Swiss police arrest leaders of a gang of hackers the FBI is hunting

Renowned American IT security researcher Brian Krebs published a weighty arrest in his blog (“Krebs on Security”) on Tuesday evening. The 40-year-old Ukrainian leader of the infamous “JabberZeus Crew” has been arrested by police in Geneva.

According to his report, a small but powerful group from Ukraine and Russia attacked their victims – mainly companies – with a modified version of the Zeus banking trojan. The members of the hacking group are wanted by the FBI. According to US prosecutors, they stole more than $70 million.

What does the union say?

At Watson’s request, the Federal Office of Justice confirmed that such an arrest had taken place in Geneva. Media spokesman Raphael Frei:

The arrested person is blocking extradition – so far without success, as the FOJ further reports.

The decision of the Federal Office of Justice can still be appealed to the Swiss Federal Criminal Court or the Federal Supreme Court.

Who is the alleged boss of the gang?

According to Brian Krebs, the man is from Donetsk, a traditionally Russian region in eastern Ukraine that was recently annexed by Russia.

Nicknamed “Tank”, he was secretly indicted in the US in 2012 for allegedly using the Zeus malware and botnet to steal bank account information.

In his hometown he is a well-known DJ (disk jockey) who liked to be driven around in his high-end BMWs and Porsches. More recently, he has invested quite heavily in local businesses.

Another member of the JabberZeus gang — a Ukrainian-born man nicknamed “Aqua” — is also currently wanted by the FBI, according to Krebs. He has a $5 million bounty on his head.

Other members of the gang had been arrested before. Two Ukrainians were extradited from the UK to the US in 2015, pleaded guilty to conspiracy and are reportedly serving their sentences.

How did the gang do?

After the criminals stole the bank details (login and password) on their victims’ computers with their malware, they intruded into their bank accounts unnoticed. They then altered the companies’ pay slips to add dozens of so-called “money mules.” This is what criminal helpers are called who were recruited to process illegal bank transfers. The “mules” then sent the money – minus their commissions – abroad via wire transfer.

The group is said to have mainly hacked small and medium-sized companies in the United States and Western Europe and looted company accounts.

JabberZeus malware was developed by the alleged author of Zeus Trojan – Evgeniy Mikhailovich Bogachev, a top Russian criminal. It is a special version of the infamous banking trojan.

The name comes from the instant messaging service Jabber, which was integrated into the malware. This informed the hackers in real time when a victim logged into the bank account and unnoticed revealed his credentials.

Sources