Russian-Armenian botnet suspect raked in $140,000 a month
IDG News Service - By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.
Just 27 years old, he had amassed a tidy fortune, allegedly running an efficient clandestine network of hacked computers around the world.
Those computers were infected with Bredolab, a piece of malicious software responsible for sending spam, conducting attacks on websites and enabling other cybercriminals to steal money from online bank accounts.
Avanesov allegedly rented and sold part of his botnet, a common business model for those who run the networks. Other cybercriminals can rent the hacked machines for a specific time for their own purposes, such as sending a spam run or mining the PCs for personal details and files, among other nefarious actions.
Dutch prosecutors believe that Avanesov made up to €100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.
Avanesov may have netted more money, in other ways.
"We don't have more financial information about what he did," De Bruin said. "Our investigation was focused on dismantling the network then getting a hold of our main suspect, but this criminal investigation hasn't stopped yet. We hope to get a better picture of the money and his business relationships."
As a result, Avanesov may have made millions in a career spanning more than a decade, according to a source close to law enforcement. He vacationed in the Seychelles with an attractive girlfriend and reportedly even had a side hobby as a DJ, the source said.
But Avanesov is now being held by Armenian authorities after a sting operation earlier this week by Dutch police and computer security experts with help from Russian authorities. He was arrested earlier this week after taking a late flight on Monday night from Moscow to Yerevan, Armenia's capital.
The bust wasn't supposed to happen that way, however, according to the source. Avanesov nearly got away.
Dutch authorities tried to lure Avanesov to Schipol airport near Amsterdam, where police there planned to follow him and wait until he took control of the Bredolab botnet, bust down the door and arrest him on computer hacking charges. He was expected to be on a flight into Schipol but never arrived.
"They [the police] were waiting for him, but he didn't come," according to the source.
In the meantime, the people in control of Bredolab had took noticed something strange was happening with their botnet. Around 2 p.m. CET on Monday, the Dutch High Tech Crime Team began taking over command-and-control servers used to issue instructions to the 29 million infected computers with help from the Dutch Forensic Institute, the Dutch computer emergency response team Govcert, and the security vendor Fox IT.
- Where You Mitigate Heartbleed Matters Read this article to learn more about why customers must choose the most strategic point in the network at which to deploy their...
- Mitigating Multiple DDoS Attack Vectors It's time to rethink and refine the enterprise security architecture, so organizations can remain agile and resilient against future threats. Download this infographic...
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- City Solved Network Mystery - Saves $30K The City of Jacksonville put their hunch to work and not only solved a mystery, but found a new and innovative use for...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Network Security White Papers | Webcasts