FBI leans on private industry to dismantle multinational cybercrime ring

Foreign hackers involved in a multinational cybercrime network known as Avalanche were able to infect roughly 20,000 U.S.-based computers before being arrested last week by European authorities, FBI and Justice Department officials said Monday.

Foreign hackers involved in a multinational cybercrime network known as Avalanche were able to infect roughly 20,000 U.S.-based computers before being arrested last week by European authorities, FBI and Justice Department officials said Monday.

Unidentified private-sector partners, in support of law enforcement, helped “take control” of Avalanche’s computer servers, according to Robert Johnson, special agent in charge of the FBI’s Pittsburgh Division. “We couldn’t have done this without private industry,” Johnson surmized.

Avalanche was an internet hosting and management system — comprised of more than 20 staging servers — used to deploy botnets, malware and ransomware.

Criminal investigations are ongoing though no U.S. citizens have been arrested. The effort to shut down Avalanche included help from prosecutors and other law enforcement officials in 40 countries.


“Cyber criminals can victimize millions of users in a moment from anywhere in the world,” said Scott Smith, assistant director of the FBI’s Cyber Division. “This takedown highlights the importance of collaborating with our international law enforcement partners against this evolution of organized crime in the virtual.”

The criminal group behind the underground ring is accused of inflicting hundreds of millions of dollars in losses worldwide. Five key suspects have been arrested — but their names have yet to be made public. More than 830,000 related malicious internet domains were disabled as part of the investigation.

“For years, sophisticated cyber criminals have used our own technology against us – but as their networks have grown more complex and widespread, criminals increasingly rely on an international infrastructure as well,” Assistant Attorney General Leslie Caldwell said in a statement. “Now a multinational law enforcement coalition has turned the table on the criminals.”

The FBI is encouraging internet service providers and a cohort of private sector partners to assist in removing related computer viruses from known systems.

“Computer users should note that this law enforcement action will NOT clean malware off any infected computers — it will merely deny the Avalanche users’ ability to communicate with infected victims’ computers,” Europol said on its website.


The Department of Homeland Security’s National Cybersecurity and Communications Integration Center — which includes the emergency response team US-CERT — is providing free scanning tools to help individuals check to see if they were affected by Avalanche.

Monday’s news conference at the FBI’s Pittsburgh-based National Cyber-Forensics & Training Alliance offered additional details regarding the U.S. involvement into the more than four year investigation led by Europol and Eurojust. European law enforcement authorities first made the cybercrime bust public last week.

Avalanche was used to attack an unidentified western Pennsylvania business, causing it to lose more than $387,000 in assets, according to Soo Song, assistant U.S. attorney for the Western District of Pennsylvania. The business was tricked into wire transferring money to a bank located in Bulgaria.

“If Avalanche was the bridge to deliver malware, we seized control of the bridge and imploded it,” said Song.

In another U.S.-based case, the hackers extorted 6 bitcoin, or roughly $1,400, from an Allegheny County government office that had become crippled with ransomware.


“In both attacks, employees received phishing emails containing attachments designed to look like legitimate business invoices,” a statement issued on Monday by the Justice Department explained. “After clicking on the links, GozNym malware was installed on the victims’ computers. The malware stole the employees’ banking credentials which were used to initiate unauthorized wire transfers from the victims’ online bank accounts.”   

In some of the cases, the hackers gained access to victims’ computers by tricking them into clicking on a malicious link or attachment in a phony email, Song described. A majority of Avalanche’s attacks targeted foreign organizations, outside of the U.S.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts