Last month, the UK government was trumpeting its role in disrupting the GOZeuS malware, which has affected over 15,000 UK computers.
Computer users were told this work gave them a two-week window to identify weaknesses in their own systems and purge infected machines of malware.
Overall, it’s believed GOZeuS — together with its accompanying malware Crytolocker — was responsible for emptying bank accounts of £60m, worldwide. Russian hacker Evgeniy Bogachev is thought to be the brains behind the operation.
The malware itself is unknowingly distributed via email attachments or links that appear to be genuine. The software then monitors the files on your computer and — if you sign into online banking — can even access your financial accounts.
Sometimes, the malware will lock your computer and ask for a ransom to release your data. It’s extortion on an enormous, international scale.
David Cook, specialist in cybercrime at Pannone Solicitors, warns that although these pieces of malware may be tricky for law enforcement to control, the law around implementing malware is very clear:
“Sections 1 and 3 of the Computer Misuse Act 1990 criminalise unauthorised access to and modification of computer data. There is also clearly a blackmail offence involved as well.
“The computer misuse offence carries a maximum sentence of ten years’ imprisonment and the maximum for the blackmail offence is a custodial sentence of fourteen years”.
However, Bogachev’s whereabouts is reportedly unknown, so will he — or anyone — ever be held accountable for these crimes?
Well, the government is pledging to invest more cash into taking down malware and pursuing cyber-criminals across the globe. But with more than 10 million pieces of malware out there, tracing and prosecuting everyone involved is quite a task.
- How to choose security and anti-virus software
- Q&A: Using security software to protect your business
- How we coped when our business was hacked