The Hacker News Logo
Subscribe to Newsletter

FBI seized Citadel banking Trojan servers

Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for massive bank fraud. Botnets are networks of computers infected with viruses that let them be controlled by hackers.

The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today.

Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks.

Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.
Citadel installed keylogging software onto a computer, which tracked everything a person typed. Microsoft also admitted that it does not expect to have wiped out the Citadel botnet fully, simply because of its sheer size.
As a result, when users access their bank accounts online, they unwittingly provide access to banking passwords and other confidential information to the hackers.
Earlier Wednesday, federal marshals escorted Microsoft officials to two data hosting facilities in New Jersey and Pennsylvania, where they seized data and evidence from the botnets.

Microsoft has filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets and identifies the ringleader as 'John Doe No. 1', who goes by the alias Aquabox and is accused of creating and maintaining the botnet.

The FBI working closely with Europol and other overseas authorities to try to capture the unknown criminals.

Microsoft and its allies did not believe the threat from Citadel was eliminated but were confident they were able to significantly disrupt the criminal operation.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.