Microsoft, FBI Take Down Citadel Botnet Network

Microsoft, the FBI, and a variety of players from the financial services industry have taken down the “Citadel” botnet network.

The investigation into Citadel began in early 2012. Computers infected with Citadel malware record the user’s keystrokes (known as “keylogging”), which gave the criminals behind the botnet network access to financial and personal information. Microsoft estimates that some five million people owned devices infected with the malware, which led to some $500 million in personal and business losses.

In late May, Microsoft filed a civil suit against the Citadel network’s operators and received authorization from the U.S. District Court for the Western District of North Carolina to shut down the linkages between the 1,462 botnets and those millions of computers infected with the malware. Microsoft followed up that action by seizing servers from two data centers in New Jersey and Pennsylvania, among other data and evidence. Microsoft also turned over data related to the botnets’ operation to International Computer Emergency Response Teams (CERTs), in order to take down botnet infrastructure located outside the United States.

The FBI also coordinated with its counterparts in other countries “so that they could also take voluntary action on botnet infrastructure located outside of the U.S.,” the groups wrote in a joint statement.

“Creating successful public-private relationships—in which tools, knowledge, and intelligence are shared—is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI,” FBI executive assistant Richard McFeely wrote in a statement. “We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible.”

Financial institutions involved in the operation included the Financial Services—Information Sharing and Analysis Center (FS-ISAC), The Electronic Payments Association, the American Bankers Association (ABA), and others.

This isn’t the first time that Microsoft has taken down a botnet in conjunction with a set of financial partners. In 2012, the company’s Digital Crimes Unit imploded the Zeus botnet network. Similar takedowns include the Rustock botnet in 2011 and Waledac in 2010.


Image: zimmytws/