U.K. Police Bust 19 for $9.5M Online Banking Heist

Scotland Yard has arrested 19 people in connection with a cyber-crime ring accused of stealing millions from bank accounts in Europe.

Officers from the MPS (Metropolitan Police Services) Police Central e-Crime Unit arrested 15 men and four women in predawn raids Sept. 28 in London. They group is believed to be behind the theft of approximately £6 million ($9.5 million) from banks in the U.K. during a three-month period. Authorities believe that figure is likely to increase as the investigation progresses.

The group used a variant of the Zeus Trojan to swipe user banking credentials, police said. Zeus is one of the most popular banking Trojans in the cyber-underground and has been linked to numerous similar operations. With user credentials in tow, the crew allegedly transferred funds via mules to get their hands on the money.

Recently, security researchers observed Zeus purveyors targeting mobile phones in an attempt to circumvent the two-factor authentication used by banks to verify user identity. In that case, after obtaining a user’s online banking credentials, attackers would attempt to trick the victim into giving up their phone number so they could send them an application to covertly monitor their SMS messages. That way, when their online bank sends them a transaction authentication number via SMS to verify their identity before approving a transaction, the attacker can intercept it.

“Zbot (also known as Zeus) is a significant malware family--the many different variants of the Trojan in existence have been distributed by hackers in a variety of different disguises,” blogged Graham Clulely, senior technology consultant at Sophos. “Arrests like the ones in London don't mean the end of Zbot--it continues to be available for sale to other criminals via underground Websites--but it's still good news for everyone interested in making the Internet a safer place.”

Detective Chief Inspector Terry Wilson of the PCeU advised online banking customers to make sure their systems are up-to-date and secure, and to be on the lookout for any unusual or additional security features requested that seem to be out of step with their normal log-on experience.

"We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts, causing immense personal anxiety and significant financial harm--which of course banks have had to repay at considerable cost to the economy,” Wilson said in  a statement.