Although its too early to know if this is Zeus related, Department "K", the Interior Ministry's Computer Crimes unit in Russia, released a press statement today about arrests which occurred over the weekend that sound suspiciously like the rest of the world-wide Zeus hunt. While there are really not enough details to proclaim this to be Zeus, its still praise-worthy action by the Russian government against criminals who are harming American interests over the Internet.
The headline on the official MVD website read Управлением «К» МВД России пресечена деятельность международной преступной группы, in English, Department K of the MVD suppresses the activity of an international criminal group.
The story details that a cybercrime group, lead by a Ukrainian national living in Russia, had stolen more than 20 million rubles from 17 different Russian banks between January and June 2010.
The criminal group, which consisted of at least 50 suspects, consisted of Russians, Ukrainians, and Armenians. They would use false passports to fool bank employees and establish bank accounts in assumed names. They used information stolen online to create fake credit cards which were used to steal further funds from online businesses based in the United States and the United Kingdom.
The story does not make clear how many were actually arrested, where the arrests took place, or whether all fifty suspects have been apprehended.
Those apprehended are being punished with "detention". The specific violations listed are дела по ч.2 ст.187 и ч.4 ст.159 УК РФ, parts 2 and 4 of section 187 of article 159 of the criminal code(?). According to the CyberPol.ru website, 159 is their "Fraud" statute, and 187 is the statute regarding "the manufacture or sale of counterfeit credit or payment cards and other payment documents."
The story has thus far only been seen in Russian speaking press, including stories in Kuban.kp.ru, Rian.ru, BFM.ru, and Rusnovosti.ru.
(image from BRM.RU)
While most of the stories do little more than echo the official story, BFM.ru adds the fact that the ring leader was a Ukrainian, and that SBERBANK had previously Issued a warning to their customers about a new form of fraud. In that warning, they quoted UniCreditBank director Alexander Vishnyakov warning them to never provide their PIN to anyone. Sberbank had seen an outbreak of SMS messages being sent to mobile phone numbers telling them their card was going to be blocked unless they replied with their PIN number, Expiration date, and Security Code. They also quoted HCFB's Vlad Guzhelev who said that "The amount of losses from illegal activity is very high." (Сумма потерь от противоправной деятельности очень высока. - ХКФБ Влад Гужелев.)
Congratulations to Department K! I hope they will continue to press against Cybercrime. We must all work together so that there are NO safe havens for cybercriminals.