British police have jailed 13 people suspected of being part of a sophisticated banking fraud cyber-gang that used malware to steal millions of dollars from hundreds of people.
The cyber-crime ring is accused of using Trojans to infect PCs and stealing sensitive information, including bank account numbers and log-in credentials, the Metropolitan Police Central eCrime Unit said Nov. 1. The criminals allegedly used the stolen information to access victims’ bank accounts and transfer money to accounts under their control to the tune of at least 2.9 million British pounds, or about $4.6 million.
The investigation, code-named Operation Lath, involved various British law enforcement authorities, the U.S. Federal Bureau of Investigation and the U.S. Department of Justice. British police had originally arrested 20 people at various locations in London and southeast England suspected of having ties to the cyber-gang. Investigators from Her Majesty’s Revenue and Customs, Britain’s tax authority, made additional arrests. Of the people arrested, 13 were jailed Oct. 31.
“These defendants were part of an organized network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in the U.K. and United States,” said Colin Wetherill, a detective inspector with the Metropolitan Police Central eCrime unit.
During house searches, police recovered computers, mobile phones, banking documents and false passports. While the total amount stolen is not yet known, authorities estimated that the 13 people in jail were responsible for stealing at least 2.9 million British pounds between September 2009 and March 2010.
They’d attempted to steal 4.3 million pounds, or $6.9 million, the police said.
The gang was led by two Ukranians, Yevhen Kulibaba and Yuriy Konovalenko, according to the police. Both men pled guilty to “conspiracy to defraud” and were sentenced to serve four years and eight months in prison. They began serving those terms Oct. 31, police said.
Kulibaba was responsible for obtaining and allocating accounts to be attacked, organizing the United Kingdom-based conspirators to set up and maintain recipient accounts and later remove funds, according to the police. Konovalenko was Kulibaba’s “right-hand man” and was based in Britain. Konovalenko managed the accounts that received stolen funds and the money mules hired to transfer money.
The police did not provide any information on how the malware was spread to infect victims’ computers. It is not clear at this time if this cyber-gang used Zeus, one of the most sophisticated and popular banking Trojans in circulation, or different data-stealing malware.
Zeus became widespread in early 2009 and has since infected millions of computers around the world and been used to steal tens of millions of dollars from victims’ bank accounts. A little over a year ago, international law enforcement authorities arrested several people accused of using Zeus to loot bank accounts. Scotland Yard arrested 19 people accused of stealing $9.5 million from banks, the FBI charged 37 individuals of stealing $3 million and Ukranian police arrested five people accused of stealing more than $70 million.
While Zeus attacks have declined in recent months, it appears that the Trojan had changed its attack vector to exploit the auto-run feature in unpatched Windows systems and was making a comeback, according to a post on Microsoft’s Threat Research and Response blog.