On December 1, an international law enforcement operation involving Europol, FBI, German law enforcement and others resulted in the dismantling of an international criminal infrastructure platform called ‘Avalanche.’ Avalanche was a content-delivery and management platform designed for the delivery of so called Bullet Proof Botnets, with more than 20 different malware families leveraging it to target victims in 30 countries. In doing so, this has been one of the most successful and impactful law enforcement actions against cybercrime in recent years.
Trend Micro was asked to help this operation by supplying clean up tools for those affected by the malware used in this case. These tools are available for free to victims via our online scanner found here: http://housecall.trendmicro.com/. We’d also like to congratulate all those involved in this long investigation for the work they put in and the results achieved.
This is just one example of Trend Micro’s continued commitment to assisting law enforcement in reducing the risk posed by cybercrime to everyday Internet users. In practice, this mission is demonstrated through Trend Micro’s international partnership with Interpol, a memorandum of understanding with NCA in the UK, longstanding representation on industry advisory boards for Europol, and directly liaising with law enforcement in many other countries around the world.
We have been involved in several successful arrests over the years. This includes the authors of the notorious SpyEye malware, the gang behind the DNS Changer botnet, the people behind underground services Refud.me and Cryptex Reborn, a lead scammer in Nigeria, as well as numerous ongoing cases.
I am often asked why we, as part of the private cybersecurity industry, partner with law enforcement. After all, as a business, what is in it for us? I find this very simple to explain – at Trend Micro, our corporate mission is “Making the world safe for exchanging digital information.” Note that while “customers” are a core value, that’s not specifically a part of the mission statement. That’s because the goal is bigger than protecting our customers alone, but protecting the exchange of ALL digital information. When you walk down an average street to a bank, you would not expect to be robbed on route. When you arrive home to your house, you would not expect to find the locks changed and a countdown to a fire bomb attached to the door. However, people face this level of insecurity and threats online every single day, and we don’t believe that should be the case.
No one organisation can tackle cybercrime alone. Not law enforcement, industry, governments or international bodies. Each accounts for some parts of the puzzle. Cybercrime is a unique breed of crime – in a traditional bank robbery things are more clear-cut. The location of the crime is evident, there is some degree of evidence available at the scene for law enforcement, and the attackers were at least in the jurisdiction at the time the crime was committed. In cybercrime, the attacker can be on the other side of the world, and bizarrely the majority of the useful evidence and intelligence will sit in the logs of various private companies – the hosting providers, ISPs, security companies and so on. Also, traditional laws are not designed for speedy collaboration across borders – and in these cases often the trail can go cold fast.
That’s why Trend Micro’s Forward Looking Threat Research team (FTR) in particular spends considerable energy actively collaborating with law enforcement to do our part to try to bridge those gaps. And our role in investigations goes beyond passively sharing data, but actively working with investigators to understand the attack and, whenever possible, attribute the attackers. Both sides of the equation can bring their unique skills to bear in a way that is greater than the sum of the parts. While formal agreements do exist, largely this relationship – like any successful one – is built on mutual trust.
While this activity makes many in our company very proud of the work we do, it does not always make its way into splashy press releases. However, we believe we must continue to do it, because, simply put, it’s the right thing to do. We also encourage others in the industry to collaborate similarly in whatever ways they can. Criminals have no issues communicating easily with each other to attack victims all around the world, so as defenders we should not start the battle with our hands tied either. Working together, I genuinely think we can make the world at least SAFER for exchanging digital information.