Federal and state law enforcement agencies have charged more than 60 people as part of an international crime syndicate that used the Zeus Trojan to swipe millions of dollars from bank accounts.
Federal prosecutors in New York City
charged 37 people on Sept. 30 in connection with a cyber-crime ring that looted
millions of dollars from victims' bank accounts.
The defendants, mostly in their 20s, are accused of using the Zeus Trojan to
steal more than $3 million.
The victims were primarily small businesses and municipalities, according to
the indictment, although there were some breached brokerage accounts at TD
Ameritrade and eTrade.
"This group was one of the premier Zeus operators in the
underground," said Alex Cox, principal analyst for NetWitness.
Of the people named in the indictment
10 were arrested by federal and New York
law enforcement officials today, while 10 were arrested previously. Seventeen
at large, either in the United States
or abroad. All in all, 60 people have been charged by both federal and state
authorities in the operation.
The charges were announced only a day after Scotland Yard arrested 19
as part of a similar criminal organization that used the Zeus
The timing of the two arrests seems too close to be a coincidence, leading
many to speculate the investigation was a coordinated effort between various
law enforcement agencies from the United Kingdom
and the United States.
"From our eyes, it appears the U.K.
arrests by the Metropolitan Police were the ringleaders, the controllers, and
the people arrested in the U.S.
were the money mules of the operation," said Chester Wisniewski, a senior
security adviser at Sophos.
While he has yet to see any "hard evidence" linking these two
investigations, Wisniewski pointed to other similarities, such as the
nationalities of the alleged criminals. Both groups were primarily Eastern
European, namely Ukranian and Estonian, he said. The indictment mentioned that
a package of forged passports was sent from the U.K.,
he said. He also noticed a similarity in the types of visitor visas held by the
suspects. The ones named in the U.S.
indictment held J-1 visas.
The J-1 visa allows visitors participating in cultural exchange or training
programs to enter the United States
freely. The group allegedly recruited mules via Russian language Websites by
placing ads seeking students with J-1 visas who could open bank accounts in the
according to the indictment.
The mules allegedly kept a small percentage of the stolen money and wired
the remainder to overseas bank accounts, often in Asia.