Libsyn: https://sites.libsyn.com/488183/episode-4-game-over-zeus-slaviks-cybercrime-dark-tale
YouTube: https://youtu.be/RbBthjIFMc0
Rumble: https://rumble.com/v3vrdag-episode-4-game-over-zeus-slaviks-cybercrime-dark-tale.html
In today’s hyper-connected world, where threats lurk in every corner of the digital space, safeguarding your online presence is not just a choice but a necessity. Enter the realm of Affordable VPN Services—your digital shield against the onslaught of cyber threats. And when it comes to protecting your data without breaking the bank, SaferNet VPN stands out as the paragon of both security and economy.
Imagine you’re settling in for another episode of “Digital Desperados,” ready to dive into the chilling realities of cybercrime. But before we unravel the dark tales from the web, let’s talk about how SaferNet VPN fortifies your online safety without imposing hefty costs. With SaferNet, you’re not just purchasing a VPN; you’re investing in peace of mind for your business and family. Affordable VPN Services are no longer a thing of the past, but a practical reality with SaferNet, where comprehensive cybersecurity meets user-friendly budgets.
Whether you’re a small business owner stretching every dollar, a family safeguarding their online activities, or a remote employee fortifying their digital workspace, SaferNet’s VPN service offers a cost-effective solution to your cybersecurity woes. No need to compromise on quality when you can have top-tier protection at a price that respects your finances.
Now, let’s gear up to explore the eerie pathways of the internet with our hosts, where the stakes are high, and the dangers are real. But remember, with SaferNet’s Affordable VPN Services, you’re never alone in the fight against cybercrime.
JIm: Welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy is here today to tell us our dark tales. He’s joined today by Brad Hawkins, founder and CEO of SaferNet VPN.
I’m Jim Brangenberg, and I’ll serve as your story guide. And remember, this podcast is brought to you by SaferNet VPN. Every time you go online, your heart and soul are under attack. Secure your mission field with the safer net VPN, whatever that mission field may look like simplified cyber security for I’m going to stop for a second.
I didn’t mean to have that mission field line in there. Sorry. I forgot about that. We’re going to start over the show again in five. I’m allowed to make one mistake a year. There you go. That’s my mistake. Here we go. And five, four, three, two, one. Welcome to the Digital Desperados Podcast featuring Dark Tales from the Web.
Patrick McMurphy is here today to tell us our dark tale. He’s joined by Brad Hawkins, founder and CEO of SaferNet. VPN. I’m Jim Brangenberg and I’ll serve as your story guide. This podcast is brought to you by SaferNet, online at safernet. com. You know, every time you go online, your heart and soul are under attack.
Simplified cybersecurity for businesses and families is available. That’s safer net VPN. Explore VPN Internet controls and virus protection in one app. Keep distractions at bay with 84 website filters. Stay safe and productive. Get secured now. Sign [email protected]. That’s safer net.com. So Patrick, what Dark Tale you telling us today?
Patrick: Well, today, Jim, I want to talk about a man called Evgeny Mikhailovich Bogachev, also known as Slavik. I cannot believe I got his name pronounced correctly on the first try there, but, like we would know?
JIm: Like we would know.
Patrick: That was awesome. I could have just said anything, actually. Yeah, I’ll keep that in mind for the next Russian we find.
So, Slavik, also known as Slavik. So, Slavik is really known in history as the botnet mastermind, so… David Hickton, who’s a former US attorney in
Pittsburgh, calls Slavik the most prophilic, most dangerous, and most notorious cybercriminal in history. So, Slavik is born in Russia. More than likely, he was born in a town called Anapa, which he currently resides in.
Anapa is a tourist town on the Black Sea. If you ever Google photos of it, it’s a gorgeous place. Now Slavik’s early life and even his early hacking career are really a mystery. His name first shows up in around 2010. The name was pretty big in hacking circles. He was running a modified version of the Zeus Banking Trojan.
Now you might remember Zeus from our first episode where we covered Yakubets, aka Aqua. The Zeus Banking Trojan was just the big name in banking malware at the time. Now in 2010 he actually announced he was retiring. Hackers will do this every so often. They say they’re retiring. What they really mean is that I’m, I’m getting too much heat, I’m going underground, and I’m probably going to be back in a year’s time with something better.
And lo and behold, 2011, Slavik shows back up in the scene with now, he has developed a more advanced and modified version of Zeus called Game Over Zeus, also just known as GOZ, G O Z. So, with Slavik coming back into work, he also brought with him a new hacking group called Business Club. And the Business Club were the, really the most high profile hackers at the time as members.
And so Slavik and this Business Club were about to wreak havoc with GOZ. But before we talk about what they did with GOZ, let’s, let’s talk about what GOZ can do. Alright, let’s, let’s do that. Yeah. Absolutely. So GoZ first infects a computer through phishing. We’ve talked about phishing again and again.
It’s just, it is so common. It is one of the best attack factors. The spam link is sent to a bogus website.
Brad: Patrick, Patrick, can you, can you just, I know, I know we’ve talked about it before, but just for anybody that’s listening, that’s brand new, just give a quick little definition or, or explanation of phishing.
Patrick: Yeah. So you get an email normally with some sense of urgency to us. Then, oh, you know, you need to click here, you need to pay a bill, or I don’t know, you have some outstanding charge, or something like that, some kind of, it gives the user some sense of urgency, and they click on the link, and usually…
Brad: I’ve gotten those before, and it’s amazing, because it looks just like a bill that I would have. That’s what amazes me. I mean, it’s, it’s… They, they do a little bit of homework to figure out how to make that work. So anyway,
JIm: I think the old reference behind phishing is that they get them hook, line, and sinker.
Patrick: That is it. That is it.
And so through these phishing links he sends he did something called driveway downloads. And that’s simply where if you click on that link and the browser loads the page, the file is actually directly loaded onto your computer. And so GoZ’s was basically deploying malware. Being deployed by these phishing links and drive, drive by downloads.
Now, unlike its predecessor, unlike ordinary Zeus, what GOZ did, it used a decentralized peer to peer system. And so what that really means is that GOZ is not being controlled from one place. It’s being controlled from several places at once. And then this makes it very resilient against takedown efforts.
And so when GOZ is deployed on a machine, it’s most simple function is to deploy Cryptolocker ransomware. And so ransomware, I’m sure you guys know, is when your computer effectively just locks up entirely and it says you have to send Bitcoin to this address and we’ll give you a decryption key. Now if this happened to you and you’re on an old computer, your best bet is just to toss the computer out the window.
If this happens to a business, you need those files. And a lot of times you’re in trouble. Yeah. And the particular brand that they use, Cryptolocker, that was the most advanced. Ransomware at that time.
JIm: So, so is this a, when, when the Zeus guys or the game over Zeus guys or the guys guys are then working with the Cryptolocker guys, is this like, you know, mass syndicate, is this like the mob of the internet?
They’re all working together to tear people apart. Or, I mean, Do they have to pay in CryptoLocker in order to be able to, you know, be able to use it?
Patrick: That’s exactly it. So what’s happening is that GoZ is going to the CryptoLocker distributors, buying licensing off them, and then getting their own branded version of CryptoLocker.
So when you get infected with CryptoLocker from GoZ, The guys guys are getting paid, but then in turn, they’re giving maybe 10 percent of the court to the guys who developed CryptoLocker in the first place.
JIm: So, so guys becomes an affiliate marketer for CryptoLocker and they’re, and they’re paying those franchise fee.
Brad: So, so basically they send out an email, that email gets clicked on and it looks like a legitimate bill, a legitimate some kind of an email, somebody in a business or, or at home or whatever it is, you click on it, see what it is. It downloads a software onto that, that device or possibly even that network.
And, and now they have control over turning allowing accessor. We’re not allowing access to that entire network or that computer. And then they can say, Hey, send out, you need to send me X dollars or X crypto or, or whatever it is, and I’ll release it. So, yeah, and, and it’s a simple, I mean, but, and, and, and nobody can hack it because they’re decentralized, meaning that they’ve got access to it from multiple different locations.
So they might shut down one, but they’re not going to get all of them. Am I understanding that correctly?
Patrick: Yep. Yep. That’s a hundred percent. The only thing is that this CryptoLocker, that was actually just the basic functionality of Guzz. That was just the smallest thing it can do. GoZ’s had a lot more, had a lot more.
JIm: How much worse can it be? Every, every law, every file on your entire computer locked up and you can’t do anything. You know, what’s incredible to me is the cyber criminals are trying to get into our computers all the time. We’ve got we’ve. Got to step in front of this. We’ve got to protect our businesses, our families with SaferNet.
Cybersecurity made simple for businesses and families. We got to enjoy the VPN within SaferNet, the internet controls, the virus protection, and the 84 web filters. that are for a focused online experience. That’s some of the safer net brings to the table. Your safety is our priority here at safer net gets secured.
Now sign up as safer net. com. That’s safer net. com. I did it for all of our business locations, our family locations. It has made such a huge difference. The other day I was traveling and I signed onto the hotel wifi and I wasn’t worried because I had safer net on my computer in this instance, this instance, Brad Hawkins, when.
The cyber criminals are trying to get me to click on some link that’s going to take me to some bad place is safer net going to help me?
Brad: Oh, absolutely. And that’s what that’s what’s so exciting about it is that you know, I was describing earlier about getting a phishing email. I have been tricked. Now I’m watching for this all the time, but I’ve been tricked and I have an electric company and I got an email from the electric company.
And I thought, I wonder what that is. And I click on it and safer net pops up and says, I don’t think you want to do this. And it just stopped me dead in my tracks. And I just had to laugh at myself thinking I was tricked. But yes, we will we have the ability to be able to stop those phishing attacks that are so surprising.
And they’re so stinking good at being able to fool you.
JIm: Is there a way to actually add the voice to that warning? Cause when I, I’ve gotten that warning a couple of times. Can it be, can we actually get the voice? Can you program it in there? I don’t think you want to do this.
Brad: Wouldn’t that be nice?
JIm: I’d be willing to record the voice if that’s what you want. I mean, I don’t think you want to do that.
All right. All right, Patrick. Let’s go back and let’s, so. They’ve got this beautiful partnership. International partnership with CryptoLocker. That’s just fantastic and not concerning at all.
Patrick: We haven’t even scratched the surface here on GOZ guys. So another thing GOZ could do was that it could spy, if it decided not to infect you with CryptoLocker, it would just spy on your computer activity, looking to steal banking credentials, which you might remember as one of the original Zeus’s main functions.
It did use a tiered system for tests. So this meant that smaller amounts were automatically siphoned off. It would just scan for banking details. automatically take money out. But for larger accounts, especially for businesses, this is where Slavic would get hands on with the approach and just to maximize the amount stolen.
And the glue that held all of this together with GoZ was that any device that was added to GoZ, whether it was being spied on or was used as it was crypto
lockered, it would be added to Slavic’s personal botnest network. So he, the users had no idea that this was occurring when they were added to a botnest.
It was the largest botnet of its time, with over 1 million computers infected. And so what Slavik did is that he would use his botnet to conduct DDOS attacks, basically as either a distraction during a theft or retaliation if he knew, you know, certain law enforcement agencies were looking at him. He would just take down all of their online resources in a couple of seconds.
Brad: So, so, Patrick, what do you mean by a botnet, his personal botnet network?
Patrick: So, what a botnet is, is, let’s say a computer is infected with a bot, something that would add it to a botnet. A botnet is simply just a network, a joint linked network of computers, all under the control of one master system. Often the person, the person, if a person has a device in a botnet, they’re not aware of it.
They just might seem like they have a slower connection or something like that. But the master system can then use all of all of the computers at once. So for example, if I had a million computers in my botnet and I targeted one web address and said, every all systems hit this web address at the same time, it’s gonna bring down the whole website.
So you can use that as a, as a weapon to take down really any organization that you have the web address for.
Brad: But he’s basically connecting all of the computers that he’s attacked. He’s connecting them all together to use the, the congruent. Group of computer technology to be able to use it as a weapon against, say, for example, NASA or, or government or whatever it is, it has that computer power to be able to attack.
Is that, is that, am I understanding that correct? Yeah, that is exactly it.
JIm: And you may not know you’re one of those part of the bot network until the FBI shows up at your front door and going, Hey, what are you doing? We checked your IP address. It’s coming from your house. And you’re like, what are you talking about?
Patrick: Exactly. And so during these early years, during the early 2010s, I should say guys stole over a hundred million dollars just in the U S and Dave Hickman, that attorney I was talking about was. that they actually stopped
counting at a hundred million and to quote him he says I really think the answer is he stole as much as you can count so this guy was just making bank with GoZ And him in the business club.
You can see why they’re called the business club now. They’re, you know, they know what they’re doing.
Brad: Well, they’ve connected all the business computers together into one. Exactly. Yeah.
Patrick: Better than any better, better than any system administrator I know, you know.
So the feds in the U. S. were doing, obviously, look, everything to stop them. They recruited anyone who could help, most notably Microsoft. And what Microsoft did here was they created honey pot computers. So they would intentionally get infected by GoZ. become a part of the botnet and then try to track the data and traffic within that botnet.
So they were effectively trying to reverse engineer the botnet while being inside it. They had no idea they, they knew who the business club was. They had no idea who Slavic was. They know, like, they didn’t know who the leader was. The feds also made another mistake, which we’ve, we’ve, which we’ve come across here before, which is that they made the mistake of asking Russia for help.
And so. Yeah, we, we see this time and time again. So Russia. immediately knew it was Slavic, went to Slavic, didn’t tell the U. S. and then recruited Slavic.
Brad: Well, how many times has Russia done that? I mean, that’s like the theme.
Patrick: Yeah, you don’t need to be a recruiter for them. They will find you if they need you and give you a job.
Brad: So we, we gave him a promotion.
Patrick: Yeah, exactly. Like he needed it. Yeah. And so an anonymous tip eventually made its way to the U. S. authorities. That informed the feds about tracking certain emails, which helped the feds identify Slavik as being the one in charge of the business club, even though it didn’t make a huge difference at this point.
And so they’re looking through Slavik’s kind of digital records. They found search queries from him about they were, he was trying to find information to compromise certain, compromise FBI agents. So this guy was deeply embedded in industrial espionage, or not industrial espionage, just espionage in general at this point.
So, the, basically the feds, Microsoft, a few other companies, including FireEye and Fox, it were able to track down most of the GoZ command servers so they could actually stop the botnet. Because of the, the original Microsoft 20 pots, you know, I told you it was decentralized. They found every network that was part, that was a kind of leader in that decentralized network and then caught them.
At the time. They also engineered something called decrypt CryptoLocker, which. If you had CryptoLocker infected on your computer, you could ask this company for their software and that would then release CryptoLocker from your computer. So they really took down Goz, or at least they thought they did because five weeks later, something emerged called New Goz.
And so, just to put this into perspective, today, New Goz still makes up 28 percent of all banking malware. And this is like, this is 10 years ago. Now it is, it is, that number falls frequently because there’s just newer malware coming out all the time. Now, and back to Slavik, Slavik, he’s working for, he’s still working for the Russians.
He’s shadowy, but the guy posts to social media non stop. You can actually find them online. He always, he’s showing off his huge apartment. He has a yacht. He goes on these luxury trips with his pet bobcat. And he’s always dressing in like leopard print with like, you know, huge chains and stuff.
Yeah, he’s still at large. The FBI have a 3 million bounty on his head, but he’s protected by the Russians. So, not much anyone can do.
Brad: He’s never been caught.
Patrick: No, no, he got the money and he’s living the life with his Bobcat now.
Brad: But he’s still doing his work under the protection of the Russians.
Patrick: Exactly, yes.
I’m still using New Cause. I’m sure he’s working on a new New Cause as well at the same time.
JIm: What motivation does he have though? If you took in a hundred million dollars in a year, why do you keep working? That’s what I’m trying to figure out. What keeps these guys going? Is it just, what do you think it is, Patrick?
Patrick: It’s got to be the thrill. And we’re going to see this with a later guy as well in the next episode. I think it’s the thrill and the intoxication of it. I mean, it’s the same, you know, it’s the same if you look at, we’ll say, I The big fighters like Conor McGregor, right? Conor McGregor could have retired about seven years ago and being a multimillionaire, but he keeps going back to the ring.
He doesn’t need to fight and he’s often losing, but he doesn’t need the money, but he’s going back probably for that thrill, you know, of that fight of being, you know, the guy who could, you know, annoy the FBI or something.
Brad: So, and I think sometimes it’s, it’s the fact that they can, I mean, it’s like, it’s like, you know, I, I can outsmart it.
And I know with the maybe younger. Hacker guys that, you know, they want to be able to do something big that hits the news so that they can just tell their, they may not even make any money on it, but they just want to be able to tell their buddies, Hey, man, that was me that I did that. Yeah, no, it’s just that, you know, that, that feed that you get to say, gosh, I just got to go to the next level.
Patrick: Yeah, exactly. That’s what it is. It’s a, it’s yeah. And they’re chasing that the whole time, I think.
JIm: Unbelievable. Just remember, you heard it here on the Digital Desperados podcast. And before we close out, you know, it’s just, it’s It’s just great to have an app controlling phone internet time. But how do you control time and access on your computer or tablet to for your family, for the people in your business?
SaferNet, that’s the answer. SaferNet can get it done. It’s SaferNet, it’s your shield against online threats. And it’s simplified cybersecurity for businesses and families. It just makes it so easy. Explore a VPN from SaferNet, which includes internet controls and virus protection and 84 website filters to secure your.
business place, your family place. Get secured now. Safer net. com. That’s safer net. com. The internet and everything digital definitely has a dark side with
many dark players, Slavic being one of them. It’s why you need safer net by your side. Don’t forget that. And for your own security and security, those you’d love and those you work with check out safer net.
dot com and get secured today. Till the next time, click only on the attachments or the links that you trust from those you trust and delete the rest and then empty your deleted or you may become the next victim of a digital desperado.
As we conclude another gripping episode of “Digital Desperados,” where the cyber threats are as real as they get, it’s time to take stock of our digital defenses. While the online world may be riddled with digital desperados lurking in the shadows, there’s a beacon of hope for the budget-conscious among us. SaferNet VPN’s Affordable VPN Services remind us that robust cybersecurity doesn’t have to come with an exorbitant price tag.
Today, we delved into the murky waters of internet crime, dissected the mechanics of malicious botnets, and learned about the cyber rogues of our era. But beyond the cautionary tales and the dark allure of cyber villainy, lies the empowering reality that SaferNet VPN is here to fortify your digital life. And it does so without demanding a treasure chest in return.
As you log off and step away from the podcast’s echoes, don’t leave your online safety to chance. Consider SaferNet’s Affordable VPN Services—a smart financial move and a strategic shield against the cyber onslaught. Whether it’s securing your business transactions, keeping your family’s online experiences safe, or ensuring your remote work is a fortress, SaferNet VPN is your steadfast ally.
Remember, in the fight against cybercrime, vigilance is paramount, but so is accessibility. SaferNet VPN is proud to provide that balance, wrapping top-notch security in a package that respects your budget.
Until our next digital adventure, stay safe, stay savvy, and stay secured with SaferNet VPN, where affordability meets security.