Microsoft has teamed with federal law enforcement to disrupt the technology supporting a cybercrime ring that has drained funds from accounts at some of the nation's biggest banks.
The software giant and the FBI last month shuttered roughly 1,000 of about 1,460 connected computers that were allegedly used to steal more than $500 million from financial institutions over the past 18 months, the company announced last month. The network of so-called botnets known as Citadel infected as many as five million computers worldwide and facilitated thefts from a string of financial institutions. Using malware, the perpetrators were able to monitor and record account holders' keystrokes, which gave access to withdraw money from accounts or steal personal information, Microsoft said. Neither Microsoft nor the FBI specified the extent of losses at individual banks or accounts.
Representatives for Amex, Citi and Wells Fargo declined to comment. Amex cited the company's continuing work with law enforcement.
The perpetrators reportedly remain at large. The FBI reportedly is working with law enforcement officials abroad to apprehend suspects in what is described as a probe in its advanced stages.
The group's leader allegedly goes by the alias Aquabox but is otherwise unidentified, according to papers filed by Microsoft with the U.S. District Court in Charlotte.
"In our most aggressive botnet operation to date, the Microsoft Digital Crimes Unit worked with leaders of the financial services industry, other technology industry partners and the [FBI] to disrupt a massive cyber threat responsible for stealing people's online banking information and personal identities," Richard Boscovich, Microsoft's assistant general counsel for digital crimes, wrote on the company's blog. "Due to Citadel's size and complexity, we do not expect to fully take out all of the botnets in the world using the Citadel malware," Boscovich added. "However, we do expect that this action will significantly disrupt Citadel's operation, helping quickly release victims from the threat and making it riskier and more costly for the cybercriminals to continue doing business."
The scheme is thought to be directed from Eastern Europe