Kommersant, a Ukrainian news site,reported last week on the arrest of 20 people for stealing more than $250 million through online banking fraud over the last five years.
The SBU (Security Service of Ukraine) and FSB (Federal Security Service of Russia) spent more than a year jointly investigating the gang who were located in Kiev, Zaporozhye, Lviv, Herson and Odessa.
The arrested were between 25 and 30 years old and were responsible for coding individual pieces of the banking malware involved in the scam.
All of the stolen banking details were sent off to a server in Odessa, Ukraine where the 28 year old Russian mastermind of the operation was located.
The SBU is currently collecting evidence found on the seized computers and commented (loose translation):
"According to the new legislation the economic crimes are not considered as serious, therefore the suspects have been released on bail and are under house arrest. If they are found guilty in court they are facing more than five years in prison."
The malware was designed to steal banking credentials, logins/passwords and data from popular accounting software published by Russian firm, 1C.
One of the investigators told Kommersant that after the gang compromised a business PC, they would study the victim organization for a while before issuing fake payments from the victim to criminal controlled shell companies.
The digital equivalent of "casing the joint". Observe what is normal, who is watching what and when. Then strike when they least expect it or are least likely to notice.
It is believed this group was responsible for the banking malware called Carberp for which arrests were made early last year.
A report by Deutsche Telekom in February 2013 showed the Ukraine to be the fourth largest source of online attacks after Russia, Taiwan and Germany.
Anytime law enforcement can break up a criminal network it is good news.
Is this a sign that Russia and the Ukraine are taking online crime more seriously? Or is it simply a sign to cybercriminals to not pee in their own swimming pool?
Only time will tell..
Source: Sophos Security