CRTC Serves First-Ever Warrant in Botnet Takedown

1 February 2016

In an effort to augment its arsenal against cybercrime, the federal government passed anti-spam legislation (CASL) in July 2014 that gave the CRTC new powers over the internet. This December, the telecoms regulator exercised those powers for the first time, serving a warrant to take down a Toronto-based malware server as part of a coordinated international effort.

The CRTC said the Toronto server acted as a command-and-control point for the Win32/Dorkbot malware, one of the most widely distributed family of computer worms that had infected more than 1 million personal computers in over 190 countries.

Dorkbot infiltrates computers through USB flash drives, social networks and social messaging programs, and can steal usernames and passwords by watching users’ internet activity, putting them at risk of identity theft.

The malware can also download and install other dangerous malware and can even join other infected devices in organized attempts to overwhelm specific servers with a flood of simultaneous requests. One such attack took down federal government email systems and the websites of several major departments in June, according to Huffington Post Canada. All of the above actions can be orchestrated remotely from command-and-control centers like the one officials disrupted on December 3.

The move was part of a coordinated effort between Canadian authorities, including the Royal Canadian Mounted Police (RCMP), Public Safety Canada and the Canadian Cyber Incident Response Centre, overseas law enforcement, including Interpol and the U.S. Federal Bureau of Investigation, and Microsoft Inc.

“We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot,” said Manon Bombardier, CRTC Chief Compliance and Enforcement Officer, in a press release. “These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats. I am grateful the RCMP provided assistance in this matter.”

In the release, the agency also said it would not name the individuals or companies under investigation in relation to the warrant.

To keep their computers safe from malware like Dorkbot, Canadians should enlist the help of security software to make sure their information stays private and their hard drives remain intact. While these cybersecurity packages can go a long way toward protecting computers, simply installing them is not enough to secure a person’s information. After signing up for a computer security system, here are a few tips to help protect your digital data from being compromised:

  • Be sure to update your cybersecurity software regularly. Thieves adjust their tactics constantly to get around firewalls and security traps in order to access your personal identification information, so you need to be sure you are staying on top of the latest technology as much as they are. Automatic updates can help give you the most up-to-date protection from ID theft possible without having to be prompted.
  • Your desktop or laptop computer aren’t the only devices that are threatened by cybercriminals. Smartphones, gaming systems and other web-enabled technology can all benefit from virus protection.
  • USB devices or other external hardware that you plug into your computer could easily contain unknown malware or viruses that could compromise your identity. Before allowing any of the information to transfer from external hardware, make sure to have it scanned by your security program.
  • Malware can also be transmitted through hyperlinks. Avoid clicking on unexpected links in emails, especially from unfamiliar senders. If you are unsure whether an email is legitimate, give the company a call to confirm it was the sender.

To protect your identity beyond your cybersecurity software, consider signing up for a credit monitoring service. It can alert you to certain activity on your credit file that may indicate fraud, giving you the chance to freeze fraudsters out of your accounts.