Menu
Suspected Andromeda botnet ringleader arrested

Suspected Andromeda botnet ringleader arrested

Arrested Belarus citizen described as administrator of the Andromeda network

One of Eastern Europe’s most prolific cyber criminals has been arrested in a joint operation involving Belarus, Germany and the United States that aimed to dismantle a vast computer network used to carry out financial scams, officials have said.

National police in Belarus, working with the US Federal Bureau of Investigation, said they had arrested a citizen of Belarus on suspicion of selling malicious software who they described as administrator of the Andromeda network.

Andromeda is made up of a collection of botnets, or groups of computers that have been infected with viruses to allow hackers to control them remotely without the knowledge of their owners. These networks were in turn leased to other criminals to mount malware or phishing attacks and other online scams.

Swedish-American cyber security firm Recorded Future said they have “a high degree of certainty” that the arrested Belarussian is “Ar3s”, a prominent hacker in the Russian speaking cybercrime underground since 2004, who the firm has identified as the creator of the Andromeda botnet, among other hacking tools.

“Andromeda was one of the oldest malwares on the market,” said Jan Op Gen Oorths a spokesman for Europol, the European Union’s law enforcement agency. It estimated the malicious software infected more than one million computers worldwide every month, on average, dating back to at least 2011.

Although authorities in Belarus declined to name the suspected hacker and Europol and the FBI declined to comment, the firm Recorded Future identified Ar3s as Sergei Yarets, a 33-year-old man living in Rechitsa, near Gomel, the second largest city in Belarus.

Yarets could not be reached by phone or social media.

Yarets is identified on LinkedIn as technical director of OJSC “Televid”, a television broadcaster in southeastern Belarus.

A colleague at the company said Yarets had been arrested but declined to comment further.

A source at a government agency involved in the investigation said that the arrested hacker behind Andromeda was Yarets.

The Belarus Ministry of Internal Affairs in Minsk said officers had seized equipment from the hacker’s offices and he was cooperating with the investigation.

Information about the operation has been gradually released by Europol, the FBI and Belarus’s Investigative Committee over the past two days. No further arrests have been reported.

Cyber crime wholesaler

The shutdown of the Andromeda botnet, announced on 4 December, was engineered by a taskforce coordinated by Europol which included several European law enforcement agencies, the FBI, the German Federal Office for Information Security and agencies from Australia, Belarus, Canada, Montenegro, Singapore and Taiwan.

The police operation, which involved help from Microsoft and ESET, a Slovakian cyber security firm, was significant both for the number of computers infected worldwidew and because Andromeda had been used over a number of years to distribute scores of new viruses.

Belarus authorities said the man they arrested charged other criminals US$500 for each copy of Andromeda he sold to mount online attacks, and US$10 for subsequent software updates.

Microsoft said Andromeda charged US$150 for a keylogger to copy keystrokes to steal user names and passwords. And for US$250, it offered modules to steal data from forms submitted by web browsers, or the capacity to spy on victims using remote control software from German firm Teamviewer.

German authorities, working with Microsoft, had taken control of the bulk of the network, so that information sent from infected computers was rerouted to safe police servers instead, a process known as “sinkholing.”

Information was sent to the sinkhole from more than two million unique internet addresses in the first 48 hours after the operation began on 29 November, Europol said.

Owners of infected computers are unlikely to even know or take action. More than 55 per cent of computers found to be infected in a previous operation a year ago are still infected, Europol said.

(Reporting by Toby Sterling and Eric Auchard; Additional reporting by Andrei Makhovsky in Minsk, Jamillah Knowles in London and Mark Hosenball in Washington; Editing by Keith Weir, Angus MacSwan and Grant McCool)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnetlawAndromeda

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments