Money mule arrests highlight banks' efforts to fight fraud
Since 2008, more than $100M has been stolen from U.S. business accounts
Computerworld - The indictments unveiled last week against dozens of people who allegedly helped loot millions of dollars from U.S. businesses via online corporate account takeovers highlights the struggle by financial firms to fight fraud.
Over the past two years, corporate account takeovers by cybercriminals have cost U.S. businesses more than $100 million, according to FBI estimates.
In most cases, the thefts have been perpetrated by gangs in Eastern Europe who used the Zeus banking Trojan to break into computers belonging mainly to small businesses and small municipalities in the U.S. The malware has been used to steal online banking credentials and access corporate accounts so the thieves could transfer money into fraudulent accounts set up by hundreds of U.S.-based accomplices, often called "money mules."
Most of the illegal transfers were unauthorized Automated Clearing House (ACH) transactions from the victim's account to the money mule.
The U.S Attorney's Office in New York City said Thursday it had indicted 37 such money mules for helping crooks based in Russia and several East European countries siphon off more than $3 million in stolen funds. In a joint announcement, Manhattan's District Attorney Cyrus Vance announced indictments against another 36 people for their participation in a similar operation.
The charges in the U.S. followed similar arrests in the UK, where authorities on Tuesday charged 11 Eastern European citizens in connection with the same scam.
The arrests mark a small, but significant, victory for law enforcement officials and financial industry representatives, analysts said. But they do little to ameliorate the urgent need for better protection against future scams.
"It is tremendous news," said Dennis Simmons, president and CEO of SWACHA, a Texas-based financial trade association that counts many financial institutions as its members. SWACHA is also part of a new Corporate Account Takeover Working Group that was established by the Financial Services Information Sharing and Analysis Center (FS-ISAC) earlier this year.
"One of the frustrations we have had with these account takeovers is the lack of jurisdiction" U.S. authorities face when pursuing the East European criminal gangs behind the thefts, he said. But going after the money mules will send a strong signal and should deter some illegal activity. Even so, "it's like that old joke: 'What would you say you have when you round up three hackers? A start,'" he said.
Doug Johnson, senior policy adviser at the American Bankers Association, called the arrests a big step forward. "Just to have an international mule network such as this taken down is a real victory," he said.
Such takedowns make it harder for crooks to siphon off stolen money, he said. "This is something that law enforcement and [the financial industry] have been working very aggressively to achieve."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts