"I thought that we would never hear about these people after they were named. But what was a surprise is that they actually hired a lawyer in New York... and they were like, 'Yeah, we're going to be taking part in this trial."
Listen now on Spotify:
In this episode, we are joined by Pierre-Marc Bureau from Google’s Threat Intelligence Group (GTIG) to unpack the unprecedented takedown of the Glupteba botnet. Active since 2011, Glupteba infected roughly 1 million Windows devices before Google launched a coordinated technical and legal strike. Pierre-Marc takes us behind the scenes of an investigation that evolved from reverse engineering binaries to a surreal showdown in a New York civil court.
We break down how a single hardcoded string unraveled a massive criminal enterprise, the mechanics of using the Bitcoin blockchain for resilient command and control, and the bizarre moment when Russian cybercriminals actually hired a US lawyer to fight back.
THE SESSION:
- The Blockchain Fallback: How Glupteba operators hid AES-encrypted blobs inside Bitcoin transactions, creating an un-takable backup C2 infrastructure if their primary domains went down.
- The Fatal OpSec Flaw: How one mistake—leaving the string get.voltronwork.com in a Go module—allowed Google to connect the botnet to Russian developer shops and Delaware shell companies.
- The Corporate Cyber-Cartel: Why the group operated like a legitimate tech startup, openly selling end-to-end "services" like proxy networks and compromised Google and Facebook accounts on the open web.
- The Extortion Twist: The surreal courtroom drama where the malware operators tried to extort Google for $1 million per defendant in exchange for private keys—a move that ended with the judge sanctioning their lawyer for $250,000.