An Eastern European cybercrime ring stole $70 million from US banks, the FBI announced today. In additions to the dozens of individuals charged in the U.S. and Britain Thursday, the FBI also said that five individuals in Ukraine had been detained today on suspicion of creating the computer virus used in the scam.
Dozens of people in the U.S and Britain were charged Thursday in a worldwide cyberscam that used the powerful Zeus Trojan virus to crack open bank accounts and divert millions of dollars to Eastern Europe. Authorities said at the time that the ring was accused of stealing $12.5 million from accounts in both countries, but also said the global total was likely to rise as the year-long investigation continued.
The US Attorney for the Southern District of New York and the Manhattan D.A. charged 37 people Thursday, most of them Russian nationals, with stealing more than $3 million from small business and government accounts in the U.S. Another 19 suspects were arrested in London, and 11 were charged in the theft of $9.5 million from British banks.
While 20 of the New York suspects are in custody, another 17 remain at large.
"This advanced cybercrime ring is a disturbing example of organized crime in the 21st century – high tech and widespread," said Manhattan District Attorney Cy Vance Jr. "The far-reaching results of this investigation to date represent what people deserve: successful cooperation between city, state, federal and foreign law enforcement officials."
"As today's arrests show," said US Attorney Preet Bharara, "the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car. It requires only the Internet and ingenuity."
The Zeus malware, which has traditionally targeted PCs but has now been updated to attack cell phones as well, is designed to steal bank account log-on credentials. It either lures the victim to click on a link in an e-mail or steers the victim to a web site hosting the malware, and then records keystrokes when the victim logs into various private accounts.
The five individuals detained today in Ukraine are suspected of creating and selling the virus that was used in the bank thefts.
The investigation that led to the worldwide arrests originated in May 2009, when a compnay in Omaha, Nebraska that handles bank transactions noticed unusual money movements to 46 different banks.
The virus allegedly used by the crime ring targeted accounts where large withdrawals were not unusual. According to the FBI, the crime ring sent emails to individuals with titles such as treasurer or chief financial officer. To avoid electronically shifting those funds directly to Russia, so-called "money mules" opened accounts to receive the funds. According to state and federal authorities, the mules had often entered the US under student visas, and then were provided with passports under fake names to open the accounts.
"Once these false-name accounts were successfully opened," said a statement from the US Attorney's office, "and received the stolen funds from the accounts compromised by the malware attacks, the 'mules' were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash."