A criminal gang has been sentenced to 13 years in prison
after being found guilty of using a sophisticated trojan computer
virus to steal hundreds of thousands of pounds from UK bank
accounts.
Five members of the gang had earlier pleaded guilty at Southwark
Crown Court.
The arrests followed a
series of raids in South-East London by, more than 50 officers
from the Metropolitan Police's Central e-Crime Unit (PCeU), local
boroughs and Specialist Crime Directorate in April/
The gang, which targeted financial services organisations, is
believed to have its origins in
eastern Europe. It had been using servers in countries across
the continent to spread the virus.
The criminals used malicious software to steal money from UK
victims' bank accounts and transfer it to other money laundering
accounts set up and controlled by the gang. They
recruited 'money mules' to launder the money through their
private bank accounts.
Detective constable Kevin Brocklesby from the PCeU said, "This
was a complex investigation which certainly involves other people
in Russia, but there was a clear structure to the organisation in
the UK."
He said that plenty of people in the UK were willing to assist
the gang by accepting money into their accounts, without asking
questions. "They are a crucial cog in this kind of criminal
machine," he said.
The ACPO lead for e-crime, assistant commissioner Janet
Williams, said, "Due to effective partnerships with the financial
industry we have successfully closed down an international criminal
network and reduced the financial harm to institutions and
thousands of UK victims by millions of pounds."
| How the 'man in the middle' attack worked |
|---|
- Victims would inadvertently download the Trojan, which would
wait until the customer logged on to their online bank
account.
- The virus would call out to a server and request a fake banking
page to be inserted into the customer's online session, requesting
personal banking data.
- The virus retrieved a sort code and account number used by the
gang and created a new payee on the customer's account without
their knowledge.
- Later on that day a third party would access the account and
transfer the available funds to a 'mule' or 'dump' account.
- The criminal network withdrew the stolen cash over the counter
at various bank branches using the recruited 'money mules'.
- The mule was given their cut, which was usually much less than
agreed.
- The gang sent the money back to eastern Europe and Russia via
money transfer bureaux.
|