Zeus fraud gang member gets jail sentence

A Latvian woman has been convicted of money laundering, as part of an intricate international case against an Eastern European gang that used a Zeus banking Trojan to steal millions of pounds from British banks.

Karina Kostromina has been sentenced to two years in jail for her role in a gang that used a Zeus Trojan to steal money. Photo credit: Metropolitan Police

On Monday, Karina Kostromina was found guilty and sentenced to two years' jail at Croydon Crown Court for her part in the e-crime, which netted over £2.8m from UK bank customers.

"This was a sophisticated Eastern European crime group harvesting financial details on a global basis and moving it through UK accounts," Charlie McMurdie, head of the Metropolitan Police's Central eCrime Unit (PCeU), told ZDNet UK.

The gang was caught as part of an international police investigation called Operation Lath, which involved the FBI and UK agencies including GCHQ and the Serious Organised Crime Agency (Soca). The fraud's two main constituents were hacking and money laundering.

The gang's kingpin was Kostromina's husband, 33-year-old Ukrainian Yevhen Kulibaba. Based in the Ukraine, Kulibaba allocated the accounts to be attacked. Kostromina used her British bank account to receive tens of thousands of pounds as proceeds of the e-fraud.

The gang infected people's computers with the Zeus Trojan. In the UK, they stole from customers of HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB. After taking money from victims' accounts, they transferred it to other accounts and then withdrew the cash. Many of the major UK banks were affected, either by the thefts or by being used to transfer funds, said McMurdie.

Between September 2009 and March 2010, the proven loss was at least £2,884,590, according to the Metropolitan Police. The amount the conspirators attempted to remove was at least £4,286,559, but could run into the tens of millions of pounds, ZDNet UK understands.

Gang members

In addition to Kostromina and Kulibaba, 11 other gang members were indicted on various charges of conspiracy to defraud and money laundering. They are: Yuriy Konovalenko, aka Pavel Klikov; Yuriy Dzehilevich, aka Aleksander Kusner; Roman Zenyk; Eduard Babaryka, aka Eduard Priganov; c, aka Vadims Ivanovs; Valerij Milka; Iryna Prokopchyk; Ivars Poikans; Kaspars Ciematniek; Yurij Khodus, aka Artus Dzenis; and Andrei Yakimovich, aka Pavels Berkis. 

Police described Konovalenko as Kulibaba's "right-hand man" in the UK. Konovolenko co-ordinated recipient 'mule' accounts and facilitated the movement of funds. Dzehilevich worked closely with Konovalenko, running a mule account and managing other mules.

The UK members made up just one part of a massive global fraud ring. In October 2010, the FBI and Dutch police broke up another part of the cybercrime gang in Operation Trident Breach. Worldwide, over 150 people have been arrested for stealing funds of approximately £44m. The Zeus malware coders operated in the Ukraine and in the UK.

The US elements of the trial are ongoing. In the UK, the case concluded at Croydon Crown Court on Monday, with Kulibaba due to be sentenced on 4 November.