Feds Bust Zeus Financial Cybercrime Ring - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Feds Bust Zeus Financial Cybercrime Ring

Group allegedly swindled $3 million using malware, botnets, and "money mules."

Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

All told, charges were filed against 37 defendants -- in 21 separate cases -- ranging from using bank accounts with false names, to stealing money from accounts that were compromised via botnets and malware, including the Zeus (aka Zbot) financial malware toolkit.

The investigation commenced after questionable banking activity, according to Raymond W. Kelly, commissioner of the New York Police Department. "After NYPD detectives entered a Bronx bank in February to investigate a suspicious $44,000 withdrawal, it soon became evident that it was just the tip of an international iceberg."

According to complaints unsealed Thursday in Manhattan federal court, the malware attacks emanated from eastern Europe. Attackers sent malware-laden emails to numerous recipients, infecting some of their PCs with keystroke-monitoring software, which recorded their log-in credentials as they accessed financial websites.

According to prosecutors, "the hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and make unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators."

The arrests appear to be part of a larger, global operation that also included New Scotland Yard, which on Thursday announced that it had charged 11 people in the United Kingdom with conspiracy to defraud, and money laundering.

"Reading between the lines, it's possible that the authorities believe that those arrested in the U.K. are ringleaders of the gang, and the U.S. arrests are mostly the 'money mules' who were used to actually convert stolen details into cash," said Graham Cluley, senior technology consultant at Sophos.

Since withdrawing money from abroad can trigger fraud alerts, attackers often use money mules located in the same country as victims, he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll