Feds Bust Zeus Financial Cybercrime Ring - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity

Feds Bust Zeus Financial Cybercrime Ring

Group allegedly swindled $3 million using malware, botnets, and "money mules."




Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

All told, charges were filed against 37 defendants -- in 21 separate cases -- ranging from using bank accounts with false names, to stealing money from accounts that were compromised via botnets and malware, including the Zeus (aka Zbot) financial malware toolkit.

The investigation commenced after questionable banking activity, according to Raymond W. Kelly, commissioner of the New York Police Department. "After NYPD detectives entered a Bronx bank in February to investigate a suspicious $44,000 withdrawal, it soon became evident that it was just the tip of an international iceberg."

According to complaints unsealed Thursday in Manhattan federal court, the malware attacks emanated from eastern Europe. Attackers sent malware-laden emails to numerous recipients, infecting some of their PCs with keystroke-monitoring software, which recorded their log-in credentials as they accessed financial websites.

According to prosecutors, "the hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and make unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators."

The arrests appear to be part of a larger, global operation that also included New Scotland Yard, which on Thursday announced that it had charged 11 people in the United Kingdom with conspiracy to defraud, and money laundering.

"Reading between the lines, it's possible that the authorities believe that those arrested in the U.K. are ringleaders of the gang, and the U.S. arrests are mostly the 'money mules' who were used to actually convert stolen details into cash," said Graham Cluley, senior technology consultant at Sophos.

Since withdrawing money from abroad can trigger fraud alerts, attackers often use money mules located in the same country as victims, he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll