UK Link As US Arrests 60 People For Zeus Bank Heist

Federal prosecutors in New York City charged 37 people in connection with a cyber-crime ring that used the Zeus Trojan horse to loot millions from victims’ bank accounts. All in all, 60 people have been charged by both federal and state authorities in the operation.

The swoop is believed to be part of an international police action that also resulted in the arrest of 19 Eastern Europeans in London last Wednesday.

Trojan Mules

The timings of the UK and US arrests seem too close to be a coincidence, leading many to speculate the investigation was a coordinated effort between various law enforcement agencies from the two countries.

“From our eyes, it appears the UK arrests by the Metropolitan Police were the ringleaders, the controllers – and the people arrested in the US were the money ‘mules’ of the operation,” said Chester Wisniewski, a senior security advisor at Sophos.

While he has yet to see any “hard evidence” linking these two investigations, Wisniewski pointed to other similarities, such as the nationalities of the alleged criminals. Both groups were primarily Ukranian and Estonian, he said. The indictment mentioned that a package of forged passports was sent from the UK, he said. He also noticed a similarity in the types of visitor visas held by the suspects.

The ones named in the US indictment held J-1 visas. These are non-immigrant visas issued to exchange visitors participating in programmes that promote cultural exchange, especially to obtain medical or business training. All applicants must meet eligibility criteria and be sponsored either by a private sector or government programme.

Still At Large

The defendants in the US heist, mostly in their 20s, are accused of using the Zeus Trojan to steal over $3 million. The victims were primarily small businesses and municipalities, according to the indictment, although there were some breached brokerage accounts at TD Ameritrade and eTrade.

“This group was one of the premier Zeus operators in the underground,” said Alex Cox, principal analyst for NetWitness.

Of the people named in the indictment, 10 were arrested by FBI and New York law enforcement officials yesterday. There are thought to be 17 from the same gang still at large around the world.

The group allegedly recruited mules via Russian language Web sites by placing ads seeking students with J-1 visas who could open bank accounts in the US, according to the indictment. The mules allegedly kept a small percentage of the stolen money and wired the remainder to overseas bank accounts, often in Asia.

The charges range from bank fraud and false use of a passport to money laundering and conspiracy to commit wire fraud. Maximum prison sentences range from 10 years to 30 years and fines from $250,000 to $1 million per count.

Lucky Break

The indictment marks the culmination of a year-long investigation, dubbed Operation ACHing Mules, conducted by several state and federal agencies. It was triggered when police went to investigate a suspicious $44,000 withdrawal from a New York bank in February, according to the statement issued by the law enforcement agencies. The operations name is derived from the phrase “unauthorised automated clearing house (ACH) transactions”.

Internal fraud alerts used by banks do not always work in cases like this because mule accounts are generally located in the same country as the compromised accounts and  balances are kept  below $10,000.

“I would expect this bust to make existing groups take notice and watch their tracks even more, especially in the short term, but it’s not likely to have any significant sustained effect. The risk versus rewards are still too great,” said Cox.

It is difficult for banks to protect against Trojans like Zeus, as it records keystrokes, said Chris Larsen, senior malware researcher at Blue Coat Systems.  Instead, users need to be proactive about their own security by patching their computers against known exploits and actively monitoring their activity, he said.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

View Comments

  • Commercial-account online banking funds transfer fraud
    Submitted by Jedi Geek on October 2, 2010 - 13:21.

    Organizations just like yours have had hundreds of thousands, and sometimes millions of dollars stolen from their commercial bank accounts, only to learn that their banks don't take responsibility for safeguarding their funds from these attacks. Clicking on:

    http://www.yourmoneyisnotsafeinthebank.org/Banking_CyberProtection_Demand_Letter.doc

    will download a letter you can print out and take to your financial services institution to learn if your small- and medium-sized enterprise is vulnerable to losing money to cyber-criminals like the ones mentioned in this article.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

5 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

6 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

6 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

7 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

7 hours ago