Four London-based men, found guilty of using a sophisticated Trojan horse to steal money from online bank accounts, have been sentenced to a total of over 13 years in prison by a British court.
The malware deployed by Azamat Rahmonov, Shohruh Fayziev, Joao Dos Santos Cruz, and Paulo Jorgi (also known as Ricardo Pereira) waited until internet users tried to log in to their online bank, before displaying a fake login page to steal credentials.
The Trojan horse then altered the customer’s account without their knowledge, creating a new payee in what is known as a “man-in-the-browser” attack.
Later in the day a third party would access the bank account and transfer funds to a specially-recruited money mule. The mule, in turn, would be instructed to withdraw the stolen cash at another bank, earning a commission in the process, before ultimately wiring the illegal proceeds to Eastern Europe.
Rahmonov and Fayziev, who are both Uzbekistan nationals, and Angolan-born Dos Santos Cruz were charged with conspiracy to defraud various financial organisations and money laundering. At Southwark Crown Court at the end of last week, they received 4 and a half years, 4 years, and 21 month long jail sentences respectively. 36-year-old Jorgi, a Portuguese national, pleaded guilty to money-laundering offences and was sentenced to 21 months in prison.
“As a result of this Trojan virus fraud very many people – 138 customers – were affected in this way with just under £600,000 being fraudulently transferred. Some of that money, nearly £140,000, was recouped by NatWest’s parent company the Royal Bank of Scotland after they became aware of this scam,” prosecutor Dominic Connolly told the court.
The arrest of the gang in April 2009 was heralded as the first success of the newly-created British PCeU (Police Central e-crime Unit).
A fifth member of the gang, 21-year-old Venezuelan Edgar Orlando Henriques who has pleaded guilty to money-laundering offences, failed to appear for sentencing, and the authorities are requesting assistance in locating his whereabouts.
Remember to tell your friends and family – if you are approached out-of-the-blue by a “financial organisation” offering you a career moving money from bank accounts that you could be getting yourself in hot water. The crime fighting authorities are likely to take a dim view of you if you’ve been helping the hackers by acting as their money mules.