Government // Cybersecurity
News
10/1/2010
11:04 AM
Connect Directly
RSS
E-Mail
50%
50%

Feds Bust Zeus Financial Cybercrime Ring

Group allegedly swindled $3 million using malware, botnets, and "money mules."




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

All told, charges were filed against 37 defendants -- in 21 separate cases -- ranging from using bank accounts with false names, to stealing money from accounts that were compromised via botnets and malware, including the Zeus (aka Zbot) financial malware toolkit.

The investigation commenced after questionable banking activity, according to Raymond W. Kelly, commissioner of the New York Police Department. "After NYPD detectives entered a Bronx bank in February to investigate a suspicious $44,000 withdrawal, it soon became evident that it was just the tip of an international iceberg."

According to complaints unsealed Thursday in Manhattan federal court, the malware attacks emanated from eastern Europe. Attackers sent malware-laden emails to numerous recipients, infecting some of their PCs with keystroke-monitoring software, which recorded their log-in credentials as they accessed financial websites.

According to prosecutors, "the hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and make unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators."

The arrests appear to be part of a larger, global operation that also included New Scotland Yard, which on Thursday announced that it had charged 11 people in the United Kingdom with conspiracy to defraud, and money laundering.

"Reading between the lines, it's possible that the authorities believe that those arrested in the U.K. are ringleaders of the gang, and the U.S. arrests are mostly the 'money mules' who were used to actually convert stolen details into cash," said Graham Cluley, senior technology consultant at Sophos.

Since withdrawing money from abroad can trigger fraud alerts, attackers often use money mules located in the same country as victims, he said.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.