Feds indict nine for making millions from Zeus malware
But cops only have two of them in custody
The FBI and the US Department of Justice have unsealed charges against nine people accused of racketeering, computer fraud, aggravated identity theft, and multiple counts of bank fraud related to their use of the Zeus malware against victims in the state of Nebraska.
"The 'Zeus' malware is one of the most damaging pieces of financial malware that has ever been used," said Acting Assistant Attorney General David O'Neil. "With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of US citizens."
That support is going to be very valuable, if the accused are going to have their day in court. While the US authorities have two suspects in detention, seven remain at large: three Ukrainians, a Russian national, and three others who have not been positively identified.
The two named ringleaders of the Zeus botnet, Ukrainians Yuriy Konovalenko and Yevhen Kulibaba, are already in custody, thanks to the efforts of British police. In 2011 they were jailed for four years and eight months apiece after getting nabbed by the UK's boys in blue, and have now been extradited to the US for additional charges.
According to the indictment, the two along with their seven accomplices used Zeus to infect targets in Nebraska and withdraw money from online bank accounts in the state. The government said it was asking for a forfeiture order of $70m against those indicted so that it can reclaim any money found.
The charges lean heavily on data collected by the British police, and say that funds purloined in the US were then sent to the UK and laundered through a variety of money mules. These are people who either knowingly or unknowingly agreed to transfer the funds through their own bank accounts and forward them on to the accused, while taking a small percentage as a commission.
"This case illustrates the vigorous cooperation between national and global law enforcement agencies and sends a strong message to cyber thieves," said FBI special agent in charge Thomas Metz. "The FBI and our international partners will continue to devote resources to finding better ways to safeguard our systems, fortify our cyber defenses, and stop those who do us harm."
While the police have named some of the suspects they are still searching for, it seems unlikely that they are going to be caught anytime soon. Many are known only by online handles, and unless they get as sloppy on security as their victims, they look likely to remain at large. ®
Sponsored: Are DLP and DTP still an issue?