systems and more. At the same time, verified accounts were also sold, the cost of which was much higher.”
Operators behind the bot farm were offering large numbers of active accounts for multiple online services that their customers used to carry out spam campaigns.
The Ukrainian Police raided houses, apartments, garages and rented offices in six Ukrainian cities (Kiev, Odesa, Lviv, Nikolaev, Rivne, and Kherson) and seized equipment used in the bot farm, including multi-SIM card modems and electronic equipment used to
Crooks were using the SIM cars to register accounts on various services that require a phone number for the verification of users’ identity. Crooks were preserving their anonymity using VPN and TOR services.
Police officers and the Main Investigative Directorate of Ukraine’s National Police carried out searches at houses, apartments, garages and rented offices where the group set up the illegal activity.
To anonymize the bot farm traffic, the operators ran connections through VPN services and the Tor network. Details of how the officers were able to discover the physical addresses remain undisclosed.
Authorities will analyze the seized equipment in an attempt to collect additional information on the crime rings.
“The pre-trial investigation is ongoing within the framework of the previously initiated criminal proceedings under Art. 1889 (Requirement), Art. 258 (Terrorist Act), Art. Measures are being taken to prosecute those involved in the organization of such activities. ”
Today I had the pleasure to write a post on another successful operation conducted by law enforcement. A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof hosting service.
The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide.