Carberp: the end of the story
Three days ago “Kommersant. Ukraine ”told about the detention of the attackers who formed the backbone of the Carberp group. Even a little pity that this story is over. First of all, because Carberp has become a kind of symbol from which many journalists' eyes lit up, and some antivirus experts, by the way, even considered it a threat to the century.
We will not argue here whether this threat was significant, but we assure that no cyber threat can be considered eternal and insurmountable. And, again, not only due to the efforts of anti-virus companies that can develop an antidote, or, say, the efforts of virus writers who simply invent something new ... In principle, those who are involved in creating and distributing malware can simply catch the law enforcement structures. This, of course, does not happen as often as we would like, but ... it happens.
So, in the history around Carberp there are interesting nuances. It seems that the wave of news around this Trojan has subsided somewhat. And back in 2012. However ... At the end of March, representatives of a foreign antivirus company in Russia wrote about the emergence of a “new modification of the Carberp Trojan program capable of using legal software to steal money and also bypass the two-factor authentication mechanism using one-time passwords”. Moreover, in their blog on Habrahabr, they stated that the Carberp group still ranks first among similar groups that engage in banking fraudulent operations in Russia and Ukraine.
And here, just a few days later, the Ukrainian Kommersant broke out in a sensation - the Security Service of Ukraine, together with the Federal Security Service of Russia, stopped the activity of a group of cyber fraudsters who had stolen more than $ 250 million over the past five years. However, we will explain that we are talking about the Carberp grouping and its “creation”.
')
According to Kommersant. Ukraine ”, the operation to develop a group of cyber frauds, the department of counterintelligence protection of state interests in the field of information security of the SBU spent about a year. On the territory of Ukraine, fraudsters operated from 2009, and before that they had worked in a similar way in the Russian Federation. In total, in Ukraine and Russia, they allegedly managed to steal more than $ 250 million. According to the SBU, there were about 20 people in the group, with an average age between 25 and 30 years. “These were programmers working remotely in Kiev, Zaporizhia, Lviv, Kherson and Odessa. As a rule, they did not know each other, each was responsible for his own part of the development of a software module. Then the data was transferred to the main server in Odessa, where the main organizer, a 28-year-old Russian citizen, worked, ”the source added.
What's so surprising? - you ask us. On March 26, 2013, our colleagues in the industry talk about the new Carberp modification (which almost no other antivirus company knows about), that its creators are still extremely dangerous, and on April 2, 2013, “Kommersant. Ukraine "announces the capture of the authors Carberp. But the fact is that we knew firsthand about the investigation of the whole story with the Carberp law enforcement agencies. And, although “Kommersant. Ukraine "wrote about this on April 2, 2013, the event happened much earlier. Everyone who was involved in the development and distribution of Carberp was detained on March 19, 2013.
We understand that our colleagues might have delayed their publication of their news. However, in our industry, the efficiency of information goes hand in hand with the need to communicate verified facts. Let it be so.
PS
By the way, if you think that this is the end of the story with the so-called "banking Trojans", then no, by ... Sharks smell of profit. Unfortunately…
We will not argue here whether this threat was significant, but we assure that no cyber threat can be considered eternal and insurmountable. And, again, not only due to the efforts of anti-virus companies that can develop an antidote, or, say, the efforts of virus writers who simply invent something new ... In principle, those who are involved in creating and distributing malware can simply catch the law enforcement structures. This, of course, does not happen as often as we would like, but ... it happens.
So, in the history around Carberp there are interesting nuances. It seems that the wave of news around this Trojan has subsided somewhat. And back in 2012. However ... At the end of March, representatives of a foreign antivirus company in Russia wrote about the emergence of a “new modification of the Carberp Trojan program capable of using legal software to steal money and also bypass the two-factor authentication mechanism using one-time passwords”. Moreover, in their blog on Habrahabr, they stated that the Carberp group still ranks first among similar groups that engage in banking fraudulent operations in Russia and Ukraine.
And here, just a few days later, the Ukrainian Kommersant broke out in a sensation - the Security Service of Ukraine, together with the Federal Security Service of Russia, stopped the activity of a group of cyber fraudsters who had stolen more than $ 250 million over the past five years. However, we will explain that we are talking about the Carberp grouping and its “creation”.
')
According to Kommersant. Ukraine ”, the operation to develop a group of cyber frauds, the department of counterintelligence protection of state interests in the field of information security of the SBU spent about a year. On the territory of Ukraine, fraudsters operated from 2009, and before that they had worked in a similar way in the Russian Federation. In total, in Ukraine and Russia, they allegedly managed to steal more than $ 250 million. According to the SBU, there were about 20 people in the group, with an average age between 25 and 30 years. “These were programmers working remotely in Kiev, Zaporizhia, Lviv, Kherson and Odessa. As a rule, they did not know each other, each was responsible for his own part of the development of a software module. Then the data was transferred to the main server in Odessa, where the main organizer, a 28-year-old Russian citizen, worked, ”the source added.
What's so surprising? - you ask us. On March 26, 2013, our colleagues in the industry talk about the new Carberp modification (which almost no other antivirus company knows about), that its creators are still extremely dangerous, and on April 2, 2013, “Kommersant. Ukraine "announces the capture of the authors Carberp. But the fact is that we knew firsthand about the investigation of the whole story with the Carberp law enforcement agencies. And, although “Kommersant. Ukraine "wrote about this on April 2, 2013, the event happened much earlier. Everyone who was involved in the development and distribution of Carberp was detained on March 19, 2013.
We understand that our colleagues might have delayed their publication of their news. However, in our industry, the efficiency of information goes hand in hand with the need to communicate verified facts. Let it be so.
PS
By the way, if you think that this is the end of the story with the so-called "banking Trojans", then no, by ... Sharks smell of profit. Unfortunately…
Source: https://habr.com/ru/post/175585/
All Articles