German police close down cracker forum
As our fellow heise Security German language web site reports, special internet investigators of Baden-Württemberg's (Landeskriminalamt, LKA) have closed down a forum for sharing malicious software. The codesoft.cc platform was used for selling password stealers and offered information about how to find and steal sensitive data and how to forge credit cards. The forum's admin and operator is said to have been a 22-year-old Swiss from the Canton of Lucerne, Switzerland, who reportedly also developed and sold the "Codesoft PW Stealer 0.5" malware under his nickname "tr1p0d".
Following a mutual assistance request by public prosecutors in Offenburg, Swiss criminal investigators searched the 22-year-old's flat on the 25th of February, 2009, and seized two PCs with several terabytes of storage capacity as well as comprehensive documentation. According to the LKA, the forum's user database "including all accessible contacts and users' IP addresses" was saved. These will now be examined. Traces of codesoft.cc are still to be found on the Blackhat forum.
The investigators had previously found illegally obtained data which had been sent by infected PCs and temporarily deposited in a "drop zone" on a German provider's server. The LKA's internet investigators analysed the accesses to this server and managed to identify two main suspects, a 25-year-old from the Ortenaukreis district and a 27-year-old from Lower Saxony. The two men are suspected to have infected more than 80,000 PCs worldwide with the "Codesoft PW Stealer" software since September 2008.
The Codesoft trojan collected users' sensitive data, such as user names and passwords from infected PCs. This illegally obtained information is then said to have been sold profitably via relevant internet forums. The LKA says that it is also investigating a currently unknown number of suspects, who allegedly used the stolen data for fraudulent internet purchases.
Graham Cluley of security specialist Sophos comments in his blog "Whether this investigation will act as a wake-up call to other internet forums that are playing with fire remains to be seen."
- Graham Cluley's blog
- Criminal Investigation Department home page of the Baden-Württemberg police.
- Original German language police announcement of the 4th of March