Hacker uses Trojan to steal account numbers, swindle $112,000

A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims’ computers.

According to court documents, Alexey Mineev set up several “drop accounts” that were then wired funds stolen from banking and brokerage accounts between July and December 2007. He pleaded guilty to one count of money laundering on Wednesday, according to Mike Ruocco, deputy to Judge Paul Gardephe of the U.S. District Court for the Southern District of New York, who is presiding in the case.

The criminals would infect PCs with malicious Trojan software that would steal account numbers and passwords whenever victims logged into their accounts online.

Authorities say that another conspirator, Alexander Bobnev, would e-mail Mineev screenshots of the hacked accounts showing how much money was being transferred into Mineev’s drop account, along with instructions such as “Withdraw the money … tomorrow.”

Mineev would then move the cash, sometimes as much as US$10,000, to Russia, using services such as Western Union.

Trojans are malicious programs that users install on their computers, believing them to be benign. Hackers disguise them as things such as video codecs, screensavers, and even security patches.

Account theft is a growing problem for banks and brokerage firms. They want to keep offering customers low-cost online banking services but are also sustaining losses from international criminals. Once the money has been moved offshore, it is virtually impossible to recover, security experts say.

Fraudsters often try to recruit so-called money mules to move funds from hacked accounts overseas. Often these mules are unwitting participants in the scheme, believing that they are simply doing freelance payroll work for international companies.

When charges were filed against Mineev and Bobnev last November, the U.S. Department of Justice charged a third man, Aleksey Volynskiy of New York, of also setting up drop accounts and laundering stolen money. Bobnev, of Volgograd, Russia, reportedly is out of the reach of U.S. law enforcement in his home country.

Mineev faces as much as two years in prison and a fine as high as $40,000 on the charge.

In his plea agreement, he said he would return the $112,000 he made from the scheme.

Source: Computerworld.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs