Zeus money mule takedown unveiled: 37 indictments in Operation Aching MuleAs I've said before, the message is clear from the highest levels down to the U.S. attorneys and Secret Service / FBI agents in the trenches: Our G-men and G-women are going after the bad guys. And they're bringing in their heavy-hitters to get the job done.
Money muling tactics leverage student and temporary worker visa holders
The current money muling trend, as reported by the FDIC, has been to use J1 Student Visas or temporary worker visas (such as those used for seasonal pedicab drivers) to enter the country. Two ways the muling may occur: first, directly upon entry by using a semi-legal identity to establish bank accounts, pump fraudulent wire transfers and/or fraudulent checks through, leaving the bank and the FDIC holding the bag. Second, it's so easy and non-risk for even legitimate J1 holders to sell their identity at the end of their visa period, that they may unintentionally aid the money mule herders who are at the end of the Zeus banking trojan's stateside money trail. After all, while living legitimately here in the U.S., the newly created identity is worth nothing upon leaving – as long as you don't intend on returning.
Now it's payback time for the Feds. They're cleaning house.
From the released statement today by Manhattan's Southern District of New York U.S. Attorney:
According to complaints unsealed today in Manhattan federal court, the cyber-attacks began in Eastern Europe, and included the use of a malware known as the "Zeus trojan," which was typically sent as an apparently-benign email to computers at small businesses and municipalities in the United States.
Once the email was opened, the malware embedded itself in the victims' computers, and recorded their keystrokes – including their account numbers, passwords, and other vital security codes – as they logged into their bank accounts online.
The hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and made unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators.
These receiving accounts were set up by a "money mule organization" responsible for retrieving the proceeds of the malware attacks and transporting or transferring the stolen money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks.
Once these false-name accounts were successfully opened and received the stolen funds from the accounts compromised by the malware attacks, the "mules" were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash.
Anti-cybercrime: Actions speak louder than words
As for the final 17 of these 37 who are currently out of reach, many a sleepless night should await them with the mention of one word: RENDITION.
It's anyone's guess whether 24's Jack Bauer would win in a faceoff against the new FBI Cyber Division top cop Gordon Snow. Give this guy the data from the malware and he's sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he needs to use in order to go and get the suspects from unfriendly countries – any way possible.
Translated into civilian, I specifically outline "sensitive rendition" which describes Gordon Snow. Rendition is often defined as capturing and transporting criminals without extradition. Hiring this G-man into Cyber Division sends the clear message that we're coming to get them, making law enforcement corruption within other countries less of an issue.
This rendition background should cause very considerable fear in previously out of reach cybercrime syndicates. I know many a Secret Service agent and FBI agent who would love to kick in their doors and Gordon's outfit might just give them the chance.
- Open Source Malware Fingerprinting
- Banking trojan theft: stopping the bleeding of American business accounts
- The soul-destroying consequence of losing a business payroll account
- Banking trojans as a weapon of mass destruction
- Cybercrime fact or fiction, Part 1: Banking trojans and FinCEN reporting
- Geek with an edge: Gordon Snow, Asst. Dir. FBI Cyber Division