Security: Zeus brought down by Operation Trident Beach
By nwooler on Oct 01, 2010
I am finally caught up after a great week last week at Oracle Open World. And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the Zeus Trojan to steal allegedly $70M. Details are still coming out but according to this article by The Register the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally. One thing is for sure you have to admire the naming capabilities of the team which came up with "Operation Trident Beach" which shows marketing doesn't have a monopoly on naming talent. Here is a quick paragraph taken from The Register article (full text here):
Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system.
The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals.
I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening. According to Mark: "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics." As more details come out about the cyber-crime ring and Zeus we will bring you details.