Home News Stories 2010 October Cyber Banking Fraud

Cyber Bust

A massive cyber theft ring that used a Trojan horse virus to steal $70 million has been disrupted.

Wanted Cyber Fugitives (16)

Members of the theft ring managed to steal $70 million. The image above depicts the individuals wanted in October 2010; view current wanted poster for updated information.

Cyber Banking Fraud
Global Partnerships Lead to Major Arrests

10/01/10

The cyber thieves were smart. Instead of targeting corporations and large banks that had state-of-the-art online security, they went after the accounts of medium-sized companies, towns, and even churches. Before they were caught, members of the theft ring managed to steal $70 million.

Today, with our law enforcement partners in the United States, the United Kingdom, Ukraine, and the Netherlands, we announced the execution of numerous arrests and search warrants in multiple countries in one of the largest cyber criminal cases we have ever investigated.

Cyber Graphic

“This was a major theft ring,” said Gordon Snow, assistant director of the FBI’s Cyber Division. “Global criminal activity on this scale is a threat to our financial infrastructure, and it can only be effectively countered through the kind of international cooperation we have seen in this case.”

Using a Trojan horse virus known as Zeus, hackers in Eastern Europe infected computers around the world. The virus was carried in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the malicious software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log into online banking accounts.

The hackers used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of “money mules.” Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and phony names. Once the money was in their accounts, the mules could either wire it back to their bosses in Eastern Europe or turn it into cash and smuggle it out of the country. For their work, they were paid a commission.

Yesterday, our New York office arrested 10 subjects related to the case, and we are seeking 17 others. Those arrested are charged with using hundreds of false-name bank accounts to receive more than $3 million from victimized accounts.

In all, the global theft ring attempted to steal some $220 million and was actively involved in using Zeus to infect more computers. But beyond the actual and potential monetary loss, this case is significant because of the extraordinary level of cooperation among international law enforcement to stop the group. And it sends a message to hackers around the world that there are fewer safe havens from which they can operate.

“There are many challenges in a complicated global case like this one,” said Weysan Dun, special agent in charge of our Omaha office, where the investigation began in May 2009 when agents discovered a pattern of suspicious banking transactions. “With multiple countries involved, there are differences in times zones, geography, and culture, not to mention that all our cyber laws are not the same. But those differences were overcome,” Dun said, “and the results speak for themselves.”

He added, “The international tolerance for this kind of criminal activity is decreasing. Our partners overseas are dealing more aggressively and effectively with cybercrime than ever before. The number of nations that collaborated and worked in partnership with the Bureau on this case represents a very significant step forward in the way we investigate these cases.”

Resources:
- National press release
- New York press release | Update on captures (wanted poster)

Note: The individuals pictured or identified here may have been apprehended or may no longer be wanted by law enforcement since the above information was posted on this website. Please check our Wanted by the FBI website or contact your local FBI office for up-to-date information.