Nearly 9,000 computer servers based in southeast Asia are infected with or currently dispensing malware, according to a newly unveiled Interpol-led operation heavily supported by multiple private sector cybersecurity firms and domestic law enforcement agencies.
Hundreds of compromised websites popularly used in Southeast Asia — including regional government portals — also were identified as under the control of hackers, Interpol announced Monday.
The news underscores an increasingly international effort between national law enforcement agencies and the broader digital defense industry to collaborate on cybercrime fighting operations. An assistant attorney general for the Justice Department’s Criminal Division, Leslie Caldwell, said last year that the FBI would need to rely on foreign help to stop hackers in the future.
“Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime,” Noboru Nakatani, the executive director for Interpol Global Complex for Innovation, said in a statement.
Interpol compiled and provided individual “Cyber Activity Reports” to the governments of Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. The reports contain actionable recommendations to curb cybercrime, but there is no legal framework to compel countries to follow the guidance.
Interpol said several companies contributed to the investigation, including Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks.
Among the roughly 9,000 infected servers, Interpol found hoards of zombie computers preconfigured to launch phishing email scams, ransomware-style viruses, distributed denial of service-style attacks and targeted intrusions into financial institutions. The investigation into who originally hacked into these computers and what their motives are continues.
“For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries,” said Chairman of Interpol’s Eurasian cybercrime working group Superintendent Francis Chan in a statement. “It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations.”
Interpol is calling the operation an example for how law enforcement can proactively investigate vulnerabilities before victims report damages.