Manhattan U.S. Attorney Charges 37 Defendants Involved in Global Bank Fraud Schemes that Used “Zeus Trojan” and Other Malware

Manhattan U.S. Attorney Charges 37 Defendants Involved in Global Bank Fraud Schemes that Used “Zeus Trojan” and Other Malware to Steal Millions of Dollars from U.S. Bank Accounts

Defendants Allegedly Compromised Dozens of Accounts and Transferred More Than $3 Million in Stolen Funds to Hundreds of Accounts Opened Under False Identities

Note: The following are significant excerpts from the U.S. Department of Justice’s Septemeber 30, Press Release:

Summary of how the fraud scheme worked:

“According to Complaints unsealed today in Manhattan federal court, the cyber-attacks began in Eastern Europe, and included the use of a malware known as the “Zeus Trojan,” which was typically sent as an apparently-benign e-mail to computers at small businesses and municipalities in the United States. Once the email was opened, the malware embedded itself in the victims’ computers, and recorded their keystrokes—including their account numbers, passwords, and other vital security codes—as they logged into their bank accounts online. The hackers responsible for the malware then used the stolen account information to take over the victims’ bank accounts, and made unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators.

These receiving accounts were set up by a “money mule organization” responsible for retrieving the proceeds of the malware attacks and transporting or transferring the stolen money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks. Once these false-name accounts were successfully opened and received the stolen funds from the accounts compromised by the malware attacks, the “mules” were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash.

The defendants charged in Manhattan federal court include managers of and recruiters for the money mule organization, an individual who obtained the false foreign passports for the mules, and money mules.

As part of the coordinated takedown earlier today, federal and local law enforcement officers arrested 10 of the defendants. Another 10 were previously arrested. The defendants taken into custody in New York today are expected to be presented in Manhattan federal court later this afternoon. Seventeen defendants are still being sought here and abroad.”

The Challenge Of International Cybercrime – Current &  Developing Solutions:

Manhattan U.S. Attorney PREET BHARARA said: “The digital age brings with it many benefits, but also many challenges for law enforcement and our financial institutions. As today’s arrests show, the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car. It requires only the Internet and ingenuity. And it can be accomplished in the blink of an eye, with just a click of the mouse. But today’s coordinated operation demonstrates that these 21st century bank robbers are not completely anonymous; they are not invulnerable. Working with our colleagues here and abroad, we will continue to attack this threat, and bring cyber criminals to justice.”

District Attorney CYRUS VANCE, JR. said: “This advanced cybercrime ring is a disturbing example of organized crime in the 21st century—high tech and widespread. The 36 defendants indicted by our office stole from ordinary citizens and businesses using keyboards—not a gun. The far-reaching results of this investigation to date represent what people deserve: successful cooperation between city, state, federal, and foreign law enforcement officials, who worked together for a common goal—to identify and prosecute individuals who commit fraud against New Yorkers and the rest of the nation.

DSS Special Agent-in-Charge CHRISTOPHER PAUL said: “The charges announced today send a strong message: Diplomatic Security is committed to collaborating with our law enforcement partners to make sure that those who commit fraud face consequences for their criminal actions. Diplomatic Security’s strong relationship with the U.S. Attorney’s Office and other law agencies around the world continues to be essential in the pursuit of justice.

HSI Special Agent-in-Charge JAMES T. HAYES, JR., said: “Protecting our nation’s financial infrastructure is a primary mission for HSI and the El Dorado Task Force. We will continue to work with our law enforcement partners to identify and disrupt these international organizations.”

USSS Special Agent-in-Charge BRIAN G. PARR said: “As the incidence of transnational cybercrimes continues to rise, the Secret Service remains actively engaged in fighting this type of illegal activity. The results of this investigation clearly demonstrate how the Secret Service is forging strong partnerships with other law enforcement agencies, successfully combating cyberfraud, and bringing high-tech perpetrators to justice.”

Full Press Release:

Click here to read the full press release.

President Obama Establishes Interagency Financial Fraud Enforcement Task Force

11/17/2009 Financial Fraud Enforcement Task Force

WASHINGTON—Attorney General Eric Holder, Treasury Secretary Tim Geithner, Housing and Urban Development (HUD) Secretary Shaun Donovan, and Securities and Exchange Commission (SEC) Chairwoman Mary Schapiro today announced that President Barack Obama has established by Executive Order an interagency Financial Fraud Enforcement Task Force to strengthen efforts to combat financial crime. The Department of Justice will lead the task force and the Department of Treasury, HUD, and the SEC will serve on the steering committee. The task force’s leadership, along with representatives from a broad range of federal agencies, regulatory authorities and inspectors general, will work with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, address discrimination in the lending and financial markets and recover proceeds for victims.

The task force, which replaces the Corporate Fraud Task Force established in 2002, will build upon efforts already underway to combat mortgage, securities and corporate fraud by increasing coordination and fully utilizing the resources and expertise of the government’s law enforcement and regulatory apparatus. The attorney general will convene the first meeting of the Task Force in the next 30 days.

“This task force’s mission is not just to hold accountable those who helped bring about the last financial meltdown, but to prevent another meltdown from happening,” Attorney General Eric Holder said. “We will be relentless in our investigation of corporate and financial wrongdoing, and will not hesitate to bring charges, where appropriate, for criminal misconduct on the part of businesses and business executives.”

“Through the Financial Fraud Task Force, we are making clear that the Obama Administration is going to act aggressively and proactively in a coordinated effort to combat financial fraud,” said Treasury Secretary Geithner. “It’s not enough to prosecute fraud only after it’s become widespread. We can’t wait for problems to peak before we respond. We’re seeking comprehensive financial reform to create a more stable, safer financial system and stepping up our enforcement strategy. Doing so will help to stop emerging trends in financial fraud before they’re able to cause extensive, system-wide damage to our economy.”

“To give American families the protection and peace-of-mind they need, it’s clear the federal response must be as interconnected and multi-dimensional as the challenges we face,” said HUD Secretary Shaun Donovan. “No one agency is going to be able to stop financial fraud. This Task force will build upon many of the inter-agency collaborations already underway to protect consumers and restore confidence.”

“Many financial frauds are complicated puzzles that require painstaking efforts to piece together. By formally coordinating our efforts, we will be better able to identify the pieces, assemble the puzzle and put an end to the fraud,” said SEC Chairman Mary Schapiro.

The task force is composed of senior-level officials from the following departments, agencies and offices:

  • the Department of Justice;
  • the Department of the Treasury;
  • the Department of Commerce;
  • the Department of Labor;
  • the Department of Housing and Urban Development;
  • the Department of Education;
  • the Department of Homeland Security;
  • the Securities and Exchange Commission;
  • the Commodity Futures Trading Commission;
  • the Federal Trade Commission;
  • the Federal Deposit Insurance Corporation;
  • the Board of Governors of the Federal Reserve System;
  • the Federal Housing Finance Agency;
  • the Office of Thrift Supervision;
  • the Office of the Comptroller of the Currency;
  • the Small Business Administration;
  • the Federal Bureau of Investigation;
  • the Social Security Administration;
  • the Internal Revenue Service, Criminal Investigations;
  • the Financial Crimes Enforcement Network;
  • the United States Postal Inspection Service;
  • the United States Secret Service;
  • the United States Immigration and Customs Enforcement;
  • relevant Offices of Inspectors General and related Federal entities, including without limitation the Office of the Inspector General for the Department of Housing and Urban Development, the Recovery Accountability and Transparency Board and the Office of the Special Inspector General for the Troubled Asset Relief Program; and
  • such other executive branch departments, agencies, or offices as the President may, from time to time, designate or that the Attorney General may invite.

In addition, the attorney general will invite representatives of the National Association of Attorneys General, the National District Attorneys Association and other state, local, tribal, and territorial representatives to participate in the task force through its Enforcement Committee.

Fraudulent Automated Clearing House (ACH) Transfers Connected to Malware and Work-at-Home Scams

11/3/2009 FBI Press Release:

As part of a continuing effort to identify the latest cyber crime trends and warn the public, the FBI today released the following information:

Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a “spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.

Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search websites. These persons are often hired to “process payments,” or “transfer funds.” They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram.

Customers who use online banking services are advised to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers.

The United States Computer Emergency Readiness Team (US-CERT) has made information on banking securely online available at: http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf

Protecting your computer against malicious software is an ongoing activity and, at minimum, all computer systems need to be regularly patched, have up-to-date anti-virus software, and have a personal firewall installed. Further information is available at: http://www.us-cert.gov/nav/nt01/

If you have experienced unauthorized funds transfers from your bank accounts, or if you have been recruited via a work-at-home opportunity to receive transfers and forward money overseas, please notify the Internet Crime Complaint Center by filing a complaint at: http://www.ic3.gov.

For a detailed analysis of this scam please visit http://www.ic3.gov/media/2009/091103-1.aspx