War on Cyber-Crime Logs Three Victories
“Cyber-criminals beware!” is the message being sent out by law enforcement agencies internationally. Several high-profile arrests recently show signs of insider intelligence leading to the capture of sophisticated criminal gangs using Zeus bots to steal millions of dollars globally.
Here’s a rundown:
1) Ukraine. This happened in a little-reported but significant event in Odessa in mid-September. There, Ukrainian police reported the arrest of five hackers suspected of looting the bank accounts of foreign companies. This was not some small-town operation: The hackers’ estimated income was in the region of $300,000 to $500,000 a month.
Ukrainian police are not known for acting in cases like these without very good reason, similar to many of the former USSR states, where corruption was always a problem. Hopefully, this is changing with the establishment of an innovative 24/7 “cyber-crime watch” for the reporting of suspicious activity, which has been set up to assist as advance intelligence in future cases.
2) United Kingdom. Early this week, UK police arrested 19 Eastern European nationals in connection with international banking fraud. Eleven were refused bail, charged with conspiracy to “defraud HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB, and their customers.”
With losses of around $9.5 million in the UK alone, and still counting, according to the police statement, this was a big operation. The ring allegedly used a Zeus Trojan to capture the log-in details of thousands of UK online bank customers. Money was filched into waiting “mule” or “drop” accounts set up using false credentials by gang members. Other charges relate to money laundering and identity fraud incidents.
3) United States. You may already be familiar with accusations against more than 60 members of an elaborate crime ring that had several subsets of money mules using multiple bank accounts and with forged passports set up with fake identities.
Money mules provide the means to siphon large sums into smaller quantities in numerous accounts to avoid raising suspicion and in readiness for money laundering overseas. The weakness, luckily, is that at some point largish amounts will be accessed. With adequate bank controls in place, such activities should raise an alert to staff trained to spot these signs.
The office of Preet Bharara, the US Attorney for the Southern District of New York, described the coordinated effort by several US government and law enforcement agencies, which resulted in 37 gang members of Eastern European origin being charged for their roles in global bank fraud schemes. More than $3 million was netted from dozens of US accounts compromised by Zeus malware.
Cyrus R. Vance, Jr., the District Attorney for New York County, further announced the indictment of 36 for their part in stealing more than $868,000 from a total of 34 individual and corporate identity theft victims. Nineteen others from previous arrests were charged with stealing more than $100,000 from 14 individual accounts.
* * *
So what was a seemingly innocuous arrest in Odessa has led to the discovery of multimillion-dollar international crimes. Perhaps the clue is in the words of Preet Bharara, who stressed that there is no hiding place for these “21st century bank robbers… they are not anonymous… work will continue here and abroad… to bring cybercriminals to justice.”
It should be noted: Overall, this is a significant victory in the war against global cyber-crime based on cooperation of at least eight law enforcement agencies internationally, security analysts, and the community. It’s not the end of the war against cyber-crime, or the beginning of the end, but it is still a significant hack into organized cyber-crime globally.
by jart armin