Eastern European cyber criminals charged in UK and US over use of Zeus Trojan

News by Dan Raywood

A total of 11 people were charged in connection with the use of the Zeus Trojan to steal more than £6 million from UK bank accounts last week.

A total of 11 people were charged in connection with the use of the Zeus Trojan to steal more than £6 million from UK bank accounts last week.

Among them, ten were charged with conspiracy to defraud and included four Ukrainian men and one Ukrainian woman, two Latvian men and one Latvian woman, a man from Estonia and another from Belarus.

Also, eight people were charged with money laundering and included three Ukrainian men, two men and one woman from Latvia and two men from Estonia and Belarus. A Georgian man was also charged with offences under the Identity Cards Act 2005.

Another nine people (six men and three women) arrested in connection with the investigation have been bailed, pending further enquiries, until dates in late October.

The Police Central e-Crime Unit said that between the 13th October 2009 and the 28th September 2010, the people are accused of conspiring together with persons unknown to defraud HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB and their customers, by facilitating the transfers of monies from bank accounts into other bank accounts under their, or other persons' control.

It said that those accused of money laundering entered into or became concerned in an arrangement, namely the transfer and/or acceptance of monies on or before the 28th September 2010, knowing or suspecting that the arrangement would facilitate the acquisition, retention, use or control of criminal property by or on behalf of another person. Also on the same day, the Georgian man was accused, without reasonable excuse, of having a Lithuanian passport in his possession or under his control that related to someone else.

Also at the end of last week, the US Federal Bureau of Investigation (FBI) confirmed that 37 people had been charged with use of Zeus in global bank fraud schemes to steal more than $3 million from 'hundreds of accounts opened under false identities'.

FBI assistant director-in-charge, Janice K. Fedarcyk, said: “The Zeus Trojan allegedly allowed the hackers, from thousands of miles away, to get their hands on other peoples' money—with far less exertion than a safecracker or a bank robber. But their scheme didn't eliminate risk. Like the money mules, many, if not all, will end up behind bars.”

Don Jackson, director of threat intelligence at SecureWorks, said he could not confirm if there was any link between the two multiple arrests.

He said: “Online banking fraud is not just an Eastern European problem, but a lot of these types of tools, such as Zeus, are developed in places like Russia and Eastern European countries so it's not surprising the hackers are originally from these regions.

“As we've seen it can be very difficult to detect fraud that has been committed using Zeus, which is why it is so expensive for criminals to buy the private version, which is currently costing around US$5,000. Only the large attacks make the news, but pirated versions of Zeus are also being used to consistently steal relatively small values from numerous accounts worldwide – and because the amounts are small they don't have the impact for law enforcement to get involved.

“Even when large amounts of money is involved, such as in this case, it's only possible to discover the source by reverse engineering the hackers' activities, thus causing considerable issues for the online banking industry.”

Mickey Boodaei, CEO of Trusteer, said: “The recent arrests in the US and the UK indicate that financial fraud is not the business of individuals, behind these operations you can find groups of people which in many cases operate for larger organised crime groups. They have the money and the means to run large scale sustainable criminal online operations. As time goes by we're seeing more groups which are larger, more efficient and knowledgeable than before, and as a result much more successful. Zeus is being used around the world to attack individual customers, and big businesses are also being targeted, particularly in the US.”

“However, recent successful arrests in the US and the UK show that law enforcement agencies, with the help of the banks, their customers and the industry, are capable of tracking these people down and putting them behind bars. More efforts are needed for this promising start to become truly successful. Financial fraud can be stopped from spreading if financial organisations and customers continue to improve security and work with law enforcement to go after cyber criminals.”

Dave Divitt, fraud and risk solutions consultant at ACI Worldwide, said: “It is important that stories like this don't discourage consumers from banking online. As an individual there are a number of steps that people can take to help protect themselves from fraud – including never clicking on suspicious links in emails or on websites that could download this type of malware to their computer; regularly running anti-virus software; always checking statements; and reporting anything suspicious to their banks.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews