U.K. police arrest 19 in major Zeus bust

Share this article:
Police in the U.K. have arrested 19 individuals believed to be part of an organized cybercrime network that used the Zeus trojan to steal six million pounds ($9.5 million) from U.K. bank accounts.

Fifteen men and four women between the ages of 23 and 47 were charged Tuesday with suspicion of using the Zeus trojan to capture personal login details to gain unauthorized access to bank accounts, according to a news release issued Tuesday by the U.K. Metropolitan Police Services (MPS).

Authorities said members of the cybercrime ring transferred the money from the fraudulently accessed bank accounts to “mule” and “drop” accounts they previously opened.

“We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts, causing immense personal anxiety and significant financial harm — which of course banks have had to repay at considerable cost to the economy,” Terry Wilson, detective chief inspector from the MPS Police Central e-Crime Unit (PCeU), said in a statement.

A number of major world banks have suffered losses as a result of the fraud ring. The MPS said it believes the amount lost by U.K. banks will “increase considerably” as the investigation moves forward.

Security experts consider Zeus, also known as Zbot, the most prevalent financial malware on the internet today. Often foisted via social engineering ruses, the trojan typically is designed to steal bank account information from its victims.

First identified in 2007, Zeus remains active and, just this week, has been leveraged in mobile device attacks to steal codes used to authenticate banking transactions and in email campaigns masquerading as LinkedIn invites.

The arrests in the U.K. follow an investigation carried out by the MPS PCeU in cooperation with U.K. banks through the Virtual Taskforce, an alliance of organizations across the financial services industry, universities and other organizations.

"This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public and private organizations in the U.K.,” Martin Muirhead, chairman of the Virtual Task Force, said in a statement. “This is pioneering work led by the Metropolitan Police Service."

It is not a simple task to track down cybercriminals and gather information that can facilitate their arrest, Mickey Boodaei, CEO of internet security firm Trusteer, told SCMagazineUS.com in an email on Wednesday.

"The arrests shows that some of the criminal groups behind Zeus are doing a poor job in covering their tracks," Boodaei said. “This provides an excellent opportunity for the police, the banks and their customers to join together and get more criminals behinds bars.”

Dave Jevans, CEO of IronKey, maker of secure and managed portable computing products, agreed the bust is a positive sign, but said organized cybercriminal gangs have been carrying out successful attacks across the globe for a number of years.

And, cybercrime is particularly damaging for businesses because unlike consumer banking customers that have been targeted by cybercriminals, businesses that have their funds stolen are not insured, he said.

"Unfortunately, this is only the tip of the cybercrime iceberg,” Jevans said.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.