Feds Bust Zeus Financial Cybercrime Ring

Group allegedly swindled $3 million using malware, botnets, and "money mules."

Mathew J. Schwartz, Contributor

October 1, 2010

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Strategic Security Survey: Global Threat, Local Pain

(click for larger image and for full photo gallery)

Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

All told, charges were filed against 37 defendants -- in 21 separate cases -- ranging from using bank accounts with false names, to stealing money from accounts that were compromised via botnets and malware, including the Zeus (aka Zbot) financial malware toolkit.

The investigation commenced after questionable banking activity, according to Raymond W. Kelly, commissioner of the New York Police Department. "After NYPD detectives entered a Bronx bank in February to investigate a suspicious $44,000 withdrawal, it soon became evident that it was just the tip of an international iceberg."

According to complaints unsealed Thursday in Manhattan federal court, the malware attacks emanated from eastern Europe. Attackers sent malware-laden emails to numerous recipients, infecting some of their PCs with keystroke-monitoring software, which recorded their log-in credentials as they accessed financial websites.

According to prosecutors, "the hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and make unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators."

The arrests appear to be part of a larger, global operation that also included New Scotland Yard, which on Thursday announced that it had charged 11 people in the United Kingdom with conspiracy to defraud, and money laundering.

"Reading between the lines, it's possible that the authorities believe that those arrested in the U.K. are ringleaders of the gang, and the U.S. arrests are mostly the 'money mules' who were used to actually convert stolen details into cash," said Graham Cluley, senior technology consultant at Sophos.

Since withdrawing money from abroad can trigger fraud alerts, attackers often use money mules located in the same country as victims, he said.

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights