Russian-Armenian botnet suspect raked in $140,000 a month
IDG News Service - By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.
Just 27 years old, he had amassed a tidy fortune, allegedly running an efficient clandestine network of hacked computers around the world.
Those computers were infected with Bredolab, a piece of malicious software responsible for sending spam, conducting attacks on websites and enabling other cybercriminals to steal money from online bank accounts.
Avanesov allegedly rented and sold part of his botnet, a common business model for those who run the networks. Other cybercriminals can rent the hacked machines for a specific time for their own purposes, such as sending a spam run or mining the PCs for personal details and files, among other nefarious actions.
Dutch prosecutors believe that Avanesov made up to €100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.
Avanesov may have netted more money, in other ways.
"We don't have more financial information about what he did," De Bruin said. "Our investigation was focused on dismantling the network then getting a hold of our main suspect, but this criminal investigation hasn't stopped yet. We hope to get a better picture of the money and his business relationships."
As a result, Avanesov may have made millions in a career spanning more than a decade, according to a source close to law enforcement. He vacationed in the Seychelles with an attractive girlfriend and reportedly even had a side hobby as a DJ, the source said.
But Avanesov is now being held by Armenian authorities after a sting operation earlier this week by Dutch police and computer security experts with help from Russian authorities. He was arrested earlier this week after taking a late flight on Monday night from Moscow to Yerevan, Armenia's capital.
The bust wasn't supposed to happen that way, however, according to the source. Avanesov nearly got away.
Dutch authorities tried to lure Avanesov to Schipol airport near Amsterdam, where police there planned to follow him and wait until he took control of the Bredolab botnet, bust down the door and arrest him on computer hacking charges. He was expected to be on a flight into Schipol but never arrived.
"They [the police] were waiting for him, but he didn't come," according to the source.
In the meantime, the people in control of Bredolab had took noticed something strange was happening with their botnet. Around 2 p.m. CET on Monday, the Dutch High Tech Crime Team began taking over command-and-control servers used to issue instructions to the 29 million infected computers with help from the Dutch Forensic Institute, the Dutch computer emergency response team Govcert, and the security vendor Fox IT.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts