The creators of the Mariposa botnet have been back in the news this week after a hacker was reportedly arrested in Slovenia.
The Slovenian authorities, working with the FBI, have arrested a 23-year-old man known only by his internet handle of 'Iserdo', and accused him of creating malicious software and selling it to other cyber criminals.
Iserdo is reportedly behind the Mariposa botnet, by supplying the Butterfly botnet kit, which is claimed to be the malicious software behind Mariposa and hundreds of other information stealing botnets that have infected millions of computers worldwide.
Among those involved in the intelligence was Panda Security, whose technical director of its PandaLabs division Luis Corrons, had a personal encounter with the creators and described his experience to SC Magazine.
He commented that back in March, when the story went public, he had talked about the Spanish operators being arrested and that they had bought the bot, but the seller of the botnet had not been mentioned. He said: “This was not because we didn't know who was behind that, but because the FBI kindly asked us not to disclose that information, as they were chasing Iserdo. Who's Iserdo? As far as I know, he is a Slovenian guy, the main developer of the Butterfly bot and he was in touch with Netkairo and was who sold the Mariposa bot to Netkairo.”
Corrons commented that Iserdo's website is down. Panda Security said that the Butterfly kit sold online for between €500 and €1,500 and allowed people with limited computer skills to perpetrate cyber crime on a massive scale. The Butterfly kit has been used to create almost 10,000 unique pieces of malicious software and over 700 botnets.
Juan Santana, CEO of Panda Security, said: “We are extremely proud to be involved in the ongoing effort to fight cyber criminals like Iserdo, but we know that this is just one of many cyber criminals causing harm and there is still much work to be done.
“At Panda Security we strongly believe that the fight against internet crime requires an international collaborative effort from the computer security industry and public institutions. Together we must work to raise public awareness of the threat, push for proper legislation that apply dissuasive sanctions against criminal behaviour, and provide proper training for working groups like the Mariposa Working Group to develop adequate prevention and remediation technologies to prosecute criminals effectively.”
FBI director Robert S. Mueller III said: “In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world. These cyber intrusions, thefts and frauds undermine the integrity of the internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the internet.”
Paul Vlissidis, technical director at independent IT assurance specialist NCC Group, said: “Cyber crime is becoming increasingly sophisticated and, like global business, hackers operate across geographical boundaries. Cross border collaboration is key in cracking international cyber crime cases, ensuring that jurisdictional issues do not hinder an investigation.
“Over the past five years there has been an increase in international co-operation among law enforcement bodies in different countries – as well as security professions – leading to hackers being arrested, prosecuted and sentenced in a way that reflects the seriousness of their crimes, setting an example to deter potential computer criminals.
“The investigation into the Mariposa botnet is a key example of such collaboration, comprising federal and international law enforcement, the FBI, members of a specialist botnet investigative team and a working group, which includes researchers and industry experts. However, while the ability for federal security bodies to fight cyber crime is evolving, so are the methods employed by hackers, making the speed at which security forces battle these threats critical. In turn, it is essential that systems and protocols are established to streamline international co-operation, allowing authorities to remain in step with hackers.”