The thing about being a criminal is there's always the risk of being caught or otherwise exposed. This applies to the life of a cyber criminal as well. To wit, Facebook has identified five men it believes are behind the Koobface worm designed to burrow into various social networks like Facebook and Twitter in search of login information to help spread its related botnet far and wide.
According to a report in The New York Times, the five men responsible, known as the 'Koobface gang,' have been hiding in plain sight in St. Petersburg, Russia, collecting millions of dollars in illegally obtained funds and living lavish lifestyles that include luxury vacations to places like Monte Carlo and Turkey. One of the members even regularly checks in with Foursquare.
Facebook and a group of investigators have identified the men as Anton Korotchenko ("KrotReal"), Stanislav Avdeyko ("leDed"), Svyatoslav E. Polichuck ("PsViat" and "PsychoMan"), Roman P. Koturbach ("PoMuc"), and Alexander Koltysehv ("Floppy"). The social networking site plans to share information about the gang at large, along with ways security researchers and other Internet companies can fight back.
The full story of how the Koobface gang was ultimately exposed is an interesting and lengthy one covered in detail by security firm Sophos. It's a 7-page read, but the Cliff Notes version is that a series of missteps and general carelessness led to their identification, along with a little bit of luck.
Based on data found in the botnet's command-and-control system, it's estimated that Koobface earned the men responsible at least $2 million annually for three and a half years, though the actual number could be much higher, according to Jan Droemer, a 32-year-old independent researcher in Germany involved in the investigation.