nito - Fotolia

Andromeda mastermind Sergey Jarets jailed, say security researchers

Security researchers say they believe that a hacker arrested by Belarus police is Andromeda botnet mastermind Sergey Jarets

A hacker arrested in Belarus following the takedown of the world’s largest and oldest criminal botnets is believed to be 33-year-old Belarussian Sergey Jarets, also known as Ar3s.

The Andromeda botnet was taken down on 4 December 2017 by a joint task force of European law enforcement agencies, the FBI and several non-EU member states.

According to Microsoft, more than two million compromised computers worldwide were identified in 48 hours of observations prior to the takedown. It is estimated that the Andromeda botnet was used by various criminal groups and individual actors to distribute more than 80 families of malware.

After the takedown, Belarus officials reported they had detained a hacker responsible for the distribution and maintenance of the Andromeda malware, but did not name the suspect. However, researchers security firm Recorded Future claims the man arrested is Jarets, who as Ar3s is regarded as one of the oldest and more highly respected members of the criminal underground.

According to the researchers, Ar3s – also known as Арес (in Russian), Ch1t3r or Sergey Jaretz/Jarets – is the mastermind behind the Andromeda Trojan and a longstanding administrator of the Damage Lab hacking forum.

Ar3s is also recognised as a leading expert in malware development and reverse engineering, network security and antivirus technology, which explains how he was able to design the Andromeda malware to turn off firewalls, Windows updates and user account control functions, and avoid infecting computers in Russia, Belarus, Ukraine and Kazakhstan based on language settings.

“With a high degree of confidence, we assess that the arrested person is likely Jarets Sergey Grigorevich,” the researchers wrote in a blog post. “His residence in Gomel Region, Belarus, date of birth and administration of cyber criminal forums are clear evidence of Ar3s’s apprehension.”

Read more about international anti cyber crime operations

According to the researchers, they were able to make the link between the various aliases and Jarets because of a common ICQ messaging service number, “5777677”, that was used as a primary contact method.

The researchers also claim to have tracked down Ar3s to the OJSC “Televid” Tele-Radio Company in the Gomel Region of Belarus, noting his LinkedIn profile shows Jarets was a technical director of OJSC “Televid” since 2003, and was responsible for procurement and maintenance of the company’s computer network. The profile also showed he obtained a degree in software engineering around 2012.

The Andromeda botnet takedown and the arrest of Ar3s is an “excellent example” of successful cooperation between international law enforcement agencies, including non-EU Eastern European members, the researchers said.

“Once again, it shows the determination of international governments to eradicate cyber crime by supporting high-level joint operations and leveraging the expertise of law enforcement agents.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management