19 arrested in Zeus bank fraud bust
The PCeU has arrested 19 on suspicion of using a Zeus Trojan to steal millions from UK banks.
Police Central e-Crime Unit officers have arrested 19 people suspected of being involved in multi-million pound bank account theft.
Thousands of personal computers in the UK have been infected with malicious code, including the infamous Zeus Trojan, also known as Zbot, according to the Metropolitan Police,
Zeus is capable of both stealing passwords and making infected computers become part of a criminal botnet.
By using Zbot, a criminal network was able to acquire login details, compromise online accounts and then move funds from these into "mule" or "drop" accounts controlled by the gang, the authorities believe.
Investigators believe the criminal organisation has stolen money from a number of major world banks, while UK financial institutions had 6 million stolen in just three months.
The overall UK figure is likely to rise significantly as the investigation continues, the Met said.
Arrests were carried out across London, with 15 men and four women taken into custody in a number of police stations across the capital.
During the investigation police worked with the Virtual Task Force, a cyber crime information sharing body consisting of partners from across the financial service industry, universities and other organisations.
"We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts, causing immense personal anxiety and significant financial harm - which of course banks have had to repay at considerable cost to the economy," said Detective Chief Inspector Terry Wilson, from the PCeU.
Martin Muirhead, chairman of the Virtual Task Force, added: "This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public / private organisations in the UK. This is pioneering work led by the Metropolitan Police Service."
Dave Jevans, chief executive of IronKey, said that while the arrests are positive, financially-motivated cyber attacks have become more widespread and increasingly targeted at businesses.
"Unfortunately, this is only the tip of the cyber crime iceberg as in the in the past 18 months, the bad guys in the US, Latin America and Europe have realised it is a lot easier to steal 500k from a corporate account in one go than it is to take 1k from 500 consumers," Jevans said.
"And unlike the consumer banking customers who been targeted by the cyber criminals, businesses that have funds stolen aren't insured."
Mel Morris, chief executive of Prevx, was also skeptical of the impact the arrests will make calling the case "a drop in the ocean."
"These criminals' techniques are so advanced that they are able to quickly spot weaknesses in most defences by using centralised intelligence gathered from analysis of the anti-malware development models of traditional vendors to fly under the radar of malware detection," Morris added.
Earlier this year, it emerged the PCeU will not be getting a planned 1 million boost from the Home Office next year.
Questions have been raised in the security industry over whether the police need extra funding to fight cyber crime in the UK.
BIOS security: The next frontier for endpoint protection
Today’s threats upend traditional security measuresDownload now
The role of modern storage in a multi-cloud future
Research exploring the impact of modern storage in defining cloud successDownload now
Enterprise data protection: A four-step plan
An interactive buyers’ guide and checklistDownload now
The total economic impact of Adobe Sign
Cost savings and business benefits enabled by Adobe SignDownload now