FBI stresses international co-operation in Zeus arrests

The FBI has revealed it worked with multiple countries' law enforcement agencies to quell a Zeus botnet scam that stole money from individuals in the US, UK and Mexico
Written by Jack Clark, Contributor on

The break-up of a huge Zeus botnet ring was the result of an "unprecedented" partnership between the FBI and police forces around the world, according to the US law enforcement organisation.

The bureau worked with the UK's Metropolitan Police, the Security Service of Ukraine (SBU) and the Netherlands Police Agency to expose the cybercrime ring responsible for stealing $70m (£44m), the FBI said on Friday. So far the international Operation Trident Breach effort has yielded more than 150 arrests across the US, the UK and Ukraine, it said.

"No one country, no one company and no one agency can stop cybercrime. The only way to do that is by standing together," FBI director Robert Mueller said in a statement.

The transcontinental botnet ring, which sought to thieve over $220m in assets, successfully stole $70m before the arrests occurred. The scammers used Zeus Trojans to infect victims' computers and steal their banking credentials. Funds were then emptied from the victims' bank accounts and filtered through a network of money-routing 'mule' accounts, before being passed back to the central organisation, located in eastern Europe.

Five individuals were detained by the SBU on Thursday, the FBI announced. It described the detained individuals as "key subjects responsible for this overarching scheme".

Also on Thursday, 37 individuals implicated in the international botnet ring were charged by the FBI and the US Attorney's office in southern New York.

A further 10 individuals were arrested and charged in connection with the Zeus botnet in the UK on Thursday. Those arrested hailed from Ukraine, Latvia, Estonia and Belarus and were aged between 23 and 33 years old. They were charged with conspiring to defraud HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB.

An FBI graphic (PDF) shows the structure of the transnational scam. The victims were located in the USA, Mexico and UK, while the money-routing mule organisations were based in the US, UK and eastern Europe. The actual malware coders and exploiters are identified as operating in both Ukraine and the UK.

Editorial standards