Interpol, along with several private sector companies, announced the identification of 9,000 command and control (C2) servers. In addition to the C2 Servers, they also found close to 360 websites infected with malware via an exploit in the website design application. Many of the websites, they announced, were government sites.
Interpol operated out of the Interpol Global Complex for Innovation (IGCI). There, cybercrime investigators throughout the ASEAN region came together and shared cyber intelligence. Among the countries involved were Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam. China provided support as well. From the private sector, Interpol received assistance from Trend Micro, the Booz Allen Hamilton, Kaspersky Lab, Cyber Defense Institute, British Telecom, Fortinet and Palo Alto Networks.
“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” IGCI Executive Director Noboru Nakatani said. “Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime,” he added. Other department heads agreed that this operation demonstrated the efficacy of a well-oiled relationship between both the private sector and public arena.
The private sector data, in conjunction with information from Interpol’s Cyber Fusion Center, developed actionable sources of information packages. The Cyber Fusion Center produced 23 Cyber Activity Reports. The reports spanned from information on breached websites to “phishing kits via the Darknet.” One such kit, they explained, surfaced on YouTube; the darknet vendor uploaded how-to videos for customers.
Among the 270 infected websites, several government websites leaked or may have leaked personal citizen data. Phishing operations were also discovered by the task force and many operators identified. The press release noted some phishing sites had links to Nigeria. Many of those investigations are in process, they added. Another example that made enough of an impact to headline the announcement was that of an Indonesian darknet vendor who sold phishing kits on darknet marketplaces. They, however, spoke majorly of the C2 servers found spanned across eight countries.
The discovered malware ranged from financial trojans, ransomware, Distributed Denial of Service (DDoS) attacks, and all the way to spam schemes. Chief Superintendent Francis Chan, Chairman of the Eurasian cybercrime group and Head of the Hong Kong Police Force’s cyber crime unit said that “For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries.” He added that “[the operation] also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations.”
Trend Micro’s cybersecurity spokesperson announced that the greatest concerns originate from the so-called “criminal underground.” He explained that “what is needed is a global cybersecurity strategy that leverages the power of public-private partnerships to disrupt, degrade and deny cybercriminals’ freedom of movement and the ability to monetize their attacks.”
Interpol made the message clear: that criminal investigation ensued. Countries investigated the crimes within their borders—with Interpol assistance in some cases. The benefit to the aforementioned partnerships continued to show progress they said. Both the private and public sectors spoke to a partnership looking forward and expected to see a positive change in law enforcement’s ability to handle cybercriminals in the near future.