Facebook versus Russia's Koobface gang
Published 19/01/2012 | 10:44
FACEBOOK took a very unusual step for a multinational this week, when it publicly accused five Russian men of running a multimillion dollar scam against hundreds of thousands of its users.
The “Koobface gang”, as the quintet are known, are accused of infecting social network users’ computers with a malicious software “worm”.
The global network of up to 800,000 remotely-controlled machines became a lucrative business for the gang. Other cyber criminals would pay them to bombard their victims with adverts for fake anti-virus software, or to hijack Google searches to deliver traffic to rogue pharmacy websites.
In just the year up to June 2010, it is estimated the Koobface gang pocketed $2m running their scam, which began back in 2008. Their haul was not particularly large by the standards of organised crime online, which runs off with billions every year, but they pioneered exploitation of Facebook users.
The Koobface worm spread itself by sending fake messages on Facebook and other social networks to its victims’ friends. If the recipient of the message clicked on a link that promised “you look just awesome in this movie”, or similar, they were directed to a website that told them to update their Adobe Flash software.
Those who fell for the trick actually downloaded software that took control of their computer and recruited it to the gang’s network.
Now, Facebook wants to see the five men pay for their crimes. The firm says it knows who the members of the gang are, the address of their downtown St Petersburg office and much more, even going so far as to name them in American reports.
“People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted,” Joe Sullivan, Facebook’s head of security told The New York Times.
In response, independent security researchers have also published their intelligence on the gang, which includes evidence of a luxurious lifestyle. One group holiday, documented on a photo-sharing website, saw them gallivant from Spain to the French Riviera and Monte Carlo, before ending up at a casino in Germany.
Yet by going public with the allegations, Facebook has also shown its frustration that the Koobface gang might not be arrested.
Russia has long held a reputation as a haven for criminal hacking gangs. British cyber crime investigators privately express huge frustration with the lack of cooperation from law enforcement authorities there.
The Americans have similar problems. On Tuesday the FBI trumpeted the arrest and successful extradition of Vladimir Zdorovenin, a Russian, for online credit card scams and stock manipulation.
“We will reach out across the globe, and wait as long as it takes to bring cyber criminals to justice,” said Preet Bharara, a US federal prosecutor.
Nevertheless, Mr Zdorovenin’s collar was not felt in his homeland. He was arrested on a trip to Zurich, and extradited by cooperative Swiss authorities.
The picture in Russia is more complicated than one of a lawless “Wild East”, however, according to Sean Sullivan, a security researcher at F-Secure, based in neighbouring Finland.
“Some folks paint with too broad a brush,” he says.
“They think of Russia as just one monolith rather than remembering it’s the Russian Federation. A lot of good guys are in Moscow, for example.
“The Koobface guys are in St Petersburg… it’s like when you think of the American mob and Al Capone you think of the city of Chicago. St Petersburg comes up surprisingly often in our investigations. In fact we’re not surprised anymore when it comes up”
St Petersburg is famous in internet security circles as the home of the Russian Business Network, a sprawling digital criminal enterprise involved in seemingly every type of crime online, from spam to hosting child abuse websites. Unconfirmed rumours abound of close or even blood ties between local politicians and senior mobsters.
To Sean Sullivan, Facebook’s public naming and shaming of the Koobface gang looks less like an blow against them and more like an admission that efforts to have them arrested have so far failed. Their names have been known to investigators for so long among they were beginning to spread online.
“This just puts an official stamp on the accusations,” he said.
“I don’t think they would take this tack to put pressure on the gang. I think it actually undermines any efforts to get these guys arrested. It makes it too political.”
Following a concerted fight back that began in March, Facebook says it has been free of Koobface infections for the past nine months.
“We are confident that our work in identifying those responsible will put a significant dent in their ability to harm those online and lead to a safer internet for all,” it said in a blog post.
The idea of discomfiting the Koobface gang, who have seen their names and faces plastered across the web this week, must have cheered Facebook executives. The fact that even as operators of the world’s busiest website, representing more than 800 million users, they can’t get authorities to actually arrest these criminals, must be a less happy thought.