Fraud is costing small firms in the UK £22 billion a year and cyber-crime is a significant contributor. Last year, the police stopped a notorious gang of cyber criminals who had stolen and blackmailed as much as half a billion pounds from their victims around the world.
The GameOver Zeus Crew, who were believed to be based in Russia, were a sophisticated cyber-crime group who targeted businesses and individuals by raiding their bank accounts. The UK’s National Cyber Crime Unit (NCCU) were part of the global police operation to take them down.
This gang used highly advanced software to gain access to and take control of victims’ computers. They targeted their corporate victims through a number of techniques, including sending urgent messages which purported to be from HMRC or Companies House, and often included specific details about the targeted company to make the email more convincing. Inside the email was an attachment or link which, when the victim clicked on it, infected their computer with the GameOver Zeus virus. If the computer’s keyboard wasn’t in Russian, it then installed another virus which allowed the gang to take control of the machine.
“Anything you can do on your computer, they can do on your computer without you knowing,” said Stewart Garrick, who was in charge of the NCCU's investigation. “I know of more than 15,000 computers in the UK infected with this right now.”
Once the virus was installed, the hackers could then access the victim’s bank accounts to steal money. It also gave them complete access to the computer, so they could find out passwords, turn on webcams and record videos of what was happening on the screen. Which then meant they could blackmail the victim.
One blackmailing method they used was through the virus Cryptolocker, which scrambled the computer’s files. It then created a deadline for the victim to pay a ransom in order to retrieve the original files. The gang targeted doctors’ surgeries, lawyers and police stations around the world using this tactic. They demanded payment in the virtual – and controversial – Bitcoin currency.
Once the virus was active on a victim’s computer, it would lie dormant until the victim connected to their online banking, at which point it alerted the criminal, who could then create fake pages and alter what was on screen so the user would be tricked into authorising outgoing transfers. One victim was AEV, a UK-based varnish company.
“We lost £100,000 in under three minutes,” Jonathan Kemp, AEV’s Managing Director revealed. “We started the day normally, and by the end of it there was utter horror.”
Although they eventually got their money back from the bank, the gang has successfully targeted millions of victims around the world, showing the vast scale of their illegal earnings.
The NCCU and FBI joined forces to re-programme infected computers and stop them from communicating with each other, in order to break up the gang’s network. They also enlisted internet companies to attack the hackers’ reserve network of command computers that sent instructions to hacked machines. The gang has temporarily been stopped, but with such sophisticated knowledge and software, it’s likely they’ll re-emerge.
To protect yourself from cyber-crime and commercial fraud, make sure your operating system is up-to-date (for PCs this is Microsoft Windows while for Apple machines it’s Mac OS). Next, you should install and run-anti-virus software – making sure it’s the latest version. For extra security buy the anti-virus software as a CD, so you can ensure you don’t download fake anti-virus software. The government’s Get Safe Online website also provides expert advice about how to protect yourself from fraud.
Don’t forget, it’s important to make cyber-crime a key part of your company’s strategy to make sure you don’t fall victim to commercial fraud.