- Gentlemen, start your drones: Judge’s ruling opens door for commercial use
- Soldier who hid, bragged about not saluting flag to be punished — in secret
- ‘Maverick’ of the seas: ‘Top Gun’ school for U.S. ship officers to launch
- Putin declares Sochi Paralympics open amid Ukrainian protest
- ‘In Jesus name, we pray’ sparks ire at Ohio council meeting
- Navy’s first laser weapon ready for prime time; drone killer to deploy this summer
- Billionaire backer: Rick Santorum ‘needs to be heard’ in 2016
- Obamacare fallout: 49 percent pessimistic; 45 percent ‘scared’
- DHS accused of holding U.S. citizen at airport, using emails to pry into her sex life
- Seattle socialist: Minimum-wage discussion skewed by ‘right-wing’ GAO analysis
Hackers rely on ‘money mules’
Cybercriminals recruit foot soldiers to do what computers are unable to handle
Sitting at a computer somewhere overseas in January 2009, computer hackers went phishing.
Within minutes of casting their electronic bait, they caught what they were looking for: A small Michigan company where an employee unwittingly clicked on an official-looking e-mail that secretly gave cyberthieves the keys to the firm’s bank account.
Before company executives knew what was happening, Experi-Metal Inc., a suburban Detroit manufacturing company, was broke. Its $560,000 bank balance had been electronically scattered into bank accounts in Russia, Estonia, Scotland, Finland and around the U.S.
In August, the Catholic Diocese in Des Moines, Iowa, lost about $680,000 over two days. Officials there aren’t sure how hackers got into their accounts, but “they took all they could” before the bank noticed what was going on, according to Jason Kurth, diocese vice chancellor.
The diocese and the Detroit company were among dozens of individuals, businesses and municipalities around the country victimized by one of the largest cybertheft rings the FBI has uncovered.
In September, the bureau and its counterparts in Ukraine, the Netherlands and Britain took down the ring they first got wind of in May 2009, when a financial services firm tipped the bureau’s Omaha, Neb., office to suspicious transactions. Since then, the FBI’s Operation Trident Breach has uncovered losses of $14 million and counting.
Overall in the last two years, the FBI has opened 390 cases against schemes that prey on businesses that process payments electronically through the Automated Clearinghouse, which handles 3,000 transactions every five seconds. In these cases, bureau agents have uncovered attempted thefts totaling $220 million and actual losses of $70 million.
But the court records of Operation Trident Breach reveal a surprise: For all the high-tech tools and tactics employed in these computer crimes, platoons of low-level human foot soldiers, known as “money mules,” are the indispensable cogs in the cybercriminals’ money machine.
A dozen FBI criminal complaints filed in New York provide an inside look at how this cybertheft ring worked:
Operating from Eastern Europe and other overseas locations, the thieves used malicious software, known as malware, to infect the computers of unsuspecting users in the United States by e-mail.
The malware-infected e-mails were written to look like they came from a company manager or colleague who might send an e-mail message to everyone in a company, such as the head of human resources.
When the e-mail recipient clicked on an embedded link to a website or opened an attachment, a Trojan horse virus called Zeus installed itself and gathered user names, passwords and financial account numbers typed by the victims on their own computers.
The hackers then used this information to move the victims’ money electronically into bank accounts set up in the United States by the money mules.
The money mules set up shell bank accounts to receive the money. Then they withdrew the funds from the shell accounts in amounts they thought were small enough to elude detection by banks and law enforcement.
In some cases, the cyberthieves bombarded telephone numbers attached to the targeted accounts with calls to block the company from calling to verify the transactions.
TWT Video Picks
Taxpayers must pay the freight for over-budget train projects
- CPAC 2014: Rand Paul urges conservatives to fight for liberty
- Putin has transformed Russian army into a lean, mean fighting machine
- EDITORIAL: Connecticut revolts against gun controls that could criminalize 300,000
- Bill Clinton poses for photo with Bunny Ranch prostitutes
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- Kim Jong-un calls for execution of 33 Christians
- Two liberals say Sarah Palin is right: Obama lacks substance
- Malaysia Airlines says plane on route to Beijing missing
- High schooler suing parents for money shot down by judge
- Soldier who hid to avoid saluting the flag to be punished in secret; Army won't release details
Pope Francis meets his 'mini-me'
Celebrity deaths in 2014
Winter storm hits states — again