2016: A Good Year for Catching Cybercriminals

Print Email

2016 is on track to be the worst year ever for data breaches and hacking attacks. That’s the bad news. The good news is that 2016 also has been a banner year for hacker arrests.

The Mirai botnet attack that brought down DNS provider Dyn was the largest distributed denial of service (DDoS) attack ever, and the recently discovered Leet botnet came a close second. Dyn was acquired by Oracle Corp. (NYSE: ORCL) in November for an undisclosed sum.

One of the biggest operations ever against hackers culminated in early December with the arrests of five individuals charged with involvement with the Avalanche botnet that served up phishing attacks and malware to victims for at least seven years.

According to Europol, the Avalanche network caused an estimated €6 million in damages in Germany alone, and the monetary losses due to Avalanche are estimated in the hundreds of millions euros worldwide. Europol identified malware infections in more than 180 countries, and some 221 Avalanche servers were “sinkholed,” and a total of over 800,000 domains seized, sinkholed or blocked.

Sinkholing occurs when a law enforcement server interposes itself between computers infected with malware and the criminal infrastructure. Traffic between the network and the computers is redirected to law enforcement servers that then capture victims’ IP addresses and forwards the information to emergency response teams.

Also in December, Joshua Aaron, one of three men indicted for the massive 2014 breach at JPMorgan Chase & Co. (NYSE: JPM) was arrested at JFK airport in New York. The three are charged with hacking crimes against U.S. financial institutions, brokerage firms and financial news publishers, “including the largest theft of customer data from a U.S. financial institution in history.” Aaron and his two partners, who were captured in Israel in 2015 and extradited to the United States in June of this year, face scores of years in federal prison if convicted.

Russia, more in the news recently for alleged government-backed interference with the U.S. elections, also made a big arrest in May of 19 hackers charged with the electronic theft of $19 million from the country’s central bank. The group had attempted to steal about $45 million.

For more details and a list of the 21 biggest cyberbusts of the year, visit DarkReading.com.