Saturday, October 2, 2010

Operation Trident Breach: Ukraine Detains 5 Individuals Tied to $70 Million in eBanking Heists

Via Kerbs on Security -

Authorities in Ukraine this week detained five individuals believed to be the masterminds behind sophisticated cyber thefts that siphoned $70 million – out of an attempted $220 million — from hundreds of U.S.-based small to mid-sized businesses over the last 18 months, the FBI said Friday.

At a press briefing on “Operation Trident Breach,” FBI officials described the Ukrainian suspects as the “coders and exploiters” behind a series of online banking heists that have led to an increasing number of disputes and lawsuits between U.S. banks and the victim businesses that are usually left holding the bag.

The FBI said five individuals detained by the Security Service of Ukraine (SBU) on Sept. 30 were members of a gang responsible for creating specialized versions of the password-stealing ZeuS banking Trojan and deploying the malware in e-mails targeted at small to mid-sized businesses.

[...]

Friday’s media briefing at the FBI Hoover building in Washington, D.C. was designed to give reporters a clearer view of the sophistication of an organized crime group whose handiwork had largely escaped broader national media attention until this week. On Wednesday, authorities in the United Kingdom charged 11 people there – all Eastern Europeans – with recruiting and managing money mules. Then on Thursday, officials in New York announced they had charged 92 and arrested 39 money mules, including dozens of Russians who allegedly acted as mules while visiting the United States on student visas.

According to sources familiar with the investigation, the arrests, charges and announcements were intended to be executed simultaneously, but U.K. authorities were forced to act early in response to intelligence that several key suspects under surveillance were planning to flee the country.

SBU officials could not be reached for comment. But FBI agents described the Ukrainian group as the brains behind the attacks. Gordon M. Snow, assistant director of the FBI’s Cyber Division, said the individuals detained by the SBU are thought to have worked with the developer of the ZeuS Trojan to order up custom-made components and versions of ZeuS.

[...]

Snow said this week’s law enforcement action was a particularly big deal because of the unprecedented level of cooperation from foreign governments, particularly Ukraine and the Netherlands.

“We worked with legal attach├ęs in 75 countries, and we are very proud of the level of coordination that took place to get this done,” Snow said.

------------------------------------------------------------------------------------------------------------

FBI: Operation ACHing Mules
http://www.justice.gov/usao/nys/pressreleases/September10/operationachingmulespr%20FINAL.pdf

--------------------------------------------------------------------------------------------------------------

Feds Hit Zeus Group But The Mastermind is Still at Large
http://www.computerworlduk.com/in-depth/security/3241996/feds-hit-zeus-group-but-the-mastermind-is-still-at-large/

Zeus's main software developer, who once went by the name A-Z, is thought to live in St Petersburg [Russia], according to Don Jackson, a researcher with SecureWorks, one of the companies that has been tracking Zeus for years.

To complicate matters, Zeus is not run by a single gang. There are perhaps five to 10 Zeus gangs that operate at the highest level, Jackson said. These are the crooks who get access to the best code, who have the most up-to-date attacks, and who make the most money.


-------------------------------------------------------------------------------------------------------------

ZeuS Tracker - currently tracking almost 300 ZeuS C&C servers
https://zeustracker.abuse.ch/index.php

1 comment:

  1. Glory to Heroes ! respect to SBU, FBI, MI5

    ReplyDelete