The cyber crime plague continues to rob victims of their identities and hard-earned resources and frustrate security experts and law enforcement officials worldwide. However, occasionally, the good guys gain the upper hand and win a major battle. The FBI announced on Oct. 1, 2010, that it disrupted a large-scale, international, organized cyber-crime operation, served numerous search warrants and made scores of arrests.
“Operation Trident Beach” began in 2009 in Omaha, Neb., but continued in the United Kingdom, the Netherlands and the Ukraine. According to the FBI, its agents in Omaha “were alerted to automated clearing house (ACH) batch payments to 46 separate bank accounts throughout the United States.” This prompted them to join forces with their international partners to investigate and dismantle the fraudulent operation.
“There are over 390 pending and closed victim cases attributed to this criminal network in field offices throughout the U.S.,” said Gordon Snow, assistant director of the FBI’s Cyber Division.
The FBI’s partners included its New York Money Mule Working Group, the Newark Cyber Crime Task Force, the Omaha Cyber Crime Task Force, the Netherlands Police Agency, the Security Service of the Ukraine and the United Kingdom’s Metropolitan Police Service.
According to the FBI, the cyber thieves targeted small- to medium-sized businesses, municipalities, churches and individuals to infect their computers with a version of the ZeuS Botnet via phishing e-mails to ultimately steal US$70 million from victims’ bank accounts throughout the world.
The fraudsters singled out small- to medium-sized organizations because their personnel are relatively unsophisticated in detecting and preventing this type of scheme. When selected employees of these targeted organizations open phishing e-mails and then click on contaminated links or download attachments, the malware becomes embedded in their computers. The fraudsters can now record keystrokes and capture passwords, account numbers and other data as the victims log into bank accounts online.
The fraudsters then transfer money from the victims’ bank accounts into their surreptitious accounts. Banks generally have to repay individuals for their losses and organizations if they can prove the banks were at fault. Sometimes businesses sue banks to try to affix blame and recover their losses.
According to the article “Millions Netted in Global Bank Hack,” by Chad Bray and Cassell Bryan-Low, in the Oct. 1, 2010, issue of The Wall Street Journal, 19 people were arrested in London as part of the Operation Trident Beach operation for allegedly stealing at least $9.5 million from U.K. bank accounts via cyber-crime schemes. Those arrested included men and women from Ukraine, Latvia, Estonia, Belarus and Georgia.
The U.S. Department of Justice (DOJ) reported on Sept. 30, 2010, that the Manhattan U.S. attorney charged 37 defendants in 21 separate cases for their roles in the global cyber-banking fraud scheme. Twenty of the defendants have been arrested so far and the others are on the run in the United States and abroad. Those charged included “managers of and recruiters for the mule organization, an individual who obtained the false foreign passports for the mules, and the mules,” according to the DOJ. The authorities anticipate that additional mules and gang leaders will be charged and arrested in this ongoing investigation.
Each of the defendants, on average, face three separate charges that include conspiracy to commit bank fraud, bank fraud, conspiracy to possess false identification documents, transfer of false identification documents, production of false identification documents, false use of a passport, conspiracy to commit money laundering, money laundering, conspiracy to commit wire fraud and possession of false immigration documents. The maximum penalties for each of these charges range from 10 to 30 years in prison and fines from $250,000 to $1 million or twice the gross gain or loss and restitution.