Citadel believed to have stolen more than half a billion dollars in just 18 months

From Thomas Escritt and Jim Finkle, Reuters:  Europol said a global effort led by Microsoft Corp to stop one of the world’s biggest cybercrime rings has succeeded in wiping out the malicious computer networks that the gang used, known as the Citadel Botnets.

Microsoft’s Digital Crimes Unit, with help from authorities in more than 80 countries, on Wednesday cut off the servers controlling as many as 5 million infected PCs that belonged to the Citadel cyber crime operation, which is believed to have stolen more than $500 million from bank accounts over the past 18 months. 

"Basically the Citadel bug is now clean," Troels Oerting, head of Europol’s European Cybercrime Center, said on Thursday. . . .

Citadel was used against dozens of financial institutions by stealing passwords with key logging software. The victims include American Express, Bank of America, Citigroup, Credit Suisse, eBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, Microsoft said. . . . 

Microsoft said in its court filing that it suspects the developer of the Citadel software, who goes by the alias Aquabox, lives in eastern Europe and works with at least 81 "herders," who may be running the bots from anywhere in the world. 

The Citadel software is programmed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.  (graphic: Kacper Pempel/Reuters)