Threat Management, Malware, Vulnerability Management

FBI announces arrest of five Zeus orchestrators

Police in the Ukraine have arrested five people believed to be responsible for masterminding a well-organized cybercriminal operation that stole $70 million from the bank accounts of victims whose computers were silently infected with the Zeus trojan, the FBI announced Friday.

This marked the third major bust this week involving those involved with the data-stealing malware.

The Security Service of Ukraine (SBU) charged the suspects on Thursday, the culmination of a 16-month investigation known as "Operation Trident Breach," which began when FBI agents in Nebraska were tipped off that 46 bank accounts in the United States had received fraudulent wire transfers, according to an FBI statement.

Calling the investigation an "unprecedented partnership," the FBI worked with U.S.-based cybercrime task forces, international law enforcement colleagues and security researchers to crack the case.

"No one country, no one company, and no one agency can stop cybercrime,” said FBI Director Robert Mueller III. “The only way to do that is by standing together. For ultimately, we all face the same threat.

The suspects mainly targeted the bank accounts belonging to small and midsize organizations, including municipalities and churches. Victims' PCs were infected with the Zeus trojan, which was used to hijack bank account login information. 

"There are many Zeus botnets, but this is the one that has been moving the most money," Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, told on Friday.

With the stolen login credentials at their disposal, the criminals were able to access victims' accounts and transfer out money, using the Automated Clearing House electronic network, to accounts under their control. In many cases, the thieves cleared out victims' bank accounts in minutes.

In total, the crooks got away with $70 million, but they attempted to siphon as much as $220 million, according to the FBI.

Friday's news comes one day after prosecutors in New York announced the arrests of more than 70 "money mules," recruited by Zeus ringleaders to open bank accounts and cash out the fraudulent proceeds. And on Tuesday, police in the U.K.arrested 19 people believed to be part of an organized crime network that also used the Zeus trojan to steal millions of dollars from U.K. bank accounts.

Authorities believe the string of arrests will significantly cripple the Zeus infrastructure.

"We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts, causing immense personal anxiety and significant financial harm, which of course, banks have had to repay at considerable cost to the economy," said Terry Wilson, the deputy chief inspector at the Metropolitan Police Service in the U.K., which assisted on the investigation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.