In what’s been billed as a first-of-its-kind operation, law enforcement agencies around the world recently banded together to take down major cyber criminal infrastructure that officials said targeted multitudes of victims and caused hundreds of millions of dollars in damages globally.
Over a couple of days in late May, “Operation Endgame” led to the arrests of four people in Ukraine and Armenia, the dismantling of more than 100 malicious computer servers worldwide, and the seizure of over 2,000 domains, according law enforcement in the US and Europe.
One of the main suspects raked in at least $70 million in cryptocurrency by “renting out criminal infrastructure sites to deploy ransomware” according to Europol, the law enforcement agency of the European Union that conducted the operation along with other agencies, including the FBI.
Cybersecurity experts told Business Insider that the takedown is a pivotal step forward in the ongoing war against cybercrime. However, they said, the fight can’t end here, as cybercrime is one of the biggest threats facing humanity.
“It’s not like this is going to solve the problem, but it’s a great step in addressing it,” said Adam Wandt, a cybercrime investigations expert and a public policy professor at New York’s John Jay College of Criminal Justice.
‘Largest ever operation against botnets’
Europol called the sting the “largest ever operation against botnets, which play a major role in the deployment of ransomware.”
“This worldwide operation, involving law enforcement authorities from 13 countries, led to a significant disruption of criminal activities,” Europol spokesperson Ina Mihaylova told Business Insider, noting the effort was also supported by the private industry.
Mihaylova called the scale of the operation “unprecedented in the cyber domain.”
FBI Director Christopher Wray said in a statement that the agency “used joint and sequenced actions to run a first-of-its-kind international operation and debilitate the criminal infrastructure of multiple malware services.”
As part of the operation, the law enforcement agencies shut down at least four malware groups or “droppers” known as “IcedID,” “Smokeloader,” “Pikabot,” and “Bumblebee.”
According to the FBI, these droppers, designed to install malware onto computer systems, “infected millions of computers and claimed countless victims around the world and throughout the United States, including a hospital network, which not only cost millions of dollars but alarmingly put people’s lives at risk due to the compromised critical care online system.”
“This is taking down computer servers, which are affecting all of us,” said Wandt, who explained that the hackers behind the botnets are “going for money, and they don’t care who they go for or how they get it.”
“This could be my grandmother sitting at home, this could be a large bank. It doesn’t matter,” he said.
Wandt and other experts said the takedown of 100 malicious servers is a small number when compared to the vast number of servers that run botnets around the globe but that it’s nonetheless important.
“That doesn’t mean that it was a small number in the amount of fraud that it was committing,” said Wandt.
Ransomware ‘wreaking havoc around the world’
Tracy Beth Mitrano, a cybersecurity policy expert and a visiting professor of information science at Cornell University, called “Operation Endgame” a “significant step,” but said “it’s not significant in terms of the total scope of the problem.”
“Ransomware has just been wreaking havoc around the world,” Mitrano said. “It’s been ripping through the United States.”
Mitrano emphasized the importance of the US working with other countries around the world to combat cybercrime and called for international law, treaties, and agreements “to establish rules of the road in cyberspace.”
“The war will not be won until there are international laws and standards that bring countries together,” said Mitrano.
Mitrano said “Operation Endgame,” is a “very important first step, but we have to keep going.”
“Cyber insecurity is one of the biggest threats we face on the globe today,” she said.
Thomas Holt, a cybersecurity expert and professor in the School of Criminal Justice at Michigan State University, said the coordinated effort of countries around the globe working to fight cybercrime as was done in “Operation Endgame” is “absolutely necessary.”
“Cybercrime is such a distributed problem,” he said, noting that cybercriminals can target “anyone anywhere with relative ease, and the likelihood of detection is really, really low.”
So any attempt at cracking down on cybercrime is a positive, Holt said.
“It’s a net gain in terms of complicating networks or forcing short-term behavioral change on the market and the actors,” said Holt. “It may not create these long-term sustained drop-offs, but it at least provides a short-term benefit.”
Holt said he does not believe cybercrime will ever be stopped, “But what I think we can do is produce complexities for the offender, making it harder for them to actually engage in an offense like running a botnet.”
The “biggest problem” in the malware world, according to Holt, is that there is always a different iteration of malware on the horizon.
“Over the last decade, it has been ransomware primarily, but there’s going to be an eventual pivot away from ransomware to something else,” he said. “We don’t know exactly what that something else is yet.”
And artificial intelligence “will certainly simplify the process” for cyberattackers, said Holt.
Cybercriminals “don’t have the same degree of difficulty or barriers to entry that we had in the 80s, the 90s, and even the early 2000s,” Holt said.
“Now it’s flattened to a point where as long as you have money, you can buy personal data, you buy credit card numbers, rent out denial of service attacks on demand or botnets,” he said. “So you don’t even need to know what you’re doing. You just need to have a cursory understanding and dollars in your pocket.”
Last month, Wray, the FBI director, pledged the agency’s ongoing commitment to combatting cybercrime.
“The fight against borderless cybercrime does not end here, and the FBI is committed to tackling this ever-evolving threat,” he said.