On Friday, the last of 27 defendants arrested in connection with a global cybercrime operation that compromised dozens of accounts and used false identities to open hundreds of bank accounts, pled guilty and now faces up to 45 years in prison.
Nikolay Garifulin, 22, of Volgograd, Russia, pled guilty last Friday in Manhattan federal court to conspiracy to commit bank fraud and possess false identification documents for his role in the scheme that made use of the popular Zeus malware and a network of “money mules” to steal over $3 million from dozens of U.S. accounts that were compromised by malware attacks.
According to the U.S. Attorney’s Office, the cyber-attacks originated in Eastern Europe and utilized the Zeus Trojan to record victim’s keystrokes, arming the cyber-thieves with the information needed to take over the victims’ bank accounts, and make unauthorized transfers to accounts controlled by the co-conspirators.
These receiving accounts were set up by a network of money mules responsible for retrieving the stolen funds and transferring the money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks.
Acting as leader in the money mule network, Garifulin collected funds that had been withdrawn by money mules from the fraudulent accounts in the United States, transferred the funds to Eastern Europe as requested by the organization’s leader. Garifulin also arranged for fake passports to be transferred to mules in the United States from Eastern Europe.
Idan Aharoni, Head of Cyber Intelligence for the FraudAction Intelligence team at RSA, and a SecurityWeek contributor, says it’s impossible to talk about the world of fraud without mentioning mules. “When it comes to infrastructure, mules are just as important – if not more important – than having a botnet or a phishing attack set up,” Aharoni writes. “Being such a pivotal part of the fraud process, it’s no surprise that fraudsters go to great lengths to recruit and control mules. If in the past mule recruitment was done mostly in the real world – where potential mule candidates were preyed on due to poverty in most cases – today, fraudsters employ much more sophisticated methods for mule recruitment. Not only do these methods void the need for the fraudster to be physically present in the country, but they also increase the bandwidth of the mule recruitment. In cases where these methods were problematic to implement, the recruiters improved the existing methods and added a new layer of sophistication.”
In connection with the global cybercrime ring, charges were filed against 37 defendants back in September 2010. Including Garifulin, 27 defendants pled guilty, and two defendants have entered into deferred prosecution agreements. Eight defendants are fugitives and are wanted in the United States and abroad.
Two other leaders of the mule organization also pled guilty and have been sentenced, including Kasum Adigyuzelov and Dorin Codreanu. Adigyuzelov was sentenced in May 2011 to 48 months in prison and Codreanu was sentenced in July 2011 to 20 months in prison.
Garifulin will be sentenced on January 13, 2012.
Related Column: Stopping The Next Money Mule: How Banks Can Identify Mule Accounts as They are Opened
Related Column: Inside the Mule Network