Sophos reported that the police in the Turkish city of Izmir have arrested 17 members of a gang who broke into online bank accounts and stole $300,000 from internet users. Law enforcement agencies claim that the gang worked alongside three Russian hackers, who provided them with banking usernames and passwords stolen through spyware.
The Russian hackers are said to have shared the password information of thousands of unsuspecting Turkish internet users in exchange for ten percent of the money stolen.
Reports in the Turkish media say that hundreds of internet users began to complain about unexpected withdrawals from their online bank accounts in January. A 20-strong team of the Izmir Organised Crime Bureau investigated the case, discovered the IP addresses of the computers making the illegal transactions, and made simultaneous raids at different addresses in Izmir, Fethiye, Didim and Kusadasi.
“In recent years there has been steady growth in the number of viruses and Trojan horses written to steal banking information from web surfers. Spyware can silently hide on users’ computer waiting for them to type in their confidential information and then surreptitiously share it with the hackers,” said Graham Cluley, senior technology consultant for Sophos. “The Turkish authorities should be applauded for looking into this case so speedily, but phishing and spyware is a global problem, and requires a global clampdown. What’s more, all computer users need to defend themselves better against these kind of menaces if they want to continue to bank online safely.”
Names of the three suspected Russian hackers have been shared with Interpol. Sophos experts note that Russia is one of the top producers of malware, accounting for 4.1 percent of all malware authored during 2006.