Sign in
  • Latest News
  • Physical Security
    • Access Control & Identification
    • Critical Infrastructure
    • Dealers & Integrators
    • Integration
    • Perimeter Protection
    • Video Surveillance
  • IT Security
    • Communications
    • Corporate Facilities
    • Cyber Security
    • Data Storage
    • Encryption
    • Networking Security
  • Government Security
    • Education
    • Federal
    • Law Enforcement
    • Military
    • Municipal
    • Security Services
    • State
  • Ports of Entry
    • Aerospace
    • Airports/Aviation
    • Border
    • CBRNE Detection
    • Maritime
  • Crisis Responders
    • Campus Security
    • Disaster Prevention
    • Emergency Response
    • First Responders
  • AST Awards
Sign in
Welcome!Log into your account
Forgot your password?
Password recovery
Recover your password
Saturday, June 10, 2023
  • Sign in / Join
  • Events
  • About
  • Blog
  • Advertise
  • Contact
  • Sign Up
  • Sitemap
  • Privacy Policy
  • Cart
Sign in
Welcome! Log into your account
Forgot your password? Get help
Password recovery
Recover your password
A password will be e-mailed to you.
American Security Today
 
American Security Today American Security Today
  • Latest News
    • Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase
      Corporate Facilities

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

      NYPD Police Commissioner Keechant L. Sewell
      Crisis Responders

      NYPD Comm Sewell to Address 2023 ‘ASTORS’ Awards Banquet Ceremony

      Fūsus delivers the industry's only completely technology-agnostic RTCC platform used by law enforcement agencies as the backbone of their public safety and criminal intelligence operations.
      Campus Security

      Fūsus Competes in Fourth ‘ASTORS’ Homeland Security Awards

  • Physical Security
    • AllAccess Control & IdentificationCritical InfrastructureDealers & IntegratorsIntegrationPerimeter ProtectionVideo Surveillance
      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.
      Access Control & Identification

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

      Hanwha Vision new cloud-managed solution SolidEDGE which is available in both 1TB or 2TB onboard storage capacity models, comes with embedded WAVE VMS powers multi-camera recording, remote access, and on-premise security system management.
      Critical Infrastructure

      Hanwha Unveils SolidEDGE: First Truly Serverless Camera with Onboard SSD

  • IT Security
    • AllCommunicationsCorporate FacilitiesCyber SecurityData StorageEncryptionNetworking Security
      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase
      Corporate Facilities

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

      Fūsus delivers the industry's only completely technology-agnostic RTCC platform used by law enforcement agencies as the backbone of their public safety and criminal intelligence operations.
      Campus Security

      Fūsus Competes in Fourth ‘ASTORS’ Homeland Security Awards

      Josh Stephens, BackBox CTO
      Corporate Facilities

      BackBox Launches Cisco CIS Benchmark Automation Templates

  • Government Security
    • AllEducationFederalLaw EnforcementMilitaryMunicipalSecurity ServicesState
      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase
      Corporate Facilities

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.
      Access Control & Identification

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

  • Ports of Entry
    • AllAerospaceAirports/AviationBorderCBRNE DetectionMaritime
      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.
      Access Control & Identification

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      As healthcare workers report higher violence incidents at their workplaces, Athena Security's Concealed Weapons Detection Systems have been widely employed at Healthcare Facilities to safeguard patients, staff, and visitors.
      Access Control & Identification

      Athena Weapons Detection Returns to Compete in 2023 ‘ASTORS’ Awards

      Based on the mass volume of cargo containers entering the country annually, concealed CWP agents within maritime cargo shipments pose the highest risk of chemical weapons entering the United States, according to Dr. Sabatino Nacson, CTO of Teknoscan Systems Inc.
      Access Control & Identification

      Sampling and Analysis of Chemical Threat in Maritime Cargo Containers

  • Crisis Responders
    • AllCampus SecurityDisaster PreventionEmergency ResponseFirst Responders
      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase
      Corporate Facilities

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.
      Access Control & Identification

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

  • AST Awards
Home IT Security Communications DOJ Announces Actions to Dismantle Kelihos Botnet (Learn More)
  • IT Security
  • Communications
  • Corporate Facilities
  • Cyber Security
  • Encryption
  • Government Security
  • Federal
  • Law Enforcement
  • Networking Security

DOJ Announces Actions to Dismantle Kelihos Botnet (Learn More)

By
Tammy Waitt
-
April 10, 2017
Facebook
Twitter
Google+
Pinterest
WhatsApp

    The Justice Department has announced an extensive effort to disrupt and dismantle the Kelihos botnet – a global network of tens of thousands of infected computers under the control of a cybercriminal that was used to facilitate malicious activities including harvesting login credentials, distributing hundreds of millions of spam e-mails, and installing ransomware and other malicious software.

    Acting Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division, Acting U.S. Attorney Bryan Schroder for the District of Alaska, Assistant Director Scott Smith for the FBI’s Cyber Division and FBI Special Agent in Charge Marlin Ritzman of the AnchorageDivision made the announcement.

    “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks,” said Acting Assistant Attorney General Blanco.

    The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives.”

    (Learn More about Kelihos Botnet, courtesy of WBTV, FORTALICE1 and YouTube)

    “Our success in disrupting the Kelihos botnet was the result of strong cooperation between private industry experts and law enforcement, and the use of innovative legal and technical tactics. The Department of Justice is committed to combatting cybercrime, no matter the size or sophistication of the scheme, and to punish those who are engaged in such crimes.”

    “Cybercrime is a worldwide problem, but one that infects its victims directly through the computers and personal electronic devices that we use every day,” said Acting U.S. Attorney Bryan Schroder for the District of Alaska.

    Acting U.S. Attorney Bryan Schroder
    Acting U.S. Attorney Bryan Schroder

    “Protecting the American people from such a worldwide threat requires a broad-reaching response, and the dismantling of the Kelihos botnet was such an operation.”

    “We are lucky that we have talented FBI agents and federal prosecutors with the skillsets to help protect Americans from this pervasive cybercrime.”

    “On April 8, 2017, we started the extraordinary task of blocking malicious domains associated with the Khelios botnet to prohibit further infections,” said FBI Special Agent in Charge Ritzman.

    “This case demonstrates the FBI’s commitment to finding and eradicating cyber threats no matter where they are in the world.”

    FBI Special Agent in Charge Ritzman

    Kelihos malware targeted computers running the Microsoft Windows operating system.

    Infected computers became part of a network of compromised computers known as a botnet and were controlled remotely through a decentralized command and control system.

    According to the civil complaint, Peter Yuryevich Levashov allegedly operated the Kelihos botnet since approximately 2010.

    The Kelihos malware harvested user credentials by searching infected computers for usernames and passwords and by intercepting network traffic.  Levashov allegedly used the information gained from this credential harvesting operation to further his illegal spamming operation which he advertised on various online criminal forums.

    The Kelihos botnet generated and distributed enormous volumes of unsolicited spam e-mails advertising counterfeit drugs, deceptively promoting stocks in order to fraudulently increase their price (so-called “pump-and-dump” stock fraud schemes), work-at-home scams, and other frauds.

    Kelihos was also responsible for directly installing additional malware onto victims’ computers, including ransomware and malware that intercepts users’ bank account passwords.

    As with other botnets, Kelihos is designed to operate automatically and undetected on victims’ computers, with the malicious code secretly sending requests for instructions to the botnet operator. In order to liberate the victim computers from the botnet, the United States obtained civil and criminal court orders in the District of Alaska.

    (Learn how botnets can take control of your computer and use it to commit crimes. Courtesy of Microsoft and YouTube)

    These orders authorized measures to neutralize the Kelihos botnet by:

    1. Establishing substitute servers that receive the automated requests for instructions so that infected computers no longer communicate with the criminal operator, and
    2. Blocking any commands sent from the criminal operator attempting to regain control of the infected computers.

    In seeking authorization to disrupt and dismantle the Kelihos botnet, law enforcement obtained a warrant pursuant to recent amendments to Rule 41 of the Federal Rules of Criminal Procedure.  A copy of this warrant along with the other court orders are produced below.

    The warrant obtained by the government authorizes law enforcement to redirect Kelihos-infected computers to a substitute server and to record the Internet Protocol addresses of those computers as they connect to the server.

    This will enable the government to provide the IP addresses of Kelihos victims to those who can assist with removing the Kelihos malware including internet service providers.

    The efforts to disrupt and dismantle the Kelihos botnet were led by the FBI’s Anchorage Office and New Haven Office; Senior Counsel Ethan Arenson and Harold Chun, and Trial Attorney Frank Lin of the Computer Crime and Intellectual Property Section; and Assistant U.S. Attorneys Yvonne Lamoureux and Adam Alexander of the District of Alaska.

    Critical assistance was also provided by foreign partners, and invaluable technical assistance was provided by Crowd Strike and The Shadowserver Foundation in executing this operation.

    The details contained in the civil complaint and related pleadings are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

    DOJ-Banner

    The Government has and will continue to share samples of the Kelihos malware with the internet security community so that antivirus vendors can update their programs to detect and remove Kelihos.

    A number of free and paid antivirus programs are already capable of detecting and removing Kelihos, including the Microsoft Safety Scanner, a free product.

    17-378

    Criminal Division

    Download 8_prtt_order.pdf

    Download 9_prtt_application.pdf

    Download 6_search_warrant.pdf

    Download 3_memorandum_of_law_in_support_of_tro.pdf

    Download 2_motion_for_tro_and_order_to_show_cause.pdf

    Download 1_complaint.pdf

    Download 4_declaration_in_support_of_tro.pdf

    Download 5_tro_and_order_to_show_cause.pdf

    Download 7_search_warrant_application_and_affidavit_0.pdf

    • TAGS
    • Crowd Strike
    • cybercriminal
    • distributing hundreds of millions of spam e-mails
    • harvesting login credentials
    • installing ransomware
    • malicious software
    • pervasive cybercrime
    • The Shadow server Foundation
    • user credentials
    Facebook
    Twitter
    Google+
    Pinterest
    WhatsApp
      Previous articleFBI: Two Pastors Arrested for Sex Trafficking of Children (Video)
      Next articleEisenhower Strike Group Sustaining Readiness (See in Action)
      Tammy Waitt

      RELATED ARTICLESMORE FROM AUTHOR

      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase
      Corporate Facilities

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.
      Access Control & Identification

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)
      Access Control & Identification

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.
      Communications

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

      NYPD Police Commissioner Keechant L. Sewell
      Crisis Responders

      NYPD Comm Sewell to Address 2023 ‘ASTORS’ Awards Banquet Ceremony

      Fūsus delivers the industry's only completely technology-agnostic RTCC platform used by law enforcement agencies as the backbone of their public safety and criminal intelligence operations.
      Campus Security

      Fūsus Competes in Fourth ‘ASTORS’ Homeland Security Awards

      EDITOR PICKS

      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      June 10, 2023
      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      June 6, 2023
      The New Rajant Sparrow is an IP67 Kinetic Mesh® network device ideally suited for use in industrial IoT applications and light-duty vehicles.

      Rajant Sparrow for Heavy-Duty & Light-Duty Vehicle Applications

      June 5, 2023

      POPULAR POSTS

      QNA to Integrate MPU5 Radios into Family of UGV (Video)

      January 11, 2017
      Fode Youssouf Barro is being sought in France to face criminal charges for being an accomplice in a homicide.

      ICE Removes French National Wanted for Murder (Learn More, Video)

      January 22, 2018

      UTC is Changing Aviation Industry with Lightest Ice Protect System Ever

      January 19, 2017

      POPULAR CATEGORY

      • Government Security5269
      • Law Enforcement4090
      • Federal3968
      • Disaster Prevention3330
      • Municipal3102
      • Security Services3048
      • State3010
      • Crisis Responders2477
      • Emergency Response2351
      American Security Today
      ABOUT US
      Security as it is today – bringing security issues from protecting our communities, ports and cities to evolving threats to you in realtime – today’s real threats
      Online Payments
      Contact us: twaitt@americansecuritytoday.com
      FOLLOW US
      © Copyright 2017 - AST
      MORE STORIES
      Ben Smith, CTO with Netwitness, explains How Distributed Workforces and Decentralized Security Policies Leave Government Networks Vulnerable sase

      Learn How SASE Adoption Today – Can Resolve Tomorrow’s Threats

      June 10, 2023
      RADDOG 2LE offers law enforcement agencies an exceptional combination of advanced performance features and remarkable affordability.

      RAD Unleashes RADDOG the New Robotic Dog for Law Enforcement

      June 9, 2023
      D.C. Air National Guard F-16s were scrambled on Sunday from Maryland -- causing a sonic boom heard throughout large portions of Washington, D.C., and the surrounding area -- to investigate what the North American Aerospace Defense Command called an "unresponsive" Cessna business jet that had entered a restricted area over the nation's capital and ultimately crashed into a forest area of southwest Virginia. (Courtesy of YouTube)

      DC Sonic Boom: What Happened with Crashed Plane over Nation’s Capital

      June 6, 2023