Arrest of Hackers that Netted up to £20m from British Accounts
A multi-million pound internet banking fraud which drained thousands of pounds from the UK accounts of innocent victims was cracked by police yesterday.
A gang of Eastern Europeans made £2 million a month from online accounts by stealing victims log-in details using sophisticated software which can be bought for just £300 over the internet.
They made £6 million in just three months and detectives believe they could have reaped as much as £20 million in the highly organised scam.
The mastermind, who detectives believe is an adept IT expert, was among 19 arrested yesterday in a series of dawn raids across London.
He and his team targeted hundreds of victims who had weak security on their computers and accessed their user names and passwords despite tight security systems put in place by the banks on their internet sites.
Police were alerted by high street banks who were alarmed a sudden surge in fraud.
Investigators from Scotland Yard’s e-Crime Unit discovered that the gang were hitting vulnerable computers using software which is described in the industry as a ‘Trojan horse’ because it infiltrates the computer without the user realising.
The system called ‘Zeus’ or ‘Zbot’ infects victims’ personal computers, waits for them to log onto a list of specifically targeted banks and financial institutions and then steals their personal credentials, forwarding the data to a server controlled by criminals.
It can also manipulate web browsing sessions including creating an additional page requesting the victim to reveal more personal information, such as payment card number, PIN, and passwords.
Users have no idea they are being defrauded because they think they are still on their secure internet banking site.
Unbeknown to the owner, computers infected with Zeus become part of a network where they fall under the remote control of computer criminals.
It is being used increasingly by cyber criminals across the globe.
After the gang had taken over victims’ online bank accounts, they would take out several thousands pounds and place it in a ‘drop’ account before withdrawing the cash.
They recruited dozens of ‘mules’ who would allow them to use their accounts to pay the money into in return for payment.
By using scores of different bank accounts to deposit the money, they hoped to evade being caught.
Detectives have so far pinpointed over 600 British bank accounts which were defrauded but believe hundreds have been targeted.
The ringleader, in his 20s, and his wife, an accomplice in the scam, were arrested in an unremarkable third-floor flat in Chingford, Essex, yesterday morning.
Another couple, also part of the gang, were also arrested at the property.
The ‘nerve centre’ where the ringleader ran his empire from was simply a laptop on a desk in his front room. In front of it lay a notebook where figures of money had been carefully written in pencil.
In all, officers arrested 15 men and four women aged between 23 and 47 on suspicion of the Computer Misuse Act, Proceeds of Crime Act and Fraud Act offences . Inquiries are ongoing to ascertain whether they are in the country illegally.
Among them, two were also arrested on suspicion of possession of a firearm found at one of the properties. They are all in custody for questioning.
Detective Chief Inspector Terry Wilson, who led the investigation said: ‘We’ve worked closely with UK banks through our Virtual Taskforce approach to gather information and evidence which has resulted in today’s arrests.
We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm – which of course banks have had to repay at considerable cost to the economy.
‘Online banking customers must make sure their security systems are up to date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience. Greater public awareness and education will make it harder for personal details to be compromised and for this type of fraud to be carried out.’
Martin Muirhead, chairman of the Virtual Task Force, said: ‘This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public / private organisations in the UK. This is pioneering work led by the Metropolitan Police Service.”