Google yesterday launched legal action against two people they claim are behind a prolific botnet known as Glupteba, and took action to remove the botnet from its platforms. The moves come hot on the heels of Microsoft’s disruption of Chinese cyber-espionage group Nickel, and appear to be part of a push from the US government to involve Big Tech in its cybersecurity initiatives. Experts have welcomed this collaboration, but call for ‘agreed-upon rules’ to ensure accountability.
What is Glupteba?
Glupteba is a botnet that targets Windows machines to steal credentials and cookies, and to mine cryptocurrencies on infected hosts and IoT devices, and is thought to have infected more than one million devices around the world. Botnets are an increasingly common vector of attack, and are often deployed against targets in financial services.
Google has launched litigation against two people – Russian nationals Dmitry Starovikov and Alexander Filippov – who it says have “silently infiltrated more than a million computers and other devices around the globe to create a network – the Glupteba ‘botnet’ – to use for illicit purposes, including the theft and unauthorized use of Google users’ login and account information.” Google is seeking damages from the duo, as well as an order permanently banning them from accessing Google services.
Google’s threat analysis group TAG observed thousands of instances of malicious activity per day from the botnet for some time before terminating about 63m Google docs observed to have distributed Glupteba, as well 1,183 Google accounts, 908 cloud projects and 870 Google ads associated with its distribution.
Big Tech's growing role in cyber defence
Google is not alone in striking back against cybercriminals. Earlier this week Microsoft’s digital crimes unit (DCU) disrupted the activities of a Chinese hacking group known as Nickel by seizing websites the threat actors were using to spy on 28 countries, including the US. This is not the first instance of Microsoft taking action against cybercriminals. In fact, according to a blog post released by the company, the DCU has taken down more than 10,000 websites being used by criminal gangs across five countries.
Meanwhile, last month Apple announced it was suing Israeli company NSO, claiming its spyware has been used to monitor users of iPhones and other Apple devices. NSO's software has allegedly been used being by governments to target journalists, activists, dissidents and academics. “The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place," said Apple's head of security engineering and architecture Ivan Krstić.
Big Tech and cybercrime: is activity ramping up?
Big Tech companies, with their substantial resources and capabilities, have always played an active role in cybersecurity, explains James Sullivan, head of cyber research at the Royal United Services Institute (RUSI). “There are countless examples over the past decade of coordinated infrastructure take-down operations led by law enforcement and supported by the private sector,” he says.
But activity has ramped up recently. On Monday, senior US government officials met in Silicon Valley with leading tech and cybersecurity companies as part of a push to increase national cybersecurity for the US against external cyber threats, reports Politico. Homeland security secretary Alejandro Mayorkas said that the meeting was about “taking a spirit of partnership and moving into actual operational collaboration”.
In August, US president Joe Biden hosted executives from companies including Apple, Google, Microsoft, IBM and Amazon at a summit arranged in the wake of several high-profile ransomware attacks such as the Colonial Pipeline breach. Each of the companies involved resolved to put time and money into bolstering cyber defences against external, global cyber threats.
Cooperation of this kind between the government and the private sector is vital to conquering cybercrime, says David Carroll, managing director of cybersecurity company Nominet. “Following a year where we saw major breaches and ransomware attacks targeting critical national infrastructure, it’s clear that a step change is needed in cyber defence," Carroll says. “Government intervention and close public-private partnerships are the way to do this. Above all, these latest initiatives set a powerful precedent, demonstrating the bold and necessary steps needed for us to rise to the challenge and create a more secure society – the gloves are well and truly off.”
Cybersecurity interventions benefit Big Tech
By boosting national security when it comes to cybercrime, Big Tech companies can also improve their own business prospects, says Topher Tebow, cybersecurity analyst at security company Acronis. “It’s incredibly difficult to run a business on a battlefield, so Big Tech has a vested interest in preventing the internet from becoming inhospitable to business," he says. "Very simply, taking down cybercriminals is a business requirement at that scale.”
However, this blending of public and private sector interests raises questions of accountability, Sullivan argues. “There are still questions to answer about how these types of public-private partnerships work in practice, including how the private sector could develop future capabilities and how private organisations operate across multiple jurisdictions,” he says. “Ensuring these operations adhere to some agreed-upon principles regarding laws, ethics, oversight and public consent is critical.”