Two men jailed following SpyEye banking malware investigation
UK, Danish and Dutch citizens suffered online banking fraud
By Anh Nguyen | Computerworld UK | Published: 18:10, 02 July 2012
Two men who used malware SpyEye to steal and use personal banking and credit card data from unsuspecting victims’ online accounts have been jailed for offences under the Computer Misuse Act.
SpyEye is a computer Trojan horse that specifically targets online banking users. Like its older cousin Zeus, SpyEye is no longer being developed by its original author, but is still widely used by cybercriminals in their operations.
Pavel Cyganok, 28, a Lithuanian national living in Birmingham was sentenced to five years, while Ilja Zakrevski, 26, an Estonian national, has been sentenced to four years.
Related Articles on Techworld
Meanwhile, a third man, Aldis Krummins, 45, a Latvian living in Goole, was found guilty of money laundering in relation to the investigation, and sentenced to two years.
The investigation began in January and revolved around the group's use of a uniquely modified variation of SpyEye, which harvests personal banking details and sends the credentials to a remote server controlled by hackers, police said. As part of their investigation, police also seized computer equipment and data.
Detective Constable Bob Burls from the Metropolitan Police Central e-crime Unit (PCeU) said: “The defendants, during the course of their enterprise, developed a highly-organised IT infrastructure to enable their criminality, including in some cases, the automatic infection of innocent computer users with their malicious code.”
The PCeU was first contacted by Estonian Police in March 2010 about Zavrevski, whom they suspected was targeting UK financial institutions with SpyEye.
The stolen data was stored in databases, known as Command and Control servers, around the world, with one server in the UK.
An investigation found that about 1,000 computers had been infected and connected to this server, and detectives were also able to identify compromised bank accounts of UK, Danish and Dutch citizens, and how they had been misused and defrauded.
The culprits used the stolen banking details to buy additional IT infrastructure and pay for their domestic utilities and lifestyles.
They also used the credit card data to purchase luxury goods online in bulk, which they resold via online auction sites. Some of the £100,000 made from these sales was laundered within online accounts that the cybercriminals controlled.
Zakrevski was linked to the investigation when the police found a computer located in Estonia connected to his online username, ASAP911, which was periodically checking how many infected computers were connecting to the server. He was extradited to the UK and charged in July 2011.
Meanwhile, Cyganok was arrested at his home address in April 2012, and was found to be logged into a number of the command and control servers at the time.