Two Ukrainian nationals who had used a banking Trojan to siphon funds from an unknown number of UK targets were on Monday sentenced to four years and eight months imprisonment.
Yuriy Konovalenko and Yevhen Kulibaba, both residents of north east London suburb Chingford, were the ring leaders of an online crime group that siphoned nearly £3 million (AU$4.6 million) from UK accounts using credentials acquired through an information-stealing banking Trojan, according to Scotland Yard.
The malware they used was able to capture usernames, passwords and account numbers. The stolen credentials were used to transfer funds to a large number of accounts the group had established as receiving accounts.
The pair, who arrested following an investigation by the Met’s Police Central E-Crime Unit, were the most recent of 13 others who have been jailed for their role in the crime.
In September this year 20 people residing in London were arrested under the Met’s investigation, codenamed Operation Lath.
Kulibaba (pictured) was the ring leader of the group and from his Ukrainian based obtained and allocated accounts to be attacked, according to the Met. Konovolenko was the UK coordinator, responsible for opening receiving accounts and transferring money from compromised accounts.
The capture of the group was the result of a coordinated effort between the FBI, the US Justice Department, PCeU, UK banks and other international law enforcement agencies.
To minimise the risk of falling victim to such crimes The Met advised individuals and businesses to do what for some may be a challenge.
These included: run antivirus that can scan email and files downloaded from the web; run antispyware; apply security patches; use a correctly configured firewall; update the operating system; disconnect the computer from the internet when it is not being used; check software before downloading it; and avoid opening attachments or following links in emails and on websites.