Two Ukranian ringleaders are among 13 jailed for infecting computers with malware and stealing £2.9 million
An investigation by Metropolitan Police Central eCrime Unit has resulted in the jailing of 13 people involved in cyber-gang that executed a sophisticated banking fraud using malware to steal millions of pounds from hundreds of people.
The cyber-crime ring is accused of using Trojans to infect PCs and stealing sensitive information, including bank account numbers and log-in credentials, the eCrime Unit said. The criminals allegedly used the stolen information to access victims’ bank accounts and transfer money to accounts under their control to the tune of at least £2.9 million.
US and UK co-operation
The investigation, code-named Operation Lath, involved various British law enforcement authorities, the US Federal Bureau of Investigation and the US Department of Justice. British police had originally arrested 20 people at various locations in London and southeast England suspected of having ties to the cyber-gang. Investigators from Her Majesty’s Revenue and Customs (HMRC) made additional arrests. Of the people arrested, 13 were jailed on 31 October.
“These defendants were part of an organised network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in theUKandUnited States,” said Colin Wetherill, a detective inspector with the Metropolitan Police Central eCrime unit.
During house searches, police recovered computers, mobile phones, banking documents and false passports. While the total amount stolen is not yet known, authorities estimated that the 13 people in jail were responsible for stealing at least £2.9 million between September 2009 and March 2010. The gang had attempted to steal £4.3 million pounds, the police said.
Ukranian leaders named
The gang was led by two Ukranians, Yevhen Kulibaba and Yuriy Konovalenko, the police said. Both men pleaded guilty to “conspiracy to defraud” and were sentenced to serve four years and eight months in prison.
Kulibaba (pictured right) was responsible for obtaining and allocating accounts to be attacked, organising the UK-based conspirators to set up and maintain recipient accounts and later remove funds, according to the police. Konovalenko (pictured left) was Kulibaba’s “right-hand man” and was based in Britain. Konovalenko managed the accounts that received stolen funds and the money mules hired to transfer money.
The police did not provide any information on how the malware was spread to infect victims’ computers. It is not clear at this time if this cyber-gang used Zeus, one of the most sophisticated and popular banking Trojans in circulation, or different data-stealing malware.
Zeus became widespread in early 2009 and has since infected millions of computers around the world and been used to steal tens of millions of dollars from victims’ bank accounts. A little over a year ago, international law enforcement authorities arrested several people accused of using Zeus to loot bank accounts. Scotland Yard arrested 19 people accused of stealing $9.5 million from banks, the FBI charged 37 individuals of stealing $3 million and Ukranian police arrested five people accused of stealing more than $70 million.
While Zeus attacks have declined in recent months, it appears that the Trojan had changed its attack vector to exploit the auto-run feature in unpatched Windows systems and was making a comeback, according to a post on Microsoft’s Threat Research and Response blog.