ATLANTA — The FBI has busted what agents describe as a massive, worldwide band of cybercriminals who were hacking into personal bank accounts and anything else online that people want to keep private.
That FBI investigation is now providing Georgia prosecutors with leads, to go after alleged cybercriminals operating here who are possibly connected to the international case.
“It’s a very big thing that just happened in the last 24 to 48 hours,” said Kunal Anand, speaking of the FBI’s global bust.
Anand is chief technology officer for the cybersecurity firm Imperva.
He told 11Alive on Wednesday that for the past four to five years, the alleged cybercriminals who have just been arrested were buying and selling the personal data of millions of people, data that was accessible because of malware infecting the victims' personal computers.
The cybercriminals, according to the FBI, were running an actual marketplace of all of that stolen data, called the Genesis Market, which the FBI has just been able to shut down.
The stolen data allowed online crooks to assume the identities of the malware victims, and log into personal sites such as their banks, which couldn’t tell who was really logging in.
“They think it's you when in reality it's the attacker,” Anand said. “These arrests will not change the fact that you may have malware still” on your personal computers. “They won't change the fact that those credentials (and all your personal information) are somewhere out there.”
That amounts to easy pickings for cybercriminals who haven’t been caught, yet.
“I could empty out a bank account. I can empty out a savings account. I could empty out a retirement account,” said Dr. Andy Green, referring to the cybercriminals’ targets.
Dr. Green, cybersecurity expert and Assistant Professor of Information Security at Kennesaw State University, applauds the FBI for the arrests.
And he’s glad that the Georgia Attorney General is now going after cybercriminals who may still be operating out of Georgia.
Because otherwise, Green said, “Somebody will fill that vacuum, and before too much longer there will be another criminal actor group that will engage in the same behaviors.... There’s money to be made there. And so criminals will engage in that behavior to try and capitalize on that.”
Installing and using antivirus software on personal computers, Green and Anand said, is one of the important ways to beat the cybercriminals.
And Georgia Attorney General Chris Carr said people can check if their computers have been compromised by going to a website called, I Have Been Pwned.
After typing in your email address, you can instantly see if there are any threats on your computer, and if they're there, find out how to remove them and block them in the future—including by signing up for a password manager, and by using double authentication, not a password alone, to thwart the cybercriminals.
“They don't have the ability to get the one-time token that's being sent to you either by SMS or via your authenticator apps,” Green said. “99 times out of 100, that's going to protect you from a successful attack.”