Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Money Mule Leader Pleads Guilty for Part in Global Fraud Scheme Powered by Zeus

On Friday, the last of 27 defendants arrested in connection with a global cybercrime operation that compromised dozens of accounts and used false identities to open hundreds of bank accounts, pled guilty and now faces up to 45 years in prison.

On Friday, the last of 27 defendants arrested in connection with a global cybercrime operation that compromised dozens of accounts and used false identities to open hundreds of bank accounts, pled guilty and now faces up to 45 years in prison.

Nikolay Garifulin, 22, of Volgograd, Russia, pled guilty last Friday in Manhattan federal court to conspiracy to commit bank fraud and possess false identification documents for his role in the scheme that made use of the popular Zeus malware and a network of “money mules” to steal over $3 million from dozens of U.S. accounts that were compromised by malware attacks.

According to the U.S. Attorney’s Office, the cyber-attacks originated in Eastern Europe and utilized the Zeus Trojan to record victim’s keystrokes, arming the cyber-thieves with the information needed to take over the victims’ bank accounts, and make unauthorized transfers to accounts controlled by the co-conspirators.

Zeus CybercrimeThese receiving accounts were set up by a network of money mules responsible for retrieving the stolen funds and transferring the money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks.

Acting as leader in the money mule network, Garifulin collected funds that had been withdrawn by money mules from the fraudulent accounts in the United States, transferred the funds to Eastern Europe as requested by the organization’s leader. Garifulin also arranged for fake passports to be transferred to mules in the United States from Eastern Europe.

Idan Aharoni, Head of Cyber Intelligence for the FraudAction Intelligence team at RSA, and a SecurityWeek contributor, says it’s impossible to talk about the world of fraud without mentioning mules. “When it comes to infrastructure, mules are just as important – if not more important – than having a botnet or a phishing attack set up,” Aharoni writes. “Being such a pivotal part of the fraud process, it’s no surprise that fraudsters go to great lengths to recruit and control mules. If in the past mule recruitment was done mostly in the real world – where potential mule candidates were preyed on due to poverty in most cases – today, fraudsters employ much more sophisticated methods for mule recruitment. Not only do these methods void the need for the fraudster to be physically present in the country, but they also increase the bandwidth of the mule recruitment. In cases where these methods were problematic to implement, the recruiters improved the existing methods and added a new layer of sophistication.”

In connection with the global cybercrime ring, charges were filed against 37 defendants back in September 2010. Including Garifulin, 27 defendants pled guilty, and two defendants have entered into deferred prosecution agreements. Eight defendants are fugitives and are wanted in the United States and abroad.

Two other leaders of the mule organization also pled guilty and have been sentenced, including Kasum Adigyuzelov and Dorin Codreanu. Adigyuzelov was sentenced in May 2011 to 48 months in prison and Codreanu was sentenced in July 2011 to 20 months in prison.

Garifulin will be sentenced on January 13, 2012.

Advertisement. Scroll to continue reading.

Related Column: Stopping The Next Money Mule: How Banks Can Identify Mule Accounts as They are Opened

Related Column: Inside the Mule Network

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.