Dozens charged in schemes to steal from bank accounts using computer viruses

More than 60 people have been charged in international schemes that used computer viruses to steal millions of dollars from bank accounts throughout America, state and federal prosecutors said Thursday in New York.

“The modern, high-tech bank heist does not require a gun, a mask, a note or a getaway car,” U.S. Atty. Preet Bharara said. “It requires only the Internet and ingenuity. And it can be accomplished in the blink of an eye, with just a click of the mouse.”

International hackers: An Oct. 1 Business section article about international schemes that used computer viruses to steal millions of dollars from bank accounts in the U.S. quoted a security analyst and described his company, Fortinet Inc., as a cyber security research firm. The company is a maker of network security devices. —

The cyber attacks began in Eastern Europe and included malware known as the Zeus Trojan, which was typically sent in an e-mail to computers at homes, businesses and government offices in the United States. Once the e-mail was opened, the virus embedded itself in the victims’ computers, recording their keystrokes and capturing user names and passwords as they logged in to online bank accounts.

Almost $4 million was stolen from victims throughout the United States, according to Bharara and Manhattan Dist. Atty. Cyrus R. Vance Jr. Federal law enforcement officers arrested 20 suspects in the U.S.; 17 others were still being sought Thursday. Since July, New York state has charged 55 people in the scheme.

Thursday’s U.S. crackdown was related to the arrests Tuesday in London of 19 people suspected of stealing more than $9 million from bank accounts in England, authorities said. The arrests are the culmination of a one-year investigation by multiple law enforcement agencies, including the FBI, the U.S. attorney’s office in New York, the Manhattan district attorney’s office, the New York Police Department, the U.S. Secret Service and the Office of Homeland Security.


The hackers used the stolen account information to take over victims’ bank accounts and then transfer thousands of dollars at a time to bank accounts controlled by other participants in the schemes, federal and New York state authorities said.

The schemes relied on “mules” who set up U.S. bank accounts to receive wire transfers and then make cash withdrawals, law enforcement officials said. These mules, typically in their early 20s, came to the U.S. on student visas from Russia, the Ukraine, Kazakhstan and Belarus. Some set out to steal. Others needed a job and were recruited by Russian ringleaders through online social networking and newspaper sites.

“This advanced cyber crime ring is a disturbing example of organized crime in the 21st century — high tech and widespread,” Vance said.

Authorities said it was likely that the criminals targeted municipalities and businesses because they had large payrolls and hefty bank accounts with plenty of available cash to plunder. They probably weren’t concerned as much about whether the withdrawals would be detected.


Bosses directed “the mules to open up bank accounts after providing them fraudulent passports and to withdraw money from ATM machines utilizing stolen account information,” said Austin Berglas, a top agent in the New York office of the FBI. “These bank accounts are used to launder stolen funds and transfer money back to other members of the organization in Eastern Europe.… Individual mules and mule bosses may or may not know each other.”

Berglas said victims often have no idea that their computers are infected with the virus until it’s too late, after their personal information has been harvested and their bank accounts drained.

He said the overseas hackers were adept not only at developing viruses that would work with individual systems but at adapting them to withstand new anti-virus programs.

“By the time software companies identify the threat and patch their systems, the hackers are already working on new, undetectable malware,” he said.


The Zeus malware is a product of a widely available “crimeware kit” that can be purchased from underground developers of hacking tools for as little as $700, said Derek Manky, a security analyst at Fortinet Inc., a cyber security research firm.

According to Fortinet’s research, Zeus-based attacks are the most common type of hack the company sees every month.

“There are so many people who are able to reach out to these hacking forums and get a copy of this and then fairly easily infect someone,” Manky said, adding that the New York prosecutions are “definitely just a drop in the bucket compared to what is happening out there.”


Times staff writer David Sarno contributed to this report.