UK Daily Mail Online Reports 19 Cyber criminals Arrested

Arrest of Hackers that Netted up to £20m from British Accounts

A multi-million pound internet banking fraud which drained thousands of pounds from the UK accounts of innocent victims was cracked by police yesterday.

A gang of Eastern Europeans made £2 million a month from online accounts by stealing victims log-in details using sophisticated software which can be bought for just £300 over the internet.
They made £6 million in just three months and detectives believe they could have reaped as much as £20 million in the highly organised scam.

The mastermind, who detectives believe is an adept IT expert, was among 19 arrested yesterday in a series of dawn raids across London.
He and his team targeted hundreds of victims who had weak security on their computers and accessed their user names and passwords despite tight security systems put in place by the banks on their internet sites.

Police were alerted by high street banks who were alarmed a sudden surge in fraud.

Investigators from Scotland Yard’s e-Crime Unit discovered that the gang were hitting vulnerable computers using software which is described in the industry as a ‘Trojan horse’ because it infiltrates the computer without the user realising.
The system called ‘Zeus’ or ‘Zbot’ infects victims’ personal computers, waits for them to log onto a list of specifically targeted banks and financial institutions and then steals their personal credentials, forwarding the data to a server controlled by criminals.

It can also manipulate web browsing sessions including creating an additional page requesting the victim to reveal more personal information, such as payment card number, PIN, and passwords.
Users have no idea they are being defrauded because they think they are still on their secure internet banking site.
Unbeknown to the owner, computers infected with Zeus become part of a network where they fall under the remote control of computer criminals.
It is being used increasingly by cyber criminals across the globe.

After the gang had taken over victims’ online bank accounts, they would take out several thousands pounds and place it in a ‘drop’ account before withdrawing the cash.
They recruited dozens of ‘mules’ who would allow them to use their accounts to pay the money into in return for payment.
By using scores of different bank accounts to deposit the money, they hoped to evade being caught.
Detectives have so far pinpointed over 600 British bank accounts which were defrauded but believe hundreds have been targeted.

The ringleader, in his 20s, and his wife, an accomplice in the scam, were arrested in an unremarkable third-floor flat in Chingford, Essex, yesterday morning.
Another couple, also part of the gang, were also arrested at the property.
The ‘nerve centre’ where the ringleader ran his empire from was simply a laptop on a desk in his front room. In front of it lay a notebook where figures of money had been carefully written in pencil.
In all, officers arrested 15 men and four women aged between 23 and 47 on suspicion of the Computer Misuse Act, Proceeds of Crime Act and Fraud Act offences . Inquiries are ongoing to ascertain whether they are in the country illegally.
Among them, two were also arrested on suspicion of possession of a firearm found at one of the properties. They are all in custody for questioning.
Detective Chief Inspector Terry Wilson, who led the investigation said: ‘We’ve worked closely with UK banks through our Virtual Taskforce approach to gather information and evidence which has resulted in today’s arrests.
We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm – which of course banks have had to repay at considerable cost to the economy.

‘Online banking customers must make sure their security systems are up to date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience. Greater public awareness and education will make it harder for personal details to be compromised and for this type of fraud to be carried out.’
Martin Muirhead, chairman of the Virtual Task Force, said: ‘This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public / private organisations in the UK. This is pioneering work led by the Metropolitan Police Service.”

Read more

Advertisements

3 thoughts on “UK Daily Mail Online Reports 19 Cyber criminals Arrested

  1. obowiązek szkolenia bhp says:

    a worth while one, there are hours I wonder about it too.

    Address lookup

    canonical name credit4u.com.
    aliases
    addresses 216.239.32.21
    Domain Whois record

    Queried whois.internic.net with “dom credit4u.com”…

    Domain Name: CREDIT4U.COM
    Registrar: REGISTER.COM, INC.
    Whois Server: whois.register.com
    Referral URL: http://www.register.com
    Name Server: PDNS1.ULTRADNS.NET
    Name Server: PDNS2.ULTRADNS.NET
    Name Server: PDNS3.ULTRADNS.ORG
    Name Server: PDNS4.ULTRADNS.ORG
    Status: clientTransferProhibited
    Updated Date: 14-jul-2008
    Creation Date: 02-may-1996
    Expiration Date: 03-may-2018

    >>> Last update of whois database: Fri, 17 Dec 2010 11:44:17 UTC <<<
    Queried whois.register.com with "credit4u.com"…

    Registrar Name….: Register.com
    Registrar Whois…: whois.register.com
    Registrar Homepage: http://www.register.com

    Domain Name: credit4u.com
    Created on…………..: 1996-05-02
    Expires on…………..: 2018-05-03

    Administrative Contact:
    World Media Group, LLC
    ATTN Domain Inquiries
    90 Washington Valley Rd., #1128
    Bedminster, NJ 07921
    US
    Phone: +1.9089030200
    Email: domains@world.com

    Technical Contact:
    World Media Group, LLC
    ATTN Domain Inquiries
    90 Washington Valley Rd., #1128
    Bedminster, NJ 07921
    US
    Phone: +1.9089030200
    Email: domains@world.com

    DNS Servers:
    pdns3.ultradns.org
    pdns1.ultradns.net
    pdns4.ultradns.org
    pdns2.ultradns.net
    Network Whois record

    Queried whois.arin.net with "n 216.239.32.21"…

    NetRange: 216.239.32.0 – 216.239.63.255
    CIDR: 216.239.32.0/19
    OriginAS:
    NetName: GOOGLE
    NetHandle: NET-216-239-32-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS2.GOOGLE.COM
    NameServer: NS3.GOOGLE.COM
    NameServer: NS4.GOOGLE.COM
    NameServer: NS1.GOOGLE.COM
    RegDate: 2000-11-22
    Updated: 2001-05-11
    Ref: http://whois.arin.net/rest/net/NET-216-239-32-0-1

    OrgName: Google Inc.
    OrgId: GOGL
    Address: 1600 Amphitheatre Parkway
    City: Mountain View
    StateProv: CA
    PostalCode: 94043
    Country: US
    RegDate: 2000-03-30
    Updated: 2009-08-07
    Ref: http://whois.arin.net/rest/org/GOGL

    OrgTechHandle: ZG39-ARIN
    OrgTechName: Google Inc
    OrgTechPhone: +1-650-253-0000
    OrgTechEmail: arin-contact@google.com
    OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN

    RTechHandle: ZG39-ARIN
    RTechName: Google Inc
    RTechPhone: +1-650-253-0000
    RTechEmail: arin-contact@google.com
    RTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
    DNS records

    name class type data time to live
    credit4u.com IN SOA
    server: pdns1.ultradns.net
    email: ggorman.easylink.com
    serial: 2010120204
    refresh: 10800
    retry: 3600
    expire: 2592000
    minimum ttl: 86400
    360000s (4.04:00:00)
    credit4u.com IN A 216.239.32.21 86400s (1.00:00:00)
    credit4u.com IN NS pdns6.ultradns.co.uk 86400s (1.00:00:00)
    credit4u.com IN NS pdns5.ultradns.info 86400s (1.00:00:00)
    credit4u.com IN NS pdns4.ultradns.org 86400s (1.00:00:00)
    credit4u.com IN NS pdns3.ultradns.org 86400s (1.00:00:00)
    credit4u.com IN NS pdns2.ultradns.net 86400s (1.00:00:00)
    credit4u.com IN NS pdns1.ultradns.net 86400s (1.00:00:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-04.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-03.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-02.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-01.mx.aol.com
    600s (00:10:00)
    21.32.239.216.in-addr.arpa IN PTR any-in-2015.1e100.net 82635s (22:57:15)
    — end —

  2. Pozycjonowanie says:

    Thanks for a marvellous blog, I am really sure I shall save it to my bookmarks.

    Corrga25158@credit4u.com
    Address lookup

    canonical name http://credit4u.com
    aliases
    addresses 216.239.32.21
    Domain Whois record

    Queried whois.internic.net with “dom credit4u.com”…

    Domain Name: CREDIT4U.COM
    Registrar: REGISTER.COM, INC.
    Whois Server: whois.register.com
    Referral URL: http://www.register.com
    Name Server: PDNS1.ULTRADNS.NET
    Name Server: PDNS2.ULTRADNS.NET
    Name Server: PDNS3.ULTRADNS.ORG
    Name Server: PDNS4.ULTRADNS.ORG
    Status: clientTransferProhibited
    Updated Date: 14-jul-2008
    Creation Date: 02-may-1996
    Expiration Date: 03-may-2018

    Last update of whois database: Tue, 07 Dec 2010 13:35:51 UTC
    Queried whois.register.com with “credit4u.com”…

    Registrar Name….: Register.com
    Registrar Whois…: whois.register.com
    Registrar Homepage: http://www.register.com

    Domain Name: credit4u.com
    Created on…………..: 1996-05-02
    Expires on…………..: 2018-05-03

    Administrative Contact:
    World Media Group, LLC
    ATTN Domain Inquiries
    90 Washington Valley Rd., #1128
    Bedminster, NJ 07921
    US
    Phone: +1.9089030200
    Email: domains@world.com

    Technical Contact:
    World Media Group, LLC
    ATTN Domain Inquiries
    90 Washington Valley Rd., #1128
    Bedminster, NJ 07921
    US
    Phone: +1.9089030200
    Email: domains@world.com

    DNS Servers:
    pdns3.ultradns.org
    pdns1.ultradns.net
    pdns4.ultradns.org
    pdns2.ultradns.net
    Network Whois record

    Queried whois.arin.net with “n 216.239.32.21″…

    NetRange: 216.239.32.0 – 216.239.63.255
    CIDR: 216.239.32.0/19
    OriginAS:
    NetName: GOOGLE
    NetHandle: NET-216-239-32-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS2.GOOGLE.COM
    NameServer: NS3.GOOGLE.COM
    NameServer: NS4.GOOGLE.COM
    NameServer: NS1.GOOGLE.COM
    RegDate: 2000-11-22
    Updated: 2001-05-11
    Ref: http://whois.arin.net/rest/net/NET-216-239-32-0-1

    OrgName: Google Inc.
    OrgId: GOGL
    Address: 1600 Amphitheatre Parkway
    City: Mountain View
    StateProv: CA
    PostalCode: 94043
    Country: US
    RegDate: 2000-03-30
    Updated: 2009-08-07
    Ref: http://whois.arin.net/rest/org/GOGL

    OrgTechHandle: ZG39-ARIN
    OrgTechName: Google Inc
    OrgTechPhone: +1-650-253-0000
    OrgTechEmail: arin-contact@google.com
    OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN

    RTechHandle: ZG39-ARIN
    RTechName: Google Inc
    RTechPhone: +1-650-253-0000
    RTechEmail: arin-contact@google.com
    RTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
    DNS records

    name class type data time to live
    credit4u.com IN SOA
    server: pdns1.ultradns.net
    email: ggorman.easylink.com
    serial: 2010120204
    refresh: 10800
    retry: 3600
    expire: 2592000
    minimum ttl: 86400
    360000s (4.04:00:00)
    credit4u.com IN A 216.239.32.21 86400s (1.00:00:00)
    credit4u.com IN NS pdns6.ultradns.co.uk 86400s (1.00:00:00)
    credit4u.com IN NS pdns5.ultradns.info 86400s (1.00:00:00)
    credit4u.com IN NS pdns4.ultradns.org 86400s (1.00:00:00)
    credit4u.com IN NS pdns3.ultradns.org 86400s (1.00:00:00)
    credit4u.com IN NS pdns2.ultradns.net 86400s (1.00:00:00)
    credit4u.com IN NS pdns1.ultradns.net 86400s (1.00:00:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-04.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-03.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-02.mx.aol.com
    600s (00:10:00)
    credit4u.com IN MX
    preference: 15
    exchange: mailin-01.mx.aol.com
    600s (00:10:00)
    21.32.239.216.in-addr.arpa IN PTR any-in-2015.1e100.net 86400s (1.00:00:00)
    — end —
    Email: corp@world.com
    Mailing Address: World Media Group,90 Washington Valley Road, # 1128, Bedminster, NJ 07921
    Email Abuse:
    The email services are not owned or provided by World Media Group, LLC. To report potential email abuse or related matters, please refer to Mail.com (www.mail.com). They own and operate the email services for the domain(s). Email: LegalCompliance@corp.mail.com
    Phone: 310-846-4870
    _________________________________________________________________

    This really rubs me the wrong way.
    If you look in the word document properties for the author (who created that document) you see the name Engr. Ezekiel.
    When you google that, the first return is this;

    Engr. Ezekiel / Kiely’s Profile on Naijapals
    Kiely’s profile, pictures and blogs on Naijapals, Naijapals enables you to meet Nigerians and watch free Nigerian movies online.
    http://www.naijapals.com/?L=users.profile&id=191519

    There is no California business registered as Titan Travel Limited. I also don’t find it registered with the Federal Trade Commission (by name or the number they provide).
    To me it looks like they lifted the bottom portion off a legitimate website; the ‘contact us’ hyperlink is http://www.titantravel.co.uk/contactus.html
    That redirects (eventually) to the privacy statement “Titan Travel means the Acromas Group of companies and all companies within its Group resident anywhere in the world.”

    They don’t look like the sort of company that would operate a US office out of a non-existent house

    The document “Certificate of Recognition/Operation United States Association of Travel Agent” is totally bogus; most of those ‘boards’ named do not exist but sound convincing enough to someone. (?)

    The email address in the .txt ‘work visa application’ document is on the domain qualityservice.com That site says “QUALITYSERVICE.COM is a publication of World.com Media”
    World.com has a SCAM WARNING on its page that actually has some legitimate places for you to report this.
    http://www.world.com/scam.php

    Domains ending in “.gov” are US government websites only.

    world.com has the copyright © 2008 World Media Group LLC.
    World Media Group’s one web page explains their business and says this:
    # Email Abuse:
    The email services are not owned or provided by World Media Group, LLC. To report potential email abuse or related matters, please refer to Mail.com (www.mail.com). They own and operate the email services for the domain(s). Email: LegalCompliance@corp.mail.com
    Phone: 310-846-4870

    What email services? Do they sell addresses on their domain to scammers to confuse people?

    Even ‘legitimate’ business can be shady but it seems clear that the documents you got were not created by a company at all, and certainly not the company they are representing themselves to be.
    __________________

  3. soprankov says:

    Federal Cash Agency (Cash Loan Network | Cash Advance Network) is the expert in Cash Advance Loan.

    http://loans.federalcashagency.com
    Address lookup

    canonical name loans.federalcashagency.com.
    aliases
    addresses 178.63.175.251
    Domain Whois record

    Queried whois.internic.net with “dom federalcashagency.com”…

    Domain Name: FEDERALCASHAGENCY.COM
    Registrar: UK2 GROUP LTD.
    Whois Server: whois.hostingservicesinc.net
    Referral URL: http://www.resell.biz
    Name Server: NS3.FASTVPS.RU
    Name Server: NS4.FASTVPS.RU
    Status: clientTransferProhibited
    Updated Date: 21-sep-2010
    Creation Date: 04-nov-2009
    Expiration Date: 04-nov-2011

    Last update of whois database: Fri, 01 Oct 2010 18:36:20 UTC <<<
    Queried whois.hostingservicesinc.net with "federalcashagency.com"…

    Registration Service Provided By: 1'ST DOMAIN NAME SERVICE
    Contact: +373.79449745
    Website: http://www.1dns.ru

    Domain Name: FEDERALCASHAGENCY.COM

    Registrant:
    PrivacyProtect.org
    Domain Admin (contact@privacyprotect.org)
    P.O. Box 97
    Note – All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    Creation Date: 04-Nov-2009
    Expiration Date: 04-Nov-2011

    Domain servers in listed order:
    ns4.fastvps.ru
    ns3.fastvps.ru

    Administrative Contact:
    PrivacyProtect.org
    Domain Admin (contact@privacyprotect.org)
    P.O. Box 97
    Note – All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    Technical Contact:
    PrivacyProtect.org
    Domain Admin contact@privacyprotect.org
    P.O. Box 97
    Note – All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    Billing Contact:
    PrivacyProtect.org
    Domain Admin contact@privacyprotect.org
    P.O. Box 97
    Note – All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    Status:LOCKED

    Network Whois record
    Queried whois.ripe.net with "-B 178.63.175.251
    % Information related to '178.63.175.224 – 178.63.175.255'

    inetnum: 178.63.175.224 – 178.63.175.255
    netname: FASTVPS-LTD
    descr: FastTelecommunications Incorporated
    country: DE
    admin-c: PG6165-RIPE
    tech-c: PG6165-RIPE
    status: ASSIGNED PA
    notify: ripe-mntner@hetzner.de
    mnt-by: HOS-GUN
    changed: ripe-dbm-updates@robot.first-ns.de 20100819
    source: RIPE

    person: Pavel Gavrilin
    address: Address Unit 117, Orion Mall, Palm Street, P.O. Box 828, Victoria,
    address: Mahe, Seychelles
    phone: +883510013425113
    fax-no: +883510013425113
    e-mail: support@fastvps.ru
    nic-hdl: PG6165-RIPE
    notify: ripe-mntner@hetzner.de
    abuse-mailbox: support@fastvps.ru
    mnt-by: HOS-GUN
    changed: ripe-dbm-updates@robot.first-ns.de 20080104
    changed: ripe-dbm-updates@robot.first-ns.de 20091111
    changed: ripe-dbm-updates@robot.first-ns.de 20100322
    source: RIPE

    % Information related to '178.63.0.0/16AS24940'

    route: 178.63.0.0/16
    descr: HETZNER-RZ-FKS-BLK2
    origin: AS24940
    org: ORG-HOA1-RIPE
    mnt-by: HOS-GUN
    changed: ripe@hetzner.de 20100302
    source: RIPE

    organisation: ORG-HOA1-RIPE
    org-name: Hetzner Online AG
    org-type: LIR
    address: Hetzner Online AG
    Attn. Martin Hetzner
    Stuttgarter Str. 1
    91710 Gunzenhausen
    GERMANY
    phone: +49 9831 610061
    fax-no: +49 9831 610062
    e-mail: info@hetzner.de
    admin-c: DM93-RIPE
    admin-c: GM834-RIPE
    admin-c: HOAC1-RIPE
    admin-c: MH375-RIPE
    admin-c: RB1502-RIPE
    admin-c: SK2374-RIPE
    admin-c: TF2013-RIPE
    admin-c: MF1400-RIPE
    mnt-ref: HOS-GUN
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-by: RIPE-NCC-HM-MNT
    changed: hostmaster@ripe.net 20040415
    changed: bitbucket@ripe.net 20041025
    changed: bitbucket@ripe.net 20041216
    changed: bitbucket@ripe.net 20041216
    changed: bitbucket@ripe.net 20050201
    changed: bitbucket@ripe.net 20050203
    changed: bitbucket@ripe.net 20050204
    changed: hostmaster@ripe.net 20050217
    changed: hostmaster@ripe.net 20050217
    changed: bitbucket@ripe.net 20050221
    changed: bitbucket@ripe.net 20050321
    changed: bitbucket@ripe.net 20050405
    changed: bitbucket@ripe.net 20050706
    changed: bitbucket@ripe.net 20050913
    changed: bitbucket@ripe.net 20051220
    changed: bitbucket@ripe.net 20051223
    changed: bitbucket@ripe.net 20051227
    changed: bitbucket@ripe.net 20060919
    changed: bitbucket@ripe.net 20070328
    changed: bitbucket@ripe.net 20070405
    changed: bitbucket@ripe.net 20070411
    changed: bitbucket@ripe.net 20070416
    changed: bitbucket@ripe.net 20070416
    changed: bitbucket@ripe.net 20070813
    changed: bitbucket@ripe.net 20070829
    changed: bitbucket@ripe.net 20080402
    changed: bitbucket@ripe.net 20090519
    changed: bitbucket@ripe.net 20091215
    source: RIPE
    DNS records

    name class type data time to live
    loans.federalcashagency.com IN TXT v=spf1 ip4:78.47.76.4 a mx ~all 3600s (01:00:00)
    loans.federalcashagency.com IN SOA
    server: ns3.fastvps.ru
    email: support.fastvps.ru
    serial: 2010092101
    refresh: 10800
    retry: 3600
    expire: 604800
    minimum ttl: 86400
    3600s (01:00:00)
    loans.federalcashagency.com IN NS ns3.fastvps.ru 3600s (01:00:00)
    loans.federalcashagency.com IN NS ns4.fastvps.ru 3600s (01:00:00)
    loans.federalcashagency.com IN MX
    preference: 10
    exchange: mail.loans.federalcashagency.com
    3600s (01:00:00)
    loans.federalcashagency.com IN MX
    preference: 20
    exchange: mail.loans.federalcashagency.com
    3600s (01:00:00)
    loans.federalcashagency.com IN A 178.63.175.251 3600s (01:00:00)
    federalcashagency.com IN SOA
    server: ns3.fastvps.ru
    email: support.fastvps.ru
    serial: 2010092101
    refresh: 10800
    retry: 3600
    expire: 604800
    minimum ttl: 86400
    3600s (01:00:00)
    federalcashagency.com IN NS ns3.fastvps.ru 3600s (01:00:00)
    federalcashagency.com IN NS ns4.fastvps.ru 3600s (01:00:00)
    federalcashagency.com IN A 178.63.175.251 3600s (01:00:00)
    federalcashagency.com IN MX
    preference: 20
    exchange: mail.federalcashagency.com
    3600s (01:00:00)
    federalcashagency.com IN MX
    preference: 10
    exchange: mail.federalcashagency.com
    3600s (01:00:00)
    federalcashagency.com IN TXT v=spf1 ip4:78.47.76.4 a mx ~all 3600s (01:00:00)
    251.175.63.178.in-addr.arpa IN PTR mobite.ru 86400s (1.00:00:00)
    — end —

Leave A Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.