Feeds

£2.8m bank Trojan slurp ringleaders jailed

Scotland Yard, Feds nab malware-armed raiders

High performance access to file storage

The two ringleaders of a gang that siphoned more than £2.8m from bank accounts were jailed on Monday following an investigation by the Met's Central E-Crime Unit (PCeU).

Ukrainian nationals Yuriy Konovalenko, 29, and Yevhen Kulibaba, 33, both resident at the same address in Chingford, Essex, were each jailed for four years and eight months at a sentencing hearing at Croydon Crown Court. Both pleaded guilty to conspiracy to defraud at an earlier hearing.

The duo are among 13 jailed over a sophisticated banking fraud that succeeded in compromising the online banking accounts of hundreds of victims, as explained in a PCeU statement on its investigation into the scam, codenamed Operation Lath.

The fraud was perpetrated through the use of banking 'Trojans' to infect the personal computers of bank account holders and subsequently secure funds from them. The malicious software programme was able to capture confidential information, such as usernames, passwords and account numbers. These details were then used to access those accounts without the knowledge of the owners. Funds were then transferred to a large number of receiving accounts controlled by the group.

Konovalenko was based in the Ukraine, while Kulibaba was his chief lieutenant in the UK. Collectively the pair ran a network of phishing mules who set up local bank accounts to receive funds from compromised accounts. The gang made £2,884,000 through the scam between September 2009 and March 2010. A further £1.4m in attempted transfers were blocked. Victims included individuals and businesses in the UK and US.

During its investigation into the case the PCeU worked closely with UK banks as well as agents from the FBI and the US Department of Justice. The investigation led to a series of raids at addresses in London and the Home Counties that resulted in the arrest of 20 people. During house searches, computers, mobile telephones, false passports, banking documents and other items were seized and later examined.

The PCeU's Detective Inspector Colin Wetherill said: "The investigation involved unprecedented levels of cooperation between the Metropolitan Police, the UK banks, the FBI and other UK and international law enforcement agencies. We are working hard to reduce the harm caused by these activities, to put fear into the minds of those contemplating these conspiracies and to bring such offenders to justice." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.