Suspected hackers behind Carberp botnet, Eurograbber arrested

The masterminds allegedly behind a cybercrime ring which stole millions of dollars from the financial industry and consumers have been arrested.
Written by Charlie Osborne, Contributing Writer

Alleged members of a botnet ring that systematically stole money from Internet users worldwide have been arrested.


According to publication the Kommersant Ukraine, the leader of the Carberp botnet operation, as well as members of the ring's virus and malware development team, are now in custody. The arrests were jointly made between the Security Service of Ukraine and the Russian Federal Security Service.

The publication says that over $250 million has been stolen by the members of the botnet ring, which had roughly 20 members aged between 25 and 30. Rather than working as a cohesive unit, the cybercrime operation's members were separately "responsible for their part of the software development unit." The ringleader of the cybercrime ring is apparently a 28 year-old Russian, who was living in Ukraine at the time of arrest and organized the operation remotely.

The alleged members of the ring have had their computer equipment confiscated, and are currently under house arrest. If found guilty, under current law, they could face up to five years in prison.

Citing a source within Ukraine's Ministry of Internal Affairs, the Kommersant says that levels of cybercrime in Ukraine remain on the increase. The unnamed member of the ministry commented:

"This is a natural process -- an annual increase in the number of Internet users, and hence the number of scams. In 2012, [we] recorded 139 cases of unauthorized withdrawal of funds from the accounts of companies [...] for a total of over $116 million. We managed to return 80 percent of that amount, with a significant part without delay, within two hours of the crime."

The Carberp trojan appeared in 2010, and mainly targeted bank users in both Russia and Ukraine -- twisting Java in order to hijack banking applications and software used by over 800 financial institutions. The botnet which spread the malware was a variant of Zeus. However, after a number of arrests were made in 2012, the malware's presence lowered. It rose once more through the discovered of the "Eurograbber" botnet system, which according to security firm Checkpoint, has swiped approximately $47 million through infiltrating mobile devices and PCs.

Editorial standards