Omaha tip foils cybercrime

The report came in to the Omaha FBI office in May 2009 about suspicious payments wired to 46 separate bank accounts.

The tipster — from a part of the financial industry that federal officials are keeping anonymous — ended up turning law enforcement on to a massive cybercrime operation that was feeding an insidious virus onto computers across the United States from a base in Ukraine.

Law enforcement officers in New York, England and Ukraine took down the operation this week, arresting at least 64 people. At least 16 other people who are being sought are on the FBI's wanted list.

In Nebraska and New York, 92 people will face charges.

Omaha agents, with help from local law officers, led the international cybercrime investigation — which one expert says is the largest cybercrime bust ever. In Europe this week, two Omaha FBI agents were on hand to oversee the arrests.

In all, federal authorities say, the operation attempted to steal $220 million from businesses, governments, churches and individuals, typically through ubiquitous spam e-mails that let in a Trojan virus called Zeus.

Once inside, the hackers had unfettered access to passwords, account numbers and other information to access online banking accounts, authorities said.

The sophisticated ring succeeded in taking $70 million from bank accounts, the FBI said.

The victims included Omaha-based TD Ameritrade, whose brokerage accounts were breached by hackers who executed unauthorized sales and funneled proceeds to shell accounts, according to federal authorities in New York.

“Together, the FBI and its international partners can and will find better ways to safeguard our systems, minimize these attacks and stop those who would do us harm,” FBI Director Robert Mueller said in a statement.

In Omaha Friday, Weysan Dun, special agent in charge of the local FBI office, announced the takedown alongside representatives of the Omaha area's cybercrime task force, including Douglas County Sheriff Tim Dunning and La Vista Police Chief Bob Lausten.

“This type of crime perpetrates a violent attack against our financial infrastructure and is a very serious threat,” Dun said.

The arrests offers a chilling warning to any computer user who navigates through spam e-mails, banks online or surfs the Web.

Since originating in 2007, Zeus has become the most prevalent “malware” that steals from computer users in the United States, said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.

According to one estimate, Warner said, Zeus is behind 6 percent of all spam e-mails trying to get a user to click through to a website under false pretenses.

Zeus is not the exclusive product of the Ukrainian ring, although Warner said that organization made the virus more powerful and effective.

According to a blog post by the anti-virus company McAfee, a tool kit is available to hackers for free. Experts figure some 150 other cybercrime gangs employ Zeus.

Once users enter a Zeus-infected area — either through an e-mail or a Web page — the virus sets up in their computers, offering a hacker access to passwords or even the ability to use the computer remotely, Warner said.

If your computer is clean, a good security suite will protect against Zeus, Warner said. But if the virus is on your computer, Warner said, an expensive professional job is the best solution for clearing it.

“I'm sorry, there's just not a lot of hope for the home user,” he said, although he specified that the vast majority of people with infected computers weren't a target because the organization went after accounts worth hundreds of thousands of dollars.

Adam Palmer, lead cybersecurity adviser for Norton antivirus, was more optimistic, saying software is readily available to protect and clean your computer.

Still, Palmer said, he hopes the investigation wakes up computer users to the threat of cybercrime.

In May 2009, the suspicious payments were transferred on the automated clearing house, or ACH, a private network that connects financial institutions that allows them to transfer payments. Dun said 46 different banks were involved in those unauthorized transactions, including some in Nebraska.

After receiving the initial report, Dun said, investigators instantly recognized that criminal activity was involved.

The New York probe started in February after police detectives went to a Bronx bank to investigate a suspicious $44,000 withdrawal, Police Commissioner Raymond Kelly said.

The FBI's New York office said the hackers took over victims' bank accounts and made unauthorized transfers to accounts set up by so-called “money mules,” who then transferred the stolen money overseas to ring leaders.

The FBI said a mule organization recruited helpers among people who were in the United States on student visas, giving them fake passports and instructions to open U.S. bank accounts under false names. Cash was also withdrawn and smuggled overseas, the FBI said.

In New York, the FBI operation was dubbed Operation ACHing Mule. The full operation, coordinated by the Omaha field office, was called Operation Trident BreACH.

In New York, three defendants are charged with conspiracy to commit wire fraud and conspiracy to launder the proceeds for allegedly hacking TD Ameritrade and E*Trade Financial Corp. accounts.

According to the U.S. Attorney's Office there, the defendants withdrew funds through ATMs or wire transfers to accounts in Asia and elsewhere.

The scheme also involved blocking TD Ameritrade and E*Trade's ability to call the account holders to confirm the transactions, federal authorities said. The victims received continuous calls or picked up a call that was silent or played a recorded message, officials said.

A TD Ameritrade spokeswoman did not return a call Friday seeking comment.

In all, more than 390 cases are pending or closed involving victims of the scam, the FBI said.

Dun praised investigators' ability to overcome a series of challenges in a complicated case, “and the results speak for themselves.”

Contact the writer:

444-1128, jeff.robb@owh.com

« Crime/Courts

Share