Ukrainian police on Thursday detained five suspects who allegedly masterminded a cybercrime operation that used the Zeus banking Trojan, the FBI said Friday.
The arrests were part of an international law enforcement effort called Operation Trident Beach that cracked down on the cybercrime ring. According to the FBI, the five individuals detained by the Secret Service of Ukraine were key subjects responsible for the scheme, which allegedly stole $70 million from victims' bank accounts. Ukrainian authorities also executed eight search warrants.
The ring targeted small and midsized businesses, municipalities, churches and individuals and infected their computers with a version of the Zeus Trojan, authorities said.
"During this investigation, the FBI worked closely with our overseas counterparts to identify subjects who were instrumental in the development and control of the malicious software, those who facilitated the use of malware, and those who saw a means to make quick, easy money -- the mules," assistant director Gordon Snow of the FBI's cyber division said in a prepared statement.
On Thursday, U.S. authorities charged dozens of people in connection with the Zeus banking Trojan scheme. Department of Justice officials said the people arrested were either money mules involved in moving stolen funds outside the U.S., managers and recruiters for the mule organizations, or people who obtained false foreign passports for the mules. The suspects are from the Russian Federation, Ukraine, Kazakhstan and Belarus.
The U.S. arrests came a day after police in London arrested several people for their roles in the Zeus-fueled heist. UK authorities charged 11 people from Ukraine, Latvia, Estonia and Belarus with conspiracy to defraud and money laundering.
Operation Trident Beach began in May 2009 when FBI agents in Omaha, Neb. began investigating a series of ACH batch payments to 46 separate bank accounts throughout the U.S. The FBI said it partnered with local, state and federal officials, foreign police agencies in the Netherlands, Ukraine and the United Kingdom, and others to track down the suspects.
Avivah Litan, a vice president and distinguished analyst at Gartner Inc., wrote in a blog post that while the arrests will put the particular money mule operations out of business, they won't stop ACH and wire fraud.
"It just slows down the ability for the fraudsters to use Zeus to commit it," she said. "There are many other attack vectors that enable the crooks to get into online bank accounts and money transfers that don't use Zeus. For example, there's a relatively new piece of malware called Spyeye. It's a landmark infection that doesn't require administrative privileges on the PC and operates as a relatively quick hit-and-run type of attack."
Banks need to remain vigilant and use a layered security approach to fight online banking fraud, including strong authentication, fraud detection and transaction verification, Litan said. She also recommended that banks weigh the costs and benefits of protecting the user desktop session by using technologies such as secure desktop browsing software.