On Wednesday, the Spanish national police announced that the suspected developer of the BKA trojan had been arrested in Dubai, and that 10 further suspects in connection with the online fraud have been apprehended in Spain. According to the announcement, a 27-year-old Russian national is responsible for the trojan’s technology and also handled the deployment of the malware. The group that was arrested by the Spanish police consists of six Russian, two Ukrainian and two Georgian nationals, and is thought to have used the trojan to extort around €1 million (approximately £ 860,000) per year.
During operation “Ransom”, the Spanish policeco-operated with the international Europol and Interpol agencies. According to the German dpa press agency, the suspected developer of the trojan was arrested while on holiday in Dubai in December and is due to be deported to Spain. As well as making the arrests, the police also reportedly searched six houses in Spain; they said that, during these searches, equipment used for criminal activities by the group was seized.
The police reported that, in addition to the equipment, they seized material that the group had used to gain access to the extorted money, for example credit cards that were used to transfer the ransom money from the Ukash, Paysafecard and MoneyPak services. Just before they were apprehended, the suspects apparently used a further 200 credit cards to withdraw €26,000 that was due to be sent to Russia. The group is believed to have laundered the money in various different ways, for example via online gaming portals and virtual currencies. Eventually, the money always ended up in Russia, according to the police.
One version of the BKA trojan that was used in Spain
Source: Ministerio del Interior
The BKA trojan, known as “el virus de la Policía” in Spain, blocks its victims’ computers and demands that a fine be paid for the computer to be unlocked. Since May 2011, when the trojan was first sighted in the country, more than 1,200 complaints have reportedly been filed in Spain alone; in Germany, the investigating public prosecution department in Göttingen announced in 2012 that more than 20,000 complaints had been filed. The number of unrecorded cases is believed to be far higher. The Spanish police estimate that millions of computers have been infected worldwide.
However, the operation has most likely not fully eliminated the threat that is posed by the BKA trojan. The profitable business model has been emulated by many criminal gangs, and a suitable malware toolkit was available to purchase in underground circles in 2012. The Spanish police also pointed out that the group that was based on the Costa del Sol was only one of several groups involved.