Alphabet’s Google says the Glupteba botnet could be used in a ransomware attack or distributed denial of service attack. Picture: Bloomberg
Alphabet’s Google says the Glupteba botnet could be used in a ransomware attack or distributed denial of service attack. Picture: Bloomberg

Alphabet’s Google is suing two Russian nationals it claims are part of a criminal enterprise that has silently infiltrated more than a million computers and devices around the world, creating “a modern technological and borderless incarnation of organised crime”.       

In a complaint being unsealed on Tuesday in the US District Court for the Southern District of New York, Google names two defendants, Dmitry Starovikov and Alexander Filippov, as well as 15 unnamed individuals. Google claims the defendants have created a “botnet” known as Glupteba to use for illicit purposes, including the theft and unauthorised use of Google users’ login and account information.

A botnet is a network of internet-connected devices that have been infected with malware. When summoned together, they can do the bidding of a hacker, often with the devices’ owners not realising their machines have been hijacked. A swarm of devices can jam traffic at websites, run malware to steal login credentials, sell fraudulent credit cards online and grant unauthorised access to other cyber criminals.

The Glupteba botnet stands out from others because of its “technical sophistication”, using blockchain technology to protect itself from disruption, Google said in the complaint. At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack, Google said.

It is the first time Google is going after a botnet, a spokesperson for the California-based company said in an email. “We are taking this action to further protect internet users and to send a message to cyber criminals that we will not tolerate this type of activity.” 

The spokesperson said the company worked with the US department of justice on the investigation.

The tech giant brought the action to court to “create a legal liability for the cyber criminals”, the spokesperson said, and to  bring “to light their identities and the infrastructure they are using”. 

Google said Starovikov and Filippov were connected to Glupteba by the servers used to set up their Gmail addresses. 

“Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers,” Google general counsel Halimah DeLaine Prado and vice-president of engineering Royal Hansen wrote in a blog post. 

In June 2020, security firm Sophos published a report on the Glupteba malware, noting it “was able to continuously thwart efforts at removing it from an infected machine”, researcher Luca Nagy wrote at the time. “Glupteba also takes a variety of approaches to lay low and avoid being noticed.”

Google said it was bringing the action under the Racketeer Influenced and Corrupt Organizations Act, known as RICO, as well as the Computer Fraud and Abuse Act, Electronic Communications Privacy Act and others, to disrupt the botnet, prevent it from causing further harm, and to recover damages.

Some of the most notorious cybercriminal gangs have ties to Russia, which has been accused of providing them with safe haven. The Kremlin has repeatedly denied responsibility for any hacking attacks. 

Bloomberg News. For more articles like this please visit Bloomberg.com.

subscribe

Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.