2 capture Greek hacker for the development of Lecpetex malware

Statements for arrest by the Prosecutor's Office Electronic Crime two nationals – creators of the malware codenamed “Lecpetex”Which infected hundreds of thousands of computers worldwide

Press Representative Statements 

Good morning,

 The Electronic Crime Prosecution Directorate, through a systematic and in-depth investigation of many months, has succeeded in detecting illegal online action by two (2) nationals who created and used Cracking, the world-wide malware codenamed "Lecpetex ".

They are two citizens, aged 31 and 27, who were arrested with the car procedure, yesterday (2-7-2014) in the morning, in areas of Attica. A case file was filed against them, for setting up and participating in a criminal organization-gang, computer fraud, violation of computer privacy, as well as violation of the legislation for the protection of personal data.

In particular, the investigation of the case began with the appropriate use of online posts and information about the activity of Greek internet hackers who, in recent months, using malware (Lecpetex) had infringed a large number of computing systems, mainly via a social networking site social media.

The Public Prosecutors have been informed of the above, which have issued relevant Provisions and Bills to remove the confidentiality of communications. This was followed by a long, systematic - systematic digital web search by specially trained police officers of the Cybercrime Division, in which the criminal activity of the two detainees was identified and ascertained.

In particular, the digital investigation of the case revealed that the two involved were the creators of malware with the international code name "Lecpetex", which spread mainly through social media, infecting a large number of computing systems world-wide.

It is worth noting that the social networking site administrator to address the major malfunctions that this virus caused its computing systems has many times changed its privacy policy by introducing special security mechanisms for all its users, thus affecting the overall orderly functioning of its network.

These mechanisms have often managed to overcome the arrested, using advanced techniques and software, thus succeeding in attacking development mechanisms and systems not only on the specific social networking site but also on other online companies around the world, thus making it the virus, one of the world's most serious threats to malware.

The details of the action methodology and the details and details of the case will be presented to you by the Head of the Electronic Crime Investigation Division, Brigadier Emmanouil Sfakianakis.

Statements by Brigadier Emmanuel Sfakianakis

This is the most important case handled by Cybercrime Prosecution, with serious implications for the global computer system. We have managed to prevent a major threat to computer security, which has caused major problems for millions of internet users around the world.

In terms of their methodology, it consisted of sending personal messages to social media users who were attached to malware (Lecpetex) as an attachment. In this way, they were designed to trick users into opening the file, which then infected their computer.

It is noted that the perpetrators used - exploited the social networking site 's platform, as their malicious software, through its self - propagating ability, managed to infect all contacts - friends of the original attacking user by automatically sending them similar malware. In this way the number of infected computers was geometrically expanded globally.

Alternatively, the perpetrators shared malicious software using Peer 2 Peer's proprietary file sharing programs, through which they had free "broken" versions of popular games, songs, and movies to which malicious software had been attached. As a result, users downloading these files infect their computers.

According to an international investigation, the above illegal activity which is now observed in the majority of internet users and through which the users download games, software, songa, films, annually causes damage to their computer systems (PC, Laptop, etc.) which exceeds 1,5 billion euros and this is due to various malfunctions (damages) caused to their computer systems by the malicious software.

It is noted that there are a large number of Internet users who are tempted by the free downloading opportunities and are unaware of the potential risks and damages they may cause to their computing systems.

As it emerged from the development of the research, the perpetrators used the virus for specific self-sacrificing purposes, mainly concerning:

• Using the computing power of infected machines (hundreds of thousands) to generate virtual internet money (bitcoin mining). In particular, the malware, after its installation, used the infected computers to produce digital-virtual currencies (bitcoin) and
• In the interception of electronic wallets. Violence-perpetrators were banning electronic purses containing digital bitcoins and transferring them to other electronic purses that were under their control.

The online virtual coins collected by the perpetrators: a) promoted them to specialized mixing services through a dedicated network (TOR) in which internet users access only with the use of specialized software. In this way, the traces of the illicit profits derived from the production of bitcoins and the electronic purses that they had stolen were hidden, and (b) converted them into euro using the services of special electronic exchanges available on the internet, eventually collecting , illegal profits.

• In the interception of all kinds of passwords. In particular, with the use of the virus, he emailed passwords from emails and accounts of any kind (e-banking, Paypal, etc.) and registered them in a database. A typical example is the tapping by the perpetrators, an email address of the Ministry of Merchant Marine, in which the perpetrators gained access to its content.

It should be noted that, as a result of the development of the investigation, the perpetrators in the last period planned to develop their own money laundering service, with the mix of bitcoin mixing service they intended to make available through the TOR network.

In co-ordinated investigations carried out in the homes of the two nationals, in the presence of a Prosecutor, and in particular the control of their computers, they found:

• the source code of malware, which they used to infect victims' computer systems,
• the account they held in the bitcoin mixing service "bitcoin fog" (at the TOR address) to hide the traces of digital bitcoins,
• the account they maintained on the electronic exchange “Kraken” (at the address “www.kraken.com”) for the conversion of bitcoins in regular currency (e.g. euros), as well as the history of withdrawals from the service in question,
• a folder in which twenty-six thousand six hundred and ten (26.610) files were stored stranded by various internet user passwords from various services they used,
• folder in which 114 files were stored with underlying electronic wallets,
• sample of the source code they developed for the construction of their own digital virtual currency mixing service (bitcoin mixing service).

Seized digital testimonies will be sent to the Criminal Investigation Division for further screening, from which the computational systems under their control and the economic benefits they have acquired are expected to be accurate.

The two arrested in a case filed against them are brought to the Prosecutor's Office of Athens.

Detailed presentation of the case by the Chief of Electronic Crime Division, Brigadier Manolis Sfakianakis