Monday, October 4, 2010

Ukraine Detains 5 Individuals Tied to $70 Million in U.S. eBanking Heists

From Krebs on Security,

Authorities in Ukraine this week detained five individuals believed to be the masterminds behind sophisticated cyber thefts that siphoned $70 million – out of an attempted $220 million — from hundreds of U.S.-based small to mid-sized businesses over the last 18 months, the FBI said Friday.

At a press briefing on “Operation Trident Breach,” FBI officials described the Ukrainian suspects as the “coders and exploiters” behind a series of online banking heists that have led to an increasing number of disputes and lawsuits between U.S. banks and the victim businesses that are usually left holding the bag.

The FBI said five individuals detained by the Security Service of Ukraine (SBU) on Sept. 30 were members of a gang responsible for creating specialized versions of the password-stealing ZeuS banking Trojan and deploying the malware in e-mails targeted at small to mid-sized businesses.

Investigators say the Ukrainian gang used the software to break into computers belonging to at least 390 U.S. companies, transferring victim funds to more than 3,500 so-called “money mules,” individuals in the United States willingly or unwittingly recruited to receive the cash and forward it overseas to the attackers. In connection with the investigation, some 50 SBU officials also executed eight search warrants in the eastern region of Ukraine this week

1 comment:

Jared Coppotelli said...

The level of impact of these e-heists against small U.S. businesses is amplified due to the fact that these businesses are forced to absorb the monetary loss. As a response to the recent online banking heists, Senator Charles Schumer has proposed “Regulation E” to Congress, which would protect consumers from the liability of absorbing a loss due to fraud. Fraud, in this case, refers to stolen money from a person’s account due to stolen usernames and passwords. This is certainly a positive reaction to this recent crime wave of online heists, but it is evident that businesses have much more to lose since more of their money is likely to be taken, and banks would be unable to cover their losses. A representative from the Independent Community Bankers of America has even admitted that the logic behind only covering consumer e-heists is that banks will be more capable of covering consumer losses since it is comparatively a smaller amount of money. While Schumer’s new bill would help schools and municipalities recover losses from e-heists, small businesses are still left without any insurance against criminals using malware. Since over $70 million has been taken from over 390 U.S. companies, the crux of this problem clearly extends beyond schools and small town districts. It actually may not be in the consumers’ best interests for banks to cover these immense losses from fraud, since the banks would need to consequently incorporate higher prices for consumer services. When Congress convenes next year, it will certainly be interesting to see politicians’ views on how businesses can be protected against cyber crime.