Nineteen people suspected of masterminding a multimillion-pound attack on British bank accounts have been questioned by hi-tech crime police in the UK on suspicion of fraud, offences under the Computer Misuse Act and money laundering.
A gang of computer hackers are suspected of maliciously retrieving up to £6m from online accounts in just three months, according to the UK Press Association (UKPA).
The Zeus Trojan has been used by the gang to infect computers and capture passwords and other sensitive details of banking customers, and then transferring the money into bogus accounts created by the criminals.
Detective chief inspector Terry Wilson of the Metropolitan Police was quoted by the UKPA as saying the amount of money stolen is likely to "increase considerably" as the investigation continues.
"We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples’ accounts, causing immense personal anxiety and significant financial harm – which of course banks have had to repay at considerable cost to the economy," Wilson said.
"Online banking customers must make sure their security systems are up to date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience."
Prevx CEO Mel Morris said that despite this good development the security industry is still struggling to win the battle against cybercriminals.
"Malware has evolved thanks to a level of professionalism from malware writers now being more than equal to that of security vendors if not more innovative," Morris said.
"These criminals’ techniques are so advanced that they are able to quickly spot weaknesses in most defences by using centralised intelligence gathered from analysis of the antimalware development models of traditional vendors to fly under the radar of malware detection. Subsequently, mainstream security technologies are reacting to threats instead of being one step ahead of the criminals."
He said through central intelligence gathered from various infected machines, criminals limit the number of users who are infected by each incarnation of Zeus.
"The Trojan is able to change before a security vendor gets a sniff of it, and the problem is that for the unlucky few who are targeted, this malware is able to steal vast amounts of information right under the nose of the majority of security products on the market," Morris said.
Stephen Howes, GrIDsure’s founder, said that it was time banks improved security measures to help customers. "The truth is that consumers aren’t all security experts and never will be, and while user education of the risks is always important I believe that banks should finally be looking at putting in place technology and systems that are easy to use and secure enough to make it very difficult for a hacker to steal logon details even if they have infected the users’ PC."
"These solutions are available today and it’s no longer good enough for a bank to simply say "we’ll reimburse our customers if they fall victim to fraud" – by then it’s too late and the users’ trust in that bank may have been significantly marred," Howes added.
Fifteen men and four women aged between 23 and 47 in London were arrested by Officers from the Met’s Central E-Crime Unit on Tuesday.
