19 arrested in Zeus bank fraud bust

Police Central e-Crime Unit officers have arrested 19 people suspected of being involved in multi-million pound bank account theft.

Thousands of personal computers in the UK have been infected with malicious code, including the infamous Zeus Trojan, also known as Zbot, according to the Metropolitan Police,

Zeus is capable of both stealing passwords and making infected computers become part of a criminal botnet.

By using Zbot, a criminal network was able to acquire login details, compromise online accounts and then move funds from these into "mule" or "drop" accounts controlled by the gang, the authorities believe.

Investigators believe the criminal organisation has stolen money from a number of major world banks, while UK financial institutions had 6 million stolen in just three months.

The overall UK figure is likely to rise significantly as the investigation continues, the Met said.

Arrests were carried out across London, with 15 men and four women taken into custody in a number of police stations across the capital.

During the investigation police worked with the Virtual Task Force, a cyber crime information sharing body consisting of partners from across the financial service industry, universities and other organisations.

"We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts, causing immense personal anxiety and significant financial harm - which of course banks have had to repay at considerable cost to the economy," said Detective Chief Inspector Terry Wilson, from the PCeU.

Martin Muirhead, chairman of the Virtual Task Force, added: "This is an excellent example of how to bring to bear the resources and expertise of multiple agencies and public / private organisations in the UK. This is pioneering work led by the Metropolitan Police Service."

Dave Jevans, chief executive of IronKey, said that while the arrests are positive, financially-motivated cyber attacks have become more widespread and increasingly targeted at businesses.

"Unfortunately, this is only the tip of the cyber crime iceberg as in the in the past 18 months, the bad guys in the US, Latin America and Europe have realised it is a lot easier to steal 500k from a corporate account in one go than it is to take 1k from 500 consumers," Jevans said.

"And unlike the consumer banking customers who been targeted by the cyber criminals, businesses that have funds stolen aren't insured."

Mel Morris, chief executive of Prevx, was also skeptical of the impact the arrests will make calling the case "a drop in the ocean."

"These criminals' techniques are so advanced that they are able to quickly spot weaknesses in most defences by using centralised intelligence gathered from analysis of the anti-malware development models of traditional vendors to fly under the radar of malware detection," Morris added.

Earlier this year, it emerged the PCeU will not be getting a planned 1 million boost from the Home Office next year.

Questions have been raised in the security industry over whether the police need extra funding to fight cyber crime in the UK.