5 million victims, $500 million stolen: Microsoft and FBI finally take down Citadel botnet

Microsoft’s Digital Crimes Unit has announced the successful disruption of a data-stealing botnet estimated to have accumulated over half a billion dollars for a cybercrime ring.

The unit worked alongside the FBI and a host of financial services to dismantle more than a 1,400 systems that formed part of the sprawling Citadel botnet, responsible for around £320 million in losses to people and businesses around the world.

Due to the scale and complexity of Citadel, Microsoft does not expect to fully take down all systems using the malware, but says the collaborative movement to tackle the threat - codenamed b54 – will “significantly disrupt Citadel’s operation, helping quickly release victims from the threat and making it riskier and more costly for the cybercriminals to continue doing business.”

The investigation into the attacks began in early 2012, when Microsoft and its partners discovered that Citadel used keylogging to record victims’ keystrokes and collect banking details and other information relating to personal identities. This enabled the cyber-criminals to log in directly to various accounts and “quietly pilfer” money from victims.

It is thought that Citadel affected more than 5 million people, with the highest number of infections taking place in Europe, the US, Hong Kong, Singapore, India, and Australia.

“The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world,” said Brad Smith, Microsoft general counsel and executive vice president of Legal and Corporate Affairs. “Today’s coordinated action between the private sector and law enforcement demonstrates the power of combined legal and technical expertise and we’re going to continue to work together to help put these cybercriminals out of business.”

FBI Executive Assistant Director Richard McFeely spoke of the importance of collaboration when tackling global cybercrime. “Creating successful public-private relationships — in which tools, knowledge, and intelligence are shared — is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI,” he said.

“We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible.”

The UK government is hoping to foster a similar collaborative approach to tackling cybercrime via the the Cyber Security Information Partnership (CISP), launched in March. The project aims to facilitate the sharing of intelligence between the public and private sectors so emerging threats are dealt with more effectively than previous law enforcement operations.

We asked whether the anti-cybercrime initiative had the potential to transform the war online.