By Joseph Menn
WASHINGTON (Reuters) - Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.
Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.
A spokesman for the Russian Interior Ministry’s cybercrime unit said his department was not involved in the case. The FSB, Russia’s main intelligence service, said it had no immediate comment.
Nikolay Volchkov, the chief executive of the film company named 25th Floor, said he could not answer questions about the raid.
Without an official confirmation, much remains a mystery. Reuters could not determine a direct link between the program’s shutdown and the raid.
The sources said that a number of people were questioned by the authorities but Reuters was unable to ascertain further details, including whether there were arrests or criminal charges. Reuters has no evidence that Volchkov or the film company is implicated in any wrongdoing and couldn't determine precisely who is.
Hackers targeting Western financial institutions and individuals are rarely punished in Russia. Consequently, the November raid is seen as potentially a landmark event by Western cyber-crime watchers.
The Dyre hackers used a range of tricks to insert sophisticated computer code into consumer Web browsers to manipulate communications between those customers and more than 400 financial institutions, according to analysts at Dell SecureWorks. IBM said it was the most pervasive financial theft software hitting its customers last year.
But then Dyre stopped spreading, banking and security experts said. “We have seen a disruption over the last few months that is definitely consistent with successful law enforcement action,” said cybercrime expert John Miller of U.S.-based security firm iSight Partners, who had no knowledge of specific arrests.
The Dyre investigation in Russia is being aided by Kaspersky Lab, a top cyber-security firm. A person close to the company said it would reveal details about the case at its annual conference for security experts starting Sunday. Kaspersky declined to comment on its conference plans.
Adding further intrigue to the November raid is that 25th Floor is in the midst of producing a film called Botnet, a cyber-crime thriller loosely based on a 2010 case in which 37 people in the United States and elsewhere were charged in a $3 million scam.
Prosecutors in the 2010 case touted the bust as a big win against organized cybercrime. Tabloid media outlets loved the story, especially as photos circulated of one of the suspects, a blue-eyed Russian brunette named Kristina Svechinskaya, who was referred to by The Sun newspaper in Britain as “the world’s sexiest hacker.”
However, most of the people charged were lower-level in the scam and the key figures were never named, let alone arrested.
The hackers used a variant of the then-top program for hijacking bank accounts, known as Zeus, which law enforcement sources say is related to the present-day Dyre.
Housed in a fashionable Moscow skyscraper, 25th Floor distributes movies and television shows in Russia and neighboring countries as well as producing some of its own. Last year’s distribution slate included “The Runner,” with Nicholas Cage, and this April it is slated to ship “Exposed,” a police corruption drama with Keanu Reeves.
Two people briefed on the November raid said it involved both 25th Floor's office and a related neighboring office.
In treatments for the movie version of the crime story seen by Reuters, the lead female character grows up poor in a Moscow housing complex, is lured into an imagined high life of New York hackers, and eventually gets arrested by the U.S. National Security Agency before turning on the worst of her criminal associates and walking free.
"HE WAS AFRAID"
Ilya Sachkov, chief executive of Group-IB, a Moscow-based computer security company, said his firm was hired by 25th Floor to advise the Botnet director and writers on the finer points of cybercrime.
Sachkov said he was initially approached at a security conference by Volchkov. “He asked if we would be interested in consulting with a scriptwriter they would hire in the United States,” Sachkov said.
Sachkov said he met with Volchkov about half-a-dozen times to discuss aspects of the plot.
Then, last November, Sachkov got an urgent call from Volchkov, saying he needed to meet.
“He was afraid. His color was totally white," said Sachkov. "He knows there is an ongoing investigation about cybercrime.”
Volchkov declined to comment on the events.
(This story has been refiled to add dropped word in 10th paragraph)
(Reporting by Joseph Menn in Washington; Additional reporting by Anastasia Teterevleva in Moscow; Editing by Jonathan Weber and Martin Howell)