To capture the gang, Russian special forces had to come in through a window on the 16th floor
In Moscow, law enforcement agencies have arrested a group of hackers who stole at least 60 million rubles (£1.3 million) in six months from various companies through the use of Trojan malware.
The group was one of the six most dangerous cybercrime units working in Russia today.
The Russian way of doing things
The arrests were made in a joint effort between the Russian Interior Ministry and the Russian Centre for Information Security (FSB). This morning, officers from the elite “Lynx” squad of the Interior Ministry descended from the roof to a 16th floor office flat where the ringleaders, two brothers, were living. Once the window glass was shattered, the criminals didn’t have much time to get rid of evidence.
This particular group first came to the attention of the authorities in October 2011, Larisa Zhukova, the spokeswoman for the “K” department of the Interior Ministry, told the Komsomolskaya Pravda newspaper. The group allegedly included eight people, and was believed to have been headed by brothers, aged 26 and 29. The younger of the two was also wanted for alleged property fraud.
The hackers relied on banking Trojans like Carberp and RPD-door. They hacked popular websites to add malicious code to them. This sent out malware, giving the crooks access to PCs in a variety of organisations that used Internet banking. Connecting remotely, cybercriminals then could steal from the banks’ clients and transfer the money to their own accounts.
According to IT security company Group IB, the total amount of misplaced money is a lot higher than figures provided by the Ministry of Interior. The Ministry is using information from the people who reported theft, whereas Group IB based their estimates on the size of the botnet and analysis of hackers’ “black” accounting. According to the company, the real number is closer to $150 million (£94.5 million) for the whole of 2011.
Finding the culprits wasn’t easy. They bounced the money between several accounts, randomly withdrawing cash from ATMs using debit cards obtained using fake personal details.
The “business” was going so well that the group began renting an office and filled it with computer equipment. To an outside observer, it looked like any other small IT company. The offices were raided today and several people arrested on the spot. Police claims they have the whole group in custody, from the botnet administrators to the people whose sole responsibility was going around Moscow withdrawing cash.
The documents obtained in the offices suggest the hacker team has managed to accomplish 90 counts of serious theft. Each member now faces up to ten years in prison.
How well do you know Internet security? Try our quiz and find out!