28 May 2018
Uri Rivner

The Joy of Fraud Fighting

Uri Rivner - BioCatch

78Posts 372,532Views 36Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Operation Trident

04 October 2010  |  6624 views  |  0

The bloodhounds are continuing to register notable victories over online crime rings. This time there were a massive series of arrests done in US, UK and other countries in relation to fraudsters spreading or cashing out on a major Zeus Trojan operation, which has been pestering US businesses for the past 18 months.

In a clever multi-national investigation called Trident Breach, over 150 charges or arrests were made across the US, UK and East Europe. Check out this cool chart that explains the scale of the Cybercrime operation and the geographic location of its members.

The first announcement came from the UK, where the Metropolitan Police Central eCrime Unit said it had arrested 19 people who have spread the Zeus Trojan to pray on victims. The total proceeds from their operation is 6 million pounds.

Then US law enforcement authorities then announced the FBI put behind bars 37 fraudsters who were charged with knowingly serving as mules accounts for stolen Zeus credentials. These collaborators, entering to the US under student visas, were responsible for receiving money transfers from victims and then wiring the money into the hands of the cash-out masterminds.

A few days later, the full scale of the operation became apparent with 5 more arrests done in Ukraine, this time of the Cybercriminals who were responsible for setting up the Zeus botnet and controlling the operation.  In total the group cleaned $70m, mostly from business accounts.

As of October 2010, Zeus remains the predominant Trojan: RSA still sees the vast majority of stolen credentials coming from Zeus botnets. There are hundreds of Zeus servers running right now, each of them operated by a single fraudster or a small group of criminals, each of them monitoring thousands of victims 24/7. Millions of hijacked PCs run Zeus.

Zeus has all the signs of a healthy business. Beyond the fact its developer released a major version early 2010, it has a lively community of add-ons, localized versions, templates and scripts that can be used on the main Zeus platform. An example: a Zeus add-on script that empties your account in 10 seconds, then shows a false account balance whenever you log into online banking. Only if you look at a printed statement you’ll see your account is empty.

Zeus does have competition, though. SpyEye is a new incumbent that certain fraudsters prefer over Zeus; in certain locales it has about half of Zeus market share. Gozi started to rent its botnet to other uses; and there are always new Trojans developed.    

The recent arrests add up to the all the good work the FBI, Scotland Yard, and law enforcement agencies in US, UK and Europe have been doing recently.

Well done, lads!

Operation Trident: aftermath TagsPayments

Comments: (0)

Comment on this story (membership required)

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  3974 views  |  1 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  3249 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  22709 views  |  1 comments | recomends Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  3892 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Uri's profile

job title Head of Cyber Strategy
location Tel Aviv
member since 2008
Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strategy at BioCatch and formerly Head of new technologies, identity protection, at RSA, the security division...

Uri's expertise

Member since 2008
78 posts36 comments
What Uri reads

Who's commenting on Uri's posts