Global Law Enforcement Cooperation Key in Disruption of Cybercrime Ring Using ZeuS Malware
The FBI, working in partnership with international law enforcement, have busted several cybercriminals that targeted small- to medium-sized companies, municipalities, churches, and individuals, infecting their computers with “ZeuS,” popular malware used to capture passwords, account numbers, and other data used to log into online banking accounts. The FBI reports that the group attempted to steal up to $220 million, successfully grabbing $70 million from victims’ bank accounts.
Assistant Director Gordon M. Snow of the FBI’s Cyber Division said, “During this investigation, the FBI worked closely with our overseas counterparts to identify subjects who were instrumental in the development and control of the malicious software, those who facilitated the use of malware, and those who saw a means to make quick, easy money—the mules.”
Just last week, LinkedIn users were targeted with a massive campaign to spread similar ZeuS malware via fake “Contact Requests.”
When Zeus infects PCs, users rarely notice any harm. ZeuS, also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent banking malware platform for online fraud, and has been licensed by numerous criminal organizations. A new variant recently emerged that targets mobile devices - ZeuS in the Mobile or "Ztimo"- used to overcome two-factor authentication.
The operation, dubbed “Trident Breach,” launched in May 2009, when FBI agents in Omaha, Nebraska, were alerted to automated clearing house (ACH) batch payments to 46 separate bank accounts throughout the United States. Agents quickly realized the scope of the crime and partnered with local, state, and federal partners, cybercrime task forces, working groups, and foreign police agencies in the Netherlands, Ukraine, and the United Kingdom to pursue those responsible and bring them to justice.
“No one country, no one company, and no one agency can stop cybercrime,” said FBI Director Robert S. Mueller, III. “The only way to do that is by standing together. For ultimately, we all face the same threat.
“We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm, which of course, banks have had to repay at considerable cost to the economy,” said Deputy Chief Inspector Terry Wilson from the Metropolitan Police Central e-Crime Unit in a previously issued statement.
“The skill, dedication, and expansive cooperation provided by our local, state, and federal law enforcement partners in the U.S. and in the Netherlands, Ukraine, and United Kingdom were crucial to the success of this effort,” Snow said. “The FBI appreciates the financial industry working groups and public-private partnerships that work tirelessly to inform the American public about this criminal threat and provide recommendations on how businesses can protect themselves.”
The multi-agency partnership, including support from Internet security researchers, gave law enforcement the opportunity to gather intelligence about this scheme and significantly disrupt the activities of cyber criminals and money mules who took part in these crimes.
The Federal Bureau of Investigation, including the New York Money Mule Working Group, the Newark Cyber Crime Task Force, the Omaha Cyber Crime Task Force, the Netherlands Police Agency, the Security Service of Ukraine, the SBU, and the United Kingdom’s Metropolitan Police Service participated in the operation.
“The National High-Tech Crime Unit’s involvement in this international operation is representative of the commitment that the KLPD and the National Prosecutor’s Office have made to the fight against cyber crime in addition to the need for worldwide cooperation among all partners,” said Pim Takkenberg, team leader of the National High-Tech Crime Unit, Netherlands Police Agency.
The FBI and the Ukrainian SBU have forged a strong partnership to target cyber criminals around the world. The SBU has combined its technical and investigative expertise with the FBI in joint pursuit of organized cyber criminals who inflict damage to international financial infrastructure. On September 30, 2010, the SBU detained five individuals who were key subjects responsible for this overarching scheme. Additionally, eight search warrants were executed by approximately 50 SBU officers and its elite tactical operations teams.