The never-ending efforts of law enforcement, both here in the United States and across the world has led to the investigation and takedown of one of the largest cyber-Crime infrastructures, known as the Avalanche network. The dismantling began on November 30, 2016 when the Criminal Division’s Computer Crime and Intellectual Property Section, U.S. Attorney’s Office of the Western District of Pennsylvania, FBI’s Pittsburgh Division, the Public Prosecutor’s Office Verden, the Luneburg Police of Germany, Europol and Eurojust, and investigators and prosecutors from over 40 other countries joined together in a multi-national operation.

A four-year initiative to take down Avalanche was started by German law enforcement authorities when they noticed and uncovered an unprecedented number of phishing and spam malware being used on online banking.

Cybercrime on Avalanche network

The cyber-crime committed by the over 800,000 malicious domains using this network, which started in 2010 and had grown at a steady pace, was responsible for malware infecting over 500,000 computers on a daily basis. It was found that the Avalanche network offered two types of services to enable their cyber-criminal customers, namely registering domain names and redirecting, under a proxy, traffic through the network with a technique known as “fast flexing." Ransomware was heavily used to extort money in either cash or Bitcoins from victims, other malware was used to obtain victim ID information, credit card information, and over 40 major financial institutions banking credentials to illegally transfer funds or commit illegal money laundering schemes.

Network taken down

On Monday, December 5, 2016, Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division announced the final dismantling of more than 50 Avalanche network servers worldwide and the search and arrest of dozens in four different countries, marking the end of one cyber-crime infrastructure that will disrupt the entire criminal ecosystem. Unfortunately, this infrastructure has heavily invaded the privacy of millions and committed financial crimes globally.