‘Zeus Trojan’ zaps $3 million from bank accounts

New York (CNNMoney.com): An international cybercrime ring was broken up Thursday by federal and state officials who say the alleged hackers used phony e-mails to obtain personal passwords and empty more than $3 million from U.S. bank accounts.

The U.S. Attorney’s Office charged 37 individuals for allegedly using a malicious computer program called Zeus Trojan to hack into the bank accounts of U.S. businesses and municipal entities.

In a related case, the Manhattan District Attorney, Cyrus Vance, charged 36 individuals for allegedly stealing $860,000 from dozens of individuals and corporations, including JPMorgan Chase.

Law enforcement officials arrested 10 of the defendants Thursday after 10 had already been taken into custody. Those individuals are expected to appear in court later Thursday in New York. Another 17 suspects are still being sought in the United States and abroad.

“This advanced cybercrime ring is a disturbing example of organised crime in the 21st Century -- high tech and widespread,” New York District Attorney Cyrus Vance said in a statement.

According to complaints unsealed in Manhattan federal court, defendants used the Zeus Trojan program to surreptitiously obtain personal information and then hack into victims’ bank accounts.

The hackers then allegedly made unauthorised transfers of “thousands of dollars” to the bank accounts belonging to co-conspirators. Prosecutors said the malware was typically sent as an “apparently-benign e-mail” that embedded itself in the victims’ computers once it was opened.

The program, officials said, recorded keystrokes and allowed hackers to steal private account information, passwords and other “vital security codes.”

The alleged cybercriminals, based in Eastern Europe, used “money mules” to transport the stolen money overseas. Some of the mules had entered the United States on student visas or by using fake passports, according to the federal complaint. The FBI has already arrested 10 alleged money mules and 17 remain at large.

“The Zeus Trojan allegedly allowed the hackers, from thousands of miles away, to get their hands on other peoples’ money,” said FBI Assistant Director Janice Fedarcyk.

“But their scheme didn’t eliminate risk,” she added. “Like the money mules, many, if not all, will end up behind bars.”

The announcement marks the culmination of a year-long investigation conducted by several state and federal agencies, including the FBI, the New York Police Department, the State Department and the U.S. Secret Service.