Partnership between different national intelligence groups and private security firms will target key systems behind virus’ operation
The National Crime Agency (NCA) has pooled together the resources of various national law enforcement bodies and private sector organisations as part of a collaboration to combat the Shylock Trojan virus. The partnership strategy is claimed to be a first for a UK-based law enforcement organisation.
To target the malicious Shylock software, used by criminals to steal from bank accounts, the NCA has announced it is working with international organisations such as Europol, the US Federal Bureau of Investigation (FBI) and the German Federal Police (BKA).
Private companies including BAE Systems Applied Intelligence, Dell SecureWorks and Kaspersky Lab will also be involved in efforts to tackle the virus, which is estimated to have infected at least 30,000 computers around the world running the Windows operating system.
The NCA said Shylock – named after a character in William Shakespeare’s ‘The Merchant of Venice’ due to code within the malware containing excerpts from the play – is believed to have targeted more computers in the UK than any other nation, according to intelligence.
Developers of the malware are suspected of being based outside the country, the NCA added.
An NCA spokesperson said the malware is designed to target individual systems security weaknesses rather than the IT of larger organisations, but called on public sector workers to be vigilant at an individual and organisational level of the virus’ threat.
Shylock is typically downloaded onto systems where users unwittingly click on malicious links without realising their system may be compromised. Once downloaded, the malware works to access funds from business or personal accounts and transfers them to criminal controllers.
The NCA, alongside the UK’s intelligence agency GCHQ, will be taking part in global efforts to disrupt systems vital to Shylock’s operation, such as by seizing servers forming the command and control system for the virus. The collaboration will also be focused on tackling domains Shylock uses to communicate between infected computers.
According to the NCA, the collaboration is being coordinated from Europol’s European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI and other counterparts in the Netherlands, Turkey and Italy will each be working from their respective countries in collaboration with Germany, Poland and France to target the virus.
Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit said of the collaboration, “the NCA is coordinating an international response to a cyber crime threat to businesses and individuals around the world.
“This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK.
“We continue to urge everybody to ensure their operating systems and security software are up to date.”
Europol’s EC3 head Troels Oerting meanwhile welcomed international collaboration on trying to tackle the infrastructure behind such “sophisticated malware”.
“EC3 has provided a unique platform and operational rooms equipped with state-of-the-art technical infrastructure and secure communication means, as well as cyber analysts and cyber experts,” Oerting has said.
Plymouth Malware & Virus Support