American and Russian law enforcement agencies have finally identified the criminals behind the Storm worm, one of the nastiest pieces of malware to ever hit the Internet.
Now comes the hard part: arresting them.
Storm has been one of the toughest worms to eradicate because it was crafted so well. It mutates every 30 minutes, making it impossible for signature-based antivirus products to catch it, and there are no central command and control servers to take out like most other worms.
Once a computer is infected, any kind of malicious code can be downloaded, from a spam bot to a key logger. It has been most commonly used to send out spam.
Just as the highly infectious code remains elusive to many antivirus applications, the people who created this Storm have managed to stay one step ahead of the law thanks mainly to bureaucratic red tape.
The exact number of people involved as well as their identities aren’t being released while Russian authorities wind their way through multiple diplomatic, law enforcement and government channels.
Things will get even more complicated if U.S. law enforcement agencies demand extradition.
American companies have suffered the most from this worm. But because Storm has affected and infected Internet users in practically every country, a lot of people are going to want the hides of those responsible for its proliferation.
“That’s what’s frustrating about cybercrime,” Dmitri Alperovitch, principal research scientist at Secure Computing’s TrustedSource Labs told InternetNews.com. “Because it’s so international nowadays with these individuals on every continent, and a lot of times they collaborate.”
“That involves many jurisdictions around the world and there are strict rules about sharing evidence and real problems with countries that don’t have an extradition treaty,” he added.
Jon Praed, founding partner of the Internet Law Group, which has represented many clients involved in spam-related lawsuits, said cyber criminals are moving to countries where they will be safe from extradition.
“A lot of bad guys are moving their bodies and assets to places that are hard to touch and that movement will continue,” he said. “A lot of Americans in cybercrime have made the decision to leave the U.S. They are living in southeast Asia, Latin America, and parts of Europe.”
“We have done a pretty good job of maturing the fight to the point that there are few cyber criminals left in the U.S,” he said.
Alperovitch said the group responsible for creating Storm is based in St. Petersburg, a city that seems to be a magnet for computer criminals. Other gangs are based there, including the creators of the MPack malware development kit.
St. Petersburg was also the home of the Russian Business Network, an Internet service provider that hosted all kinds of malware and child pornography before a story in the Washington Post shined the spotlight on the site, prompting its upstream ISP in England to cut off its feed.
Alperovitch added the FSB, the Russian security service formed out of the old KGB, has recently been more diligent about arresting cyber criminals. Most recently, it took down the creators of Pinch, a particularly infectious worm that targeted and swiped confidential banking information.
If Russian authorities can follow up the Pinch bust with other high-profile arrests, crooks may no longer view St. Petersburg and other Russian cities as safe havens from the cops.
“There are certainly people in Russia who understand that their country could be doing more to make it hard for people to engage in wrongful conduct,” Praed said. “There are lots of good people doing good things who understand that this isn’t good for their country.”
Some countries don’t have much for cybercrime laws, which isn’t necessarily a problem, said Alperovitch. “At its core, it’s a financial crime,” he said. “The Zotob [Trojan] creators were prosecuted because they were stealing money. Those are always quite enough for successful prosecutions.”