Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Facebook, researchers turn up heat on Koobface gang

Jeremy Kirk | Jan. 18, 2012
Security researchers are worried that the alleged Russia-based authors of Koobface, a piece of malicious software that plagued social networking sites such as Facebook, may slip away before law enforcement can catch them.

Danchev published more than 35 photographs of Korotchenko, including his ICQ name, phone number, email addresses and nicknames on Flickr, Twitter, Foursquare and, a Russian social networking site.

Kollberg of Sophos had also collected much information on Korotchenko, who was an avid user of Foursquare, a location-based application where people can "check in" to places. Korotchenko frequently did, up to three or four times a day. Kollberg plotted Korotchenko's check-in locations and posts on Twitter into Google Earth.

"It looks awesome," Kollberg said. "You can take a tour and follow his trail."

But the trail may soon grow cold. Since the public release of the information, all of Korotchenko's accounts have vanished. The release may pose a larger problem for the FBI, which Kollberg said Sophos has had contact with since December 2009 on the case.

The FBI does not confirm ongoing investigations. Spokeswoman Jenny Shearer said on Tuesday she could not comment on Koobface. The FBI has agents that specialize in cybercrime investigations in the Ukraine, Romania, Estonia and the Netherlands, but does not have those kinds of agents based in the U.S. Embassy in Moscow, she said.

Russia has been frequently characterized as a hotbed of cybercrime and security researchers have noted that the country is difficult to work with on investigations. Russia is not a party to the Convention on Cybercrime, also known as the Budapest Convention. The treaty, which was opened for signatures in November 2001, sets guidelines for laws and procedures for dealing with Internet crime. Russia has opposed the treaty on grounds that it contains provisions the country alleges violate international law norms and countries' sovereignty.

Cybercriminals can take advantage of the lack of coordination between countries and "hide between the cracks," said David Emm, senior security researcher for the Russian security vendor Kaspersky Lab. "It's great to have joined-up initiatives, but actually if some of the key areas in terms of cybercrime development are not signed up, that leaves a bit of a hole," he said.

The alleged creators of Koobface may take advantage of that and try to melt away or assume other identities now that the heat has been turned up, said Alex Kuzmin, the U.S. director for Group-IB, a security company based in Moscow.

"We certainly think that exposing further information on those individuals involved in the Koobface botnet ... might in fact spoil or harm the ongoing investigation," Kuzmin said.

It is not unprecedented for Russian cybercriminals to occasionally take drastic action to avoid getting caught, including obtaining fake identification and even plastic surgery, Kuzmin said.

Group-IB tracked a man who targeted a Russian e-payments provider called QIWI, Kuzmin said. He was nearly apprehended in 2009 by Russian police, but fled to western Siberia where be obtained fake identification, had plastic surgery and "returned to the cybercriminal underworld as a new man" before eventually being caught, Kuzmin said.


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.