Security news about something other than LulzSec: FBI nails bank-account hackers

11-nation investigation nets 16 Ukranian men in $74 million scareware/bank-hack scheme

Good news, good news, bad news on the global IT security front:

The good news is that this blog entry is not about LulzSec or Anonymous, even though it

Good news is that LulzSec and Anonymous are not the only hackers active right now and that this blog entry is not about either of them.

The other good news is that several hacker groups so old fashioned that they stick to (criminal) business rather than self-promotion have been broken up – or at least stung by arrests by the FBI and Ukranian state police, respectively.

The FBI didn't lock up any hackers in the larger of its two investigations, but did grab the gear used by a group that allegedly infected nearly a million users and pulled in $74 million in a sophisticated international operation that involved both distributing scareware" victims had to pay to fix, and steal bank-account information at the same time. The bureau captured 22 computers during raids in the U.S., including one at a data center in Reston, Va. Raids or investigations by police in the U.K., the Netherlands, Latvia, Germany, France, Lithuania and Sweden netted another 25 computers but included no arrests.

The group infected 960,000 computers and cost victims a total of $72 million.

The FBI cost customers even more by accidentally knocking several sites offline in what data-center managers said was a ham-handed operation to capture the hackers' gear.

SBU – the Ukranian state police -- said it has also broken up a hacker group that stole $72 million – though those gains were ill gotten mostly from people's bank accounts rather than directly through scareware.

The Ukranian SBU announced today in Kiev it had made 16 arrests after a multinational investigation that uncovered a gang using viruses to compromise the computers of victims and access bank accounts in other countries.

The groups are either the same or overlap heavily, though the relationship among them isn't clear according to FBI and SBU statements. The investigation that nailed the Ukranians is the same multinational effort in which the FBI botched that data-center raid.

Those arrested by the SBU are all "young men from the age of 26 to 33 with splendid technical educations," according to Vitaly Khlevitsky, an SBU spokesman who is much more polite about perps than spokescops in the U.S.

The men allegedly used two versions of the Conficker virus – one to break down a user's security and get access to bank accounts and password records and the other to act as scareware, popping up virus alerts both as a second revenue stream and a way to distract victims from the more serious purpose of the software.

News-service Interfax reports the gang used more than 40 bank accounts in Latvia and Cyprus to move and launder the money it stole.

Separately, and a little more concretely, the FBI arrested two people in Rezekne, Latvia Tuesday on charges of computer and wire fraud.

The two allegedly masterminded a scheme in which the two allegedly bought ads on the Minneapolis Star Tribune and other mainstream web sites touting special deals at Best Western hotels in the name of an agency called RevoITech Marketing.

For the first two days the ads were legitimate. Then the ad content switched to code that would download and run malicious "scareware" on the machines of those who clicked on the ads, according to the FBI. Popups warned users of an infection that could be cured with a $49.95 subscription to "Antivirus Soft."

The two culprits – a 22-year-old man and 23-year-old woman – made $2 million from the scheme, the FBI said.

The Bad News

Oh, remember I mentioned there was bad news, too?

According to a report issued this week from Ponemon Institute Research (sponsored by Juniper Networks), 90 percent of companies have been successfully hacked during the past 12 months, 60 percent said they'd had two or more breaches and more than half said they are not confident they can stop further breaches.

The most recent victim appears to be Travelodge, whose database of customer emails has apparently been breached and is being used to send spam and phishing emails to the hotel chain's customers.

LulzSec (which had nothing to do with any of these attacks, to the best of my knowledge) is under assault by other hacker groups, including TeamPoison, WebNinjas and independent TheJester (th3j35t3r). That doesn't necessarily put it out of commission, but does reduce the annoyance factor a bit

LulzSec's troubles do nothing to reduce the pressure on corporate IT, though, especially from organized-cybercrime groups like those busted in this case.

For law enforcement, that's two down and about a million to go.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies