Authorities Bust $72 Million Dollar Conficker Fraud Ring

Monday, June 27, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Authorities have announced the arrest of criminal hackers in Latvia thought to be responsible for a banking fraud ring that may have netted as much as $72 million dollars.

The criminal syndicate is believed to have been utilizing the Conficker worm, and arrests were made after a joint investigation conducted by a ten nation coalition.

Conficker, also known as Downup, Downadup and Kido, is thought to be one of the most successful infections ever unleashed in the wild. The malware targets machines running the Windows operating system and has been regularly updated in an effort to defeat antivirus protections.

This worm originated in 2008 and has infected millions of computers since, installing keystroke-logging and PC-controlling software that gave criminals a way to steal users' account information and access their machines.

Conficker spreads in three ways: It attacks vulnerabilities in the Microsoft Server service, it guesses administrator passwords with dictionary attacks, and it infects removable devices with an autorun feature.

The following statement was posted on the Security Service of Ukraine (SBU) website:

The Security Service of Ukraine, in coordination with the law enforcement agencies of United States, Great Britain, Netherlands, France, Germany, Latvia, Cyprus and other countries (10 in total), defeated illegal activity of the international criminal group of hackers, organized and coordinated from Ukraine.  

The mentioned criminals, under the coverage of a legal business entity, using the special-purpose malware «Conficker», obtained illegal access to the bank accounts of the financial institutions of different countries, illegally withdrawn money from the accounts and cashed them using the accounts as well as international payment systems in different countries.

The finances earned in this way they legalized by purchasing valuable movable property and real estate. According to the preliminary analysis, because of their criminal activity, the clients of the mentioned financial institutions suffered more than 72 mln. USD losses in total.

June 21 2011 more than 30 searches were executed simultaneously in several countries (19 of it in Ukraine). Nearly 30 servers were seized by partner foreign special services. Two individuals detained in Latvia. More than 40 bank accounts arrested in the financial institutions of Cyprus and Latvia.

During searches executed by the Security Service of Ukraine in the places of residence and offices rented by the above-mentioned criminals, SBU seized more than 74 items of computer hardware including lap-tops, more than 300 information carriers (flesh drives, thumb drives, CD/DVD disks etc), documentation, cash etc.

The SBU crime investigators in Kiev, Kharkiv and Lugansk interrogated 16 identified individuals – members of the above-mentioned criminal group including those who set up and coordinated the criminal activity of the group.

According to the preliminary assessment of the seized hardware for containing data that confirms the illegal activity of the identified criminals, it was confirmed that the software created (or modified) and used by some of the members of the criminal group, refers to malware.

FBI experts took part in the execution of the searches in Ukraine. According to the data provided by the FBI, the organization as well as the results of the conducted operation was of the high opinion of the US authorities.

Currently the Main Investigative Department of SBU is working out the possibility of initiating a criminal case according to the article #361 part 1 of the Criminal Code of Ukraine («Unauthorized intrusion into the working process of the PC»).

Source:  http://www.sbu.gov.ua/sbu/control/en/publish/article?art_id=107666&cat_id=35317

Possibly Related Articles:
15678
Network->General
fraud Trojans malware arrests conficker Banking Cyber Crime Headlines hackers Law Enforcement
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.