Iserdo, Alleged Mariposa Botnet Creator Arrested by Slovenian Police

July 28, 2010

The FBI, in partnership with the Slovenian Criminal Police and the Spanish Guardia Civil detailed significant developments in a two-year investigation of the creator and operators of the Mariposa Botnet. A botnet is a network of remote-controlled compromised computers.

The Mariposa Botnet was built with a computer virus known as “Butterfly Bot” and was used to steal passwords for websites and financial institutions. It stole computer users’ credit card and bank account information, launched denial of service attacks, and spread viruses. Industry experts estimated the Mariposa Botnet may have infected as many as 8 million to 12 million computers.

“In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world,” said FBI Director Robert S. Mueller, III. “These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet.”

In February, the Spanish Guardia Civil arrested three suspected Mariposa Botnet operators: “Netkairo,” “Jonyloleante,” and “Ostiator,” aka Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios. These individuals are being prosecuted in Spain for computer crimes.

Last week, the Slovenian Criminal Police identified and arrested the Mariposa Botnet’s suspected creator, a 23-year-old Slovenian citizen known as “Iserdo.” The work of the Slovenian and Spanish authorities was integral to this investigation.

FBI Cyber Division Assistant Director Gordon M. Snow said: “This case shows the value of strong partnerships among law enforcement agencies worldwide in the fight against cyber criminals. Cyber crime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible. The FBI praises the work of our Slovenian and Spanish partners who worked closely with our agents in this case.”

In a statement, Slovenian Minister of the Interior Katarina Kresal and Director General Janko Gorsek, Slovenian Criminal Police, said: “We are glad to cooperate with the United States; the FBI’s assistance is invaluable and represents professional affirmation of our force. This case shows that cyber crime issues call for international police cooperation that shouldn’t be hindered by geographical borders. The FBI has demonstrated a high level of collaboration in which our countries were equal partners, which was crucial for the success of the investigation and reducing the threat on a global level. This partnership serves as a solid basis for future cooperation.”

Maj. Juan Salom, commander of the Guardia Civil’s Cyber Crime Division, noted: “The Mariposa case showed how the coordinated and joint actions of different international police forces, along with the efforts of the Internet security industry, have been able to face the global threat of cyber crime,” he said. “The cyber kingpins know that they are not invincible anymore because the global efforts of the FBI, Slovenian Criminal Police, and Spanish Guardia Civil have shown that it doesn’t matter where or how they try to hide, they will be located and prosecuted.”

From 2008 to 2010, the Slovenian citizen created “Butterfly Bot” and sold it to other criminals worldwide. In turn, these criminals developed networks of infected computers—botnets—and the Mariposa variety from Spain was the most notorious and largest. In addition to selling the Butterfly Bot program, the Slovenian citizen developed customized versions for certain customers and created and sold plug-ins (add-ons) to augment the botnet’s features and functionality.

This case is significant because it targeted not only the operators of the botnet but also the creator of the malicious software that was used to build and operate it. The success of this investigation was made possible because of the skill, professionalism, and commitment of the Slovenian Criminal Police’s Cyber Crime Division and the Spanish Guardia Civil’s Computer Crimes Group.

The FBI conducted this investigation with the assistance of the United States Attorney’s Office, District of Hawaii, and the Department of Justice’s Computer Crime and Intellectual Property Section, Office of International Affairs, and the Botnet Threat Focus Cell. The FBI also received invaluable assistance from the Mariposa Working Group.