In a series of simultaneous actions around the world on April 9, 10 command and control servers were seized in Netherlands, with additional servers taken down in the US, Russia, Luxembourg and Poland.
Microsoft’s Digital Crimes Unit provided forensic intelligence to INTERPOL and other partners after its big data analysis found a sharp increase in Simda infections around the world.
The INTERPOL Digital Crime Center (IDCC) at IGCI worked with Microsoft, Kaspersky Lab, Trend Micro and Japan’s Cyber Defense Institute to perform additional analysis of the Simda botnet resulting in a "heat map’ showing the spread of the infections globally, and the location of the command and control servers.
Simda was used by cyber criminals to gain remote access to computers enabling the theft of personal details, including banking passwords as well as to install and spread other malicious malware.
The majority of computer owners will be unaware their machine has been infected and are advised to check their machines and run a broad spectrum anti-virus software. Microsoft has released a remedy to clean and restore an infected computer’s defenses which has also been provided to Computer Emergency Response Teams and Internet Service Providers for their customers to clean infected computers and keep people safe online.
Active for several years, Simda had been increasingly refined to exploit any vulnerability, with new and more difficult to detect versions being generated and distributed every few hours. It has been used for crimes against citizens, financial institutions and the Internet itself, catching andredirecting traffic.
In the first two months of 2015, 90,000 new infections were detected in the US alone. The Simda botnet has been seen in more than 190 countries, with the worst affected including the US, UK, Turkey, Canada and Russia.
Sanjay Virmani, IDCC director, said the joint operation has dealt a significant blow to the Simda botnet. Intelligence is now being gathered in order to identify the actors behind the botnet who had applied a business model to their criminal activities, charging "users" per successful malware installation.
The operation involved officers from the Dutch National High Tech Crime Unit in the Netherlands, FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by INTERPOL’S National Central Bureau in Moscow.
The results of the operation were announced at the official opening of the INTERPOL Global Complex for Innovation. The state-of-the-art complex will provide the world police body’s 190 member countries with a cutting-edge research and development facility for the identification of crimes and criminals, innovative training, operational support and partnerships.
In addition to cybercrime and capacity building and training, IGCI’s Command and Coordination Center operations room recently coordinated its first border security initiative, Operation Sunbird, leading to the arrest of international fugitives attempting to travel across South East Asia.
During Operation Sunbird in March which focused on identifying wanted criminals, police and immigration authorities in nine Asian countries screened passports at land, air and sea border points against INTERPOL’s databases, including its Stolen and Lost Travel Documents (SLTD) database.
More than 500,000 searches were conducted during the operation, resulting in 16 "hits" on passports in the SLTD database and identifying two individuals who were subjects of INTERPOL Red Notices for wanted persons.
Michael O’Connell, INTERPOL’s Director of Operational Police Support, underlined the crucial need for countries to implement strong security measures at all their border points to enhance internal and international security.
“Countries can better ensure the safety of their citizens if they can prevent dangerous people from passing through their borders," O’Connell said. "Operations such as these are therefore essential to ensuring local border authorities have the necessary skills and knowledge to effectively secure and manage their international frontiers."
The operation, conducted under the umbrella of INTERPOL’s Integrated Border Management Task Force, was coordinated by INTERPOL’s Command and Coordination Center operations room at IGCI, which provided real-time support including information exchange amongst the participating countries.
Based on information exchanged during the operation, two additional wanted persons were located in the Philippines and a third was arrested in Europe.
“This exercise is just the beginning of a sustainable effort by us to combat terrorism and other transnational crimes, and I encourage all countries to fully utilize the tools and services readily provided by INTERPOL,” said the executive director of the ASEANAPOL Secretariat, Pengiran Dato Paduka Hj. Abdul Wahab Pg. Hj. Omar.
Operation Sunbird was the culmination of a year-long INTERPOL training program on improving investigation capabilities in the region. Supported by Canada, the program involved more than 100 law enforcement officers in the region receiving specialized training in forensics, investigative skills and using INTERPOL’s global tools and services to prevent and combat terrorism.
Countries participating in Operation Sunbird were Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Thailand and Vietnam. Additionally, representatives from ASEANAPOL, INTERPOL’s National Central Bureau in Canada and the Singapore Immigration Checkpoint Authority observed the operation.