NEWS FROM THE LAB - Friday, October 22, 2010

Mr. Anderson Pleads Guilty Posted by Mikko @ 19:16 GMT

m00p"Warpigs" from group "m00p" pleaded guilty today at the Southwark Crown Court in London.

We here at F-Secure are happy to get some closure on this long case, with which we've been working for a number of years.

This malware group produced several different malware families over several years. They were created for financial gain.

Our best regards to Scotland Yard, Police of Pori, and Central Criminal Police Finland.

Full statement from The Metropolitan Police follows.

An international operation into a network of computer virus writers has led to a Scottish man pleading guilty today (Friday 22 October).

A complex e-crime investigation by Metropolitan Police and the Finnish authorities was launched in 2006 into a highly organised group who were writing new computer viruses in order to avoid detection by anti-virus products.

They had been primarily targeting hundreds of UK businesses since 2005, and during this time tens of thousands of computers were infected across the globe.

The international conspiracy by members of the online m00p group (M - zero - zero - P) was to infect computers using viruses attached to unsolicited commercial e-mail (spam). Matthew Anderson was a key player in this, distributing millions of spam messages.

An operation was mounted by the MPS Police Central e-Crime Unit together with the Finnish National Bureau of Investigation (NBI Finland) and the Finnish Pori Police Department resulting in the arrest of three men on the 27 June 2006 in Suffolk, Scotland and Finland.

One of these men was Matthew Anderson, 33 years (DOB 17.10.77), a franchise manager, from Drummuir, Aberdeenshire. His role in the conspiracy was to manage the operation by composing the emails and distributing them with virus attachments.

A number of computers were seized at residential addresses in both countries in addition to the suspects' servers as part of the investigation.

The computer viruses were found to run in the background on an infected computer without the knowledge of the computer's owner, but allowed
Anderson to access private and commercial data stored on the computers.

DC Bob Burls, from the Police Central e-Crime Unit, said:

"This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals. Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes.

"The internet means criminals have increased opportunities to commit crime internationally, however I'd like to reassure the public that the international law enforcement and anti-virus companies response is increasingly sophisticated. As this case shows, criminals can't hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve."

Anderson was able to use the control he had on his victims' computers to activate their webcams, effectively spying on them in their home environment, normally without their knowledge. Police established this during the investigation when they found screen grabs on Anderson's computers taken from other people's webcams as well as copies of private documents such as wills, medical reports, CVs, password lists and private photographs.

Online Anderson used the profile names of aobuluz and warpigs. He operated his illegal enterprise behind the front of an online business offering computer security software called Optom Security.

Anderson pleaded guilty at Southwark Crown Court to:

Causing unauthorised modification to the content of computers, contrary to section 3 of the Computer Misuse Act 1990.

Specifically that:

Matthew ANDERSON between the 1st day of September 2005 and the 27th day of June 2006, together with Artturi Alm and other persons, caused unauthorised modifications to the contents of computers, with intent to cause such modifications, and by so doing to impair their operation and/or to impair the operation of any computer programs or the reliability of computer data.

+ Counts of acquiring criminal property and money laundering were left to lie on file.

He will be sentenced on 22 November.

Two other men were previously arrested as part of the investigation. One was released with no further action. The other Artturi Alm pleaded guilty in Finland in 2008 and received a custodial sentence (18 days) and a community service order.