But instead of digitally
hijacking masses of credit card numbers,
the “Zotob” malicious
code that hit the Internet in August caused
countless computer systems worldwide to
sputter and crash. Operations at major
U.S. corporations and news outlets, for
example, ground to a halt as computers
began to spontaneously reboot.
That got the attention
of the FBI. We quickly launched
an investigation, gathering information
from Microsoft and other private and
public sector partners. Then, we forensically
analyzed the computer code for possible
clues about its origins and used legal
processes to identify its possible authors.
In no time, we’d traced the worm
to Turkey and Morocco.
That’s where our investigation
would have ended if not for the support
and cooperation of our international
colleagues. Authorities there agreed
to help, and, in turn, our Legal
Attaché offices in Turkey and
Morocco offered to lend the investigative
expertise of our “Cyber
Action Teams,” or CATs.
What are CATs? Small,
highly trained teams of FBI agents, analysts,
and computer forensics and malicious
code experts who travel around the world
on a moment’s notice to respond
to cyber intrusions. Along the way, they
gather vital intelligence on emerging
threats and trends that helps us identify
the cyber crimes that are most dangerous
to our national security and to our economy.
With the permission of our international
counterparts, two CATs were en route
to Turkey and Morocco with their computer
gear in tow less than 72 hours after
Zotob struck. (As a rule, our self-sustaining
CATs bring along enough computer forensics
equipment and other hardware and software
necessary to run an investigation for
up to six months.)
Once on the ground, the CATs continued
forensically analyzing the malicious
code, then shared with Turkish and Moroccan
authorities the information they'd gathered—including
IP addresses, e-mail addresses, names
linked to those addresses, hacker nicknames,
and other clues uncovered in the computer
code.
Turkish and Moroccan law enforcement quickly
analyzed and acted on that information,
arresting two suspected Zotob perpetrators
less than eight days after the malicious
code hit the Internet. CAT computer forensic
experts verified that the code found on
seized computers matched what was released
into cyberspace.
The Zotob investigation continues. Turkish
authorities have possibly linked one of
the suspects arrested to a larger credit
card theft ring. Our CAT investigators
remain in contact with law enforcement
officials in Turkey and Morocco, and additional
arrests are expected.
The
Turkish and Moroccan hackers must have
thought they had come up with a brilliant
moneymaking scheme: release a computer
worm into cyber space, then sit back
and watch it steal credit card numbers
and other financial information from
thousands of infected computers around
the globe. 