10 July 2014
An international operation involving law enforcement agencies and private sector companies is combating the threat from a type of malicious software (malware) used by criminals to steal from bank accounts.
In the first project of its kind for a UK law enforcement agency, the National Crime Agency has brought together partners from the law enforcement and private sectors, including the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab and the German Federal Police (BKA) to jointly address the Shylock trojan.
As part of this activity, law enforcement agencies are taking action to disrupt the system which Shylock depends on to operate effectively. This comprises the seizure of servers which form the command and control system for the trojan, as well as taking control of the domains Shylock uses for communication between infected computers.
This has been conducted from the operational centre at the European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI, the Netherlands, Turkey and Italy gathered to coordinate action in their respective countries, in concert with counterparts in Germany, Poland and France.
Shylock - so called because its code contains excerpts from Shakespeare’s Merchant of Venice - has infected at least 30,000 computers running Microsoft Windows worldwide. Intelligence suggests that Shylock has to date targeted the UK more than any other country, although the suspected developers are based elsewhere. The NCA is therefore coordinating international action against this form of malware.
Victims are typically infected by clicking on malicious links, and then unwittingly downloading the malware. Shylock will then seek to access funds held in business or personal accounts, and transfer them to the criminal controllers.
Computer users opting for automated operating system updates - which can ensure computers infected with malware such as Shylock are cleaned automatically once the machine is restarted - need take no action at this time. Those not opting for automatic updates, or who would like to learn more about how to check their Windows-operated computers and remove infection, can go to http://support.microsoft.com/gp/cu_sc_virsec_master.
Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said:
“The NCA is coordinating an international response to a cyber crime threat to businesses and individuals around the world. This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK.
“We continue to urge everybody to ensure their operating systems and security software are up to date.”
Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol, said:
“The European Cybercrime Centre (EC3) is very happy about this operation against sophisticated malware, playing a crucial role in the work to take down the criminal infrastructure. EC3 has provided a unique platform and operational rooms equipped with state-of-the-art technical infrastructure and secure communication means, as well as cyber analysts and cyber experts.
“In this way we have been able to support frontline cyber investigators, coordinated by the UK’s NCA, and working with the physical presence of the United States’ FBI and colleagues from Italy, Turkey and the Netherlands, with virtual links to cyber units in Germany, France and Poland."
Visit Cyber Streetwise, the UK government’s dedicated online cyber security website, and Get Safe Online, for information on how to avoid being a victim of cyber crime and protect online devices:
Anyone in the UK who believes they have lost money through malware attacks should report it at www.actionfraud.police.uk.