Zeus malware – nine charged with conspiracy to steal millions of dollars

library
crime | hacking | security

The US Department of Justice (DOJ) has charged nine individuals over their alleged involvement in a criminal organisation that stole millions of dollars from victims’ bank accounts.

The DOJ revealed the charges in an indictment released on Friday, in which it claimed that they infected thousands of business computers with Zeus (also known as Zbot).

Two of the defendants, Yuriy Konovalenko and Yevhen Kulibaba, both Ukranian nationals living in the UK, had been extradited to the US and made their initial court appearance in Nebraska on Friday.

Three members of the organisation remain unknown while another four defendants are still at large:

Vyacheslav Igorevich Penchukov, of Ukraine, who allegedly coordinated the exchange of stolen banking credentials as well as the organisation of money mules
Ivan Viktorvich Klepikov, of Ukraine, alleged systems administrator who handled the technical aspects of the criminal enterprise
Alexey Dmitrievich Bron, of Ukraine, allegedly the financial manager of the various criminal operations who managed the transfer of funds through an online money system known as Webmoney
Alexey Tikonov, of Russia, an alleged coder or developer who assisted the criminal enterprise by developing new codes to compromise banking systems.

The defendants were originally charged by a federal grand jury in August 2012 with jurisdiction handed over to Nebraska after some of the losses were attributed to local banks and businesses.

Acting Assistant Attorney General David O’Neil said in a statement:

The Zeus malware is one of the most damaging pieces of financial malware that has ever been used. As the charges unsealed today demonstrate, we are committed to making the internet more secure and protecting the personal information and bank accounts of American consumers. With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of US citizens.

The charges facing the defendants include conspiracy to participate in racketeering activity, multiple instances of bank fraud, aggravated identity theft, conspiracy to violate the Computer Fraud and Abuse Act, and conspiracy to violate the Identity Theft and Assumption Deterrence Act.

While there are few specifics, and it is unknown exactly how much money was stolen, the group allegedly infected victims’ computers with the malware before stealing PINs, account numbers, SecurID token codes, and other forms of financial data.

The defendants then allegedly used “money mules” based primarily in the US who received funds transferred from compromised bank accounts into their own accounts. According to the DOJ, the mules then withdrew some of the funds and wired the money overseas to the conspirators.

Yevhen Kulibaba allegedly operated the conspirators’ money laundering network within the UK, from money withdrawn from the accounts of American victims, the DOJ said. The agency also said that Konovalenko allegedly provided the banking details of money mules and victims to Kulibaba and organised the collection of victims’ data from other conspirators.

The case was investigated by the FBI’s Omaha Cyber Task Force in collaboration with the UK’s Metropolitan Police Service and the National Police of the Netherlands’s National High Tech Crime Unit. Significant assistance was also provided by the Security Service of Ukraine, prompting comment from US Attorney Deborah R. Gilg:

This demonstrates the global reach of cybercrime and the significant threat to our financial infrastructure. We are grateful for the collaboration of our international and federal law enforcement partners in this complex financial fraud crime.