Microsoft names Zeus ringleaders and notifies FBI
The Feds can find them in a UK jail
Microsoft has named two individuals who it says are the leaders behind the Zeus botnet and has passed on its dossier on them to the FBI.
Redmond fingered Yevhen Kulibaba and Yuriy Konovalenko as the two key players behind the botnet in an amended criminal complaint and told the FBI that the two were key to both the botnet itself, and to finding other individuals who were responsible for spreading an operating the malware and laundering the funds it was used to steal.
The FBI isn't going to have to look far for the duo however, as they are serving four years sentences in British prisons for Zeus-related charges. After they have finished their terms at Her Majesty's pleasure then the US can join the queue of countries looking to extradite the pair.
The two men, both Ukrainian, pleaded guilty to charges of conspiracy to defraud and received four year and eight months sentences. They, and 11 other co-conspirators, were arrested after an investigation by the UK's Central E-Crime Unit (PCeU).
"We will continue our efforts to serve defendants Kulibaba and Konovalenko, and the John Doe defendants, with this amended complaint," said Richard Boscovich, senior attorney Microsoft's Digital Crimes Unit in a blog post.
"Meanwhile, the botnets’ command and control domains remain disabled. It is Microsoft’s goal to ensure that these domains ultimately remain disabled, and we hope the evidence collected from these domains leads to a criminal investigation."
Boscovich said that the takedown of the botnet had been a major success and the number of infected PCs found in the wild has fallen from 779,816 in March to 336,393 for the last week in June. Spam messages purporting to come from the Electronic Payments Association that were used by the malware operators have also dropped around 90 per cent. ®
London Plods Not So Tech-Ignorant?
So the UK's Central E-Crime Unit (PCeU) grab these guys, and successfully prosecute them, then MS wakes up and mentions to the FBI that they might want to talk to them about the same crimes in the US?
I think the headline here is a little misleading, and, given previous commentard opinion that UK plods are useless on e-crime, there needs to be credit where it is due.
As a guess, the PCeU, FBI and Microsoft have all been cooperating on this, but the FBI needs a formal complaint by a US victim to get on with the prosecution. It would be nice if the Vultures could get the story behind the press release for us.
Re: Double jeapardy
@JohnG - The changes the TB New Labour government made were to allow certain very serious crimes to be tried more than once, not punished more than once. If you've done time for something, you won't be doing time for it again, under uk and most international law. The difference is that the likes of the killers of Stephen Lawrence (which was one of the main cases in deciding to change the law) got off on their first trial because the forensic techniques didn't exist to prove their guilt, coupled with the prosecutors ballsing it up. If I recall correctly, each specific trial for a previously acquitted offence has to be approved by the home secretary and has to have significant new evidence, it also has to be a very serious crime, such as murder.
Re: Double jeapardy
Double jeopardy says that you cannot be tried twice for the same crime and, whilst that may be true in the USA, UK legislation was changed under Tony Blair's government such that a person can be tried as many times as is necessary to get the correct verdict of "guilty".
In this case, these guys are serving time for their crimes in the UK, whereas the USA wants to punish them for their crimes in the USA, etc. Just because they may have used a single scam to commit crime in several countries, it doesn't mean that their crimes will all be considered as one.