While we think it’s important to profile the crimes of cybercriminals and the threats they pose to organizations of all shapes and sizes, it’s also essential to remind ourselves time and time again that they are people and they do get caught.
Previously, we looked at one British man who was caught running an online banking fraud system. Today, we’re going to analyze another banking fraudster who was recently apprehended.
Of Fraud and Mules
The US Department of Justice announced that Vyacheslav Khaimov pleaded guilty on February 3rd for running an international cybercrime operation which stole $1.2 million from at least 30 victims.
The attack involved a sophisticated form of malware which gained access to the victim’s bank accounts. After grabbing these funds, they were then transmitted to intermediaries and sent through “mules.” What exactly are these mules, you might be wondering?
“Mules are typically unsuspecting individuals who believe they are working for a legitimate ‘work from home’ business,” said FBI Special Agent George Schultzel. “As part of their ’employment,’ the mules are instructed, typically via email, to open a bank account and receive the funds that have been removed from victims’ bank accounts. The mule is then provided further instructions as to where to send the money she/he has received.”
The FBI states that the individuals who served as mules were recruited by a man named “Samuel Gold,” who would only communicate through phone and email. Schnutlzel explained that none of them ever met Gold, but they were instructed to send cashier’s checks to a sporting goods store – where Khaimov was employed as a manager.
An Active Approach
Ultimately, Khaimov was uncovered once the FBI connected all of these intermediaries back to him, but his actions help underscore a new reality.
“Modern-day bank robbers no longer need a gunman and a getaway driver,” William F. Sweeney Jr., FBI Assistant Director in charge of New York field office, said. “Today, they just need a malware operator and money mules to carry out their crime from anywhere in the world.”
While this may be a demoralizing admission, just because people are willing to attempt these types of attacks does not mean they are going to be successful.
As Robert L. Capers, the US Attorney for the Eastern District of New York, said, “The proliferation of malicious software is a scourge on our society. Cybercriminal networks like the network that the defendant allegedly was a part of are responsible for pillaging innocent victims’ bank accounts and wreaking havoc on our financial institutions through the use of malware. They will be pursued and prosecuted to the full extent of the law.”