Skip to main content

Microsoft and FBI collaborate to take down $500 million 'Citadel' botnet ring

Microsoft and FBI collaborate to take down $500 million 'Citadel' botnet ring

Share this story

Microsoft in cooperation with the FBI took down the majority of the malicious computer networks that make up the "Citadel" botnet ring. A botnet is a network of compromised computers that are generally used to perform coordinated attacks against others. Citadel has infected as many as five million PCs around the world and over the past 18 months the networks are estimated to have stolen more than $500 million from bank accounts. According to Reuters, 1,000 of the estimated 1,400 Citadel botnets were taken down, while Microsoft itself says it managed to disrupt "more than 1,400" in a simultaneous operation. Microsoft doesn't expect that the takedowns will cripple Citadel completely, but believes it has significantly disrupted its operation.

Citadel apparently found its way onto computers through pirated versions on Windows, which were sold and distributed with the malware hidden inside. This isn't a new technique — many botnets originate in this fashion, including the Nitol botnet that Microsoft attacked last year in a similar operation. This week's effort, however, is the first time that the FBI and a private company have worked together in this way.

Microsoft believes Citadel comes from Eastern Europe

The FBI is working with authorities in over 80 countries to try and close the net on the people responsible for Citadel. Microsoft believes the main perpetrator is a hacker suspected to live in Eastern Europe. Citadel doesn't attack computers in the Ukraine and Russia, and Microsoft thinks its operators want to avoid provoking law enforcement officials in their home countries. It's filed a "John Doe" lawsuit in North Carolina identifying a hacker by the name of "Aquabox" as the chief creator and maintainer of Citadel.