Tuesday, February 18, 2014

Long Talk "AV Tokyo 2013.5" - #Kelihos #CookieBomb #RedKit : Bad Actor's Arrest Request Filed Officially

Sunday, February 16th 2014, on the presentation on AV Tokyo 2013.5, a prestigious security event in Japan (link), we (read: MalwareMustDie, an NPO of Anti Cyber Crime International Research Group) announced the connection between several Cyber Crime actions (malicious abuse of computer exploitation and credential with the usage of malware) of: CookieBomb (IFRAME from the "North") infection (link), Kelihos Botnet infection (link), Spam that lead to malware infection / Malvertisement (link), and the usage of malicious exploitation tool as RedKit/Goon/Infinity for malware infection (link), which is causing series of abusive accusation against the Japan National Cyber Space & Networking Jurisdiction under the following security violation verdicts:
(1) Remote hack on personal computers of national individual/entities
(2) Stealing of credential and privacy property of national individual/entities
(3) 30,000+ malicious code injection by web hacking to national service infrastructure 
(4) Abuse utilization of national computers to distribute malware worldwide.

The presentation video (censored):

The crime, which is currently still in progress for a significant long time with the incremental trend on damage-quantity upon the verdicts stated above, was proven by submitting all of investigation fact and evidence that lead to a One Russia Federation Citizen Individual Crime Suspect (link), where the detail of actor's identification was "beyond any doubt" announced in front of Japan national IT security community, was followed by officially filing all investigation material on category of: National Cyber Crime Abuse and Act of Terrorism aganist National Network, reported to the National Police Agency, Japan - Cyber Force Center, High-Tech Crime Technology Division - Cyber Terror Incident Handling Unit (link). With notifying Information-technology Promotion Agency - Japan (link), JP-CERT/CC (link), Interpol Digital Crime Investigation Support, Europol EC3 (link), and Anti-Phishing Working Group (link), and several European law enforcement agencies related, with witnessed by important national security top-notch researchers.

The fact that has been collected over the investigation time frame, and the unbearable raise of casualty on damage of the crime in progress on the Japan national computer infrastructure was clearly presented to the national security community attendants in the event, and it was urged to raise the serious national security issue against the malicious act of a Russia Federation Individual Citizen (link) who is still performing his daily basis crime activity in abusing Japan national network.

We hope to raise an official request for cooperation from Japan law enforcement to Russia Federation law enforcement to conduct a firm act to stop this crime and terror effort for good. The further delay action from law in Russia Federation against the positive confirmed individual suspect will only prolong the unnecessary damage on victims in Japan soil, not to mention to other countries that has been victimized like Taiwan, India, Ukraine, Georgia, Poland and Russia Federation's victim itself as the top hit of the threat, or, to other countries in Europe that has been abused and used as control center server of this malware activity.

To be noted, Kelihos Botnet infection itself is also spotted infiltrating United States personal computer dial up infrastructure, and the investigation information of the threat with its activity relation to the a notorios spammer (link) and the similarity in identification also was reported accordingly to Federal Bureau of Investigation in United States, which hoping FBI to consider to re-open the legal case against Petr Severa (link) and (link). To all victimized countries of the same threat, we urge you to do the same procedure like we are conducting here in Japan via filing official crime report to be followed and escalated properly by your law enforcement to the Russia Federation law enforcement.

MalwareMustDie,NPO and partners in investigation were in this operation since August 2013, the real identification of the bad actor was revealed in September, 2013 with the collaboration of our crime investigation partner in Russia Federation, GroupIB (link), who was informing us for filing the case to the Russia Federation law enforcement on October, 2013. We revealed the weakness of the botnet in BotConf 2013, December 5th, 2013 in Nantes, France. With as proof of concept in stopping the malware payload and positive ID the CNC owner we did the "takedown" on most of Kelihos botnet CNC between December 1-3, 2013.

#MalwareMustDie, NPO