Hackers Siphoned $70 Million

WASHINGTON, DC -- An international computer-crime ring that was broken up this week siphoned about $70 million in a hacking operation targeting bank accounts of small businesses, municipalities and churches, the Federal Bureau of Investigation said Friday.
FBI officials provided new details of a broad probe that included the arrests earlier in the week of people allegedly involved in a network of "mules," those recruited to move stolen funds via bank accounts opened with fake names.

Authorities in the U.S., U.K., the Netherlands and Ukraine have detained or charged more than 100 people. According to the FBI, the organization running the hacking ring included computer-code writers in Ukraine, and the mule-network operators spread out in the U.S., U.K. and Ukraine.

Victims were mostly in the U.S., though some bank accounts were also targeted in the U.K., the Netherlands, and Mexico.

Thieves using iterations of the Zeus computer program managed to steal hundreds of thousands of dollars at a time—the result of focusing on business accounts instead of individual consumers, the FBI said. Investigators said the transactions attempted could have led to losses of up to $220 million, but many weren't completed.

Authorities had earlier cited losses of at least $3 million, a figure that included only a subset of the larger probe described Friday by the FBI.

Since emerging in 2007, the Zeus software, or "malware," has become the weapon of choice for most cyber bank robbers, experts say. The software has been updated multiple times, becoming more sophisticated, and it is sold on the black market to criminals.

Russell Brown, an FBI special agent in the bureau's cyber division, said the ring focused on accounts owned by municipalities and churches in addition to smaller corporate accounts.

The thieves realized "there was more money if you compromise a small-medium business," Mr. Brown said. "They were particularly focused on small and medium businesses because of the technological limitations" often found in security systems at smaller companies, he said.

Gordon Snow, FBI assistant director and chief of the cyber division, said the probe began in May 2009, when FBI agents in Omaha, Neb., began investigating 46 suspicious bank payment transactions, and it grew to a probe of thefts from about 400 victims.

The "technical sophistication of their operation made it difficult to investigate and disrupt," he said.

Even as investigators shut down one major operation using the Zeus malware, they acknowledged that new iterations of it were wreaking havoc in the business world.

Don Jackson is director of threat intelligence at information-security firm SecureWorks, and has provided information on Zeus operations to federal law enforcement. He said the Zeus malware's staying power could largely be attributed to its business model.

Its Russian author, known in the underground by his online handle A-Z, has developed a corporate operation complete with licensing agreements and tech support that have made it easy to use for aspiring cyber bank robbers.

Mr. Jackson said that with the arrests this week, international law enforcement put a major dent in the Zeus operations around the world.