Almighty Zeus launches new Trojan War against our bank accounts
This is an update of a "Street Sweeper" column that originally ran on September 26, 2011.
This is a saga worthy of the title the "Trojan War." For now, at least, Troy is in flames, the Greeks have won - or, in more modern parlance, the Feds got their last guilty plea.
According to federal prosecutors, court documents, and guilty pleas, cyber attacks were launched from Eastern Europe using the "Zeus Trojan" malware program, which was launched through the use of emails generally transmitted to small businesses and municipalities in the United States. When opened by the recipient, the Zeus Trojan embedded itself into the user's computer and activated a keystroke-program that recorded account numbers, passwords, and codes when the user logged on to their bank accounts.
The next phase of this war was the criminal use of the stolen bank account information to effect illegal transfers, usually thousands of dollars at a clip, to so-called "receiving accounts," which were controlled by the co-conspirators in this operation. The receiving accounts were previously set up by what is referred to as a "money mule organization," whose purpose was to retrieve the funds in the compromised bank accounts and transfer them overseas.
By no means a small undertaking, the money mule organization recruited many individuals who had entered the United States on student visas. The criminal organization provided these recruits with fake foreign passports and instructions as to how to open false-name accounts at U.S. banks. These fictitious accounts were used to receive the stolen funds obtained through the use of the Zeus Trojan;and, thereafter, these same accounts issued instructions to transfer the stolen funds overseas - or, in some instances, the recruits would physically withdraw the funds and transport them overseas as cash.
Long Arm of the Law
Criminal charges were filed in September 2010 against 37 defendants. To date, two defendants entered into deferred prosecution agreements, eight remain fugitives, and 27 have pled guilty.
On September 23, 2011, Nikolay Garifulin, 22, of Volgograd, Russia, pleaded guilty in Manhattan federal court to conspiracy to commit bank fraud and possess false identification. Scheduled to be sentenced in January 2012, Garifulin faces a total maximum penalty of 45 years in prison on the conspiracy to commit bank fraud and conspiracy to possess false identification documents charges.
Final Box Score
Two leaders of the mule organization have pled guilty (in addition to Garifulin) and sentenced (date in parentheses):
- KASUM ADIGYUZELOV (May 13, 2011): 48 months in prison.
- DORIN CODREANU (July 8, 2011): 20 months in prison.