Carberp gang arrested in Russia

Eight men have been arrested in Moscow for having allegedly stolen over $2 million from the bank accounts of over 90 Russian individuals by infecting their computers with the Carberp Trojan and other malware.

The group’s activities have first been discovered by law enforcement in October 2011.

The arrests were executed following a joint investigation by the Russian Ministry of Internal Affairs’s computer crimes unit and the Federal Security Service’s Center for Information Security. Among the arrested eight, two unnamed brothers are believed to be the leaders of the cyber gang.

According to the press release (via Google Translate) issued by the Ministry of Internal Affairs, the elder one has been released on bond, while the younger one remains in police custody as he was a wanted man in Russia even prior to this arrest due to accusations of having participated in real estate fraud schemes.

The remaining six are kept under house arrest, and include the administrator of the botnet and the money mules that would withdraw the stolen money from ATMs.

According to the Ministry of Internal Affairs, the gang compromised popular Russian websites by injecting malicious scripts that would trigger drive-by-download attacks and infect the victims’ computers with the information-stealing Carberp Trojan and the backdoor-opening RDPdor Trojan.

Carberp would record the users’ banking credentials and send them to the criminals, who used them to transfer money to their own bank accounts to be ultimately withdrawn by the mules.

All in all, they managed to compromise around 90 bank accounts in various Russian banks and to steal over 60 million rubles.

The gang even rented an office space in Moscow and posed as a legitimate computer company. During the raid on the offices and the suspects’ apartments, law enforcement officers confiscated the computer equipment that was used to connect to the victims’ machines, a large number of bank cards, many types of forged documents and some 7.5 million rubles (around $260,000).

The suspects will be accused of creating, using and disseminating of harmful computer programs, theft and illegal access to computer information and, if convicted, could be jailed for up to 10 years.

In the end, these arrests seem to confirm the long-standing theory that Russian law enforcement goes after cyber criminals only if they target Russian citizens.

UPDATE:
Group-IB, a Russian company that assisted in the investigation offered more details about the gang.

“Group-IB experts first encountered the activities of this group in November 2010, and in January 2011 the head of the criminal group was identified. However, a vast amount of effort was devoted to documenting his activities and identifying his accomplices. The investigation was complicated by the fact that the individual was constantly on the move throughout the country, and often was outside the Russian Federation,” they pointed out.

“The investigation of the botnet and its servers, obtained as a result of interaction with specialized organizations in various countries, including Holland and Canada, helped prevent theft of funds from clients of over a hundred banking institutions worldwide.”

The company says that the gang managed to steal over 130 million rubles (some $4.5 millions) in total. It also seems that apart from stealing money, they also used the botnet they created to carry out DDoS attacks.

Don't miss