37 people are being charged in the United States for their alleged role in an international fraud ring based in East Europe that stole more than $3 million from bank accounts belonging primarily to small businesses and municipalities, according to indictments released Thursday.
The sophisticated ring included a multitude of East Europeans who entered the United States on student visas and fake passports to operate as so-called “money mules,” laundering funds stolen from U.S. accounts and sending the money overseas.
Hackers believed to be in East Europe ran a botnet that used variants of the Zeus malware delivered to victims via e-mail. Zeus infected the victims’ computers to steal bank login credentials. The scammers then took over the accounts to initiate illegal bank transfers to other accounts controlled by the mules.
Last January, for example, about $130,000 was siphoned from the California bank account of a hospital.
The charges, filed in the Southern District of New York, are the culmination of a year-long investigation, dubbed Operation ACHing mules. “ACH” refers to Automated Clearing House, the system under which funds can be electronically transferred from one financial account to another.
The thieves recruited mules who entered the United States on J1 student visas, then provided them with the fake foreign passports. The mules used the passports to open fraudulent bank accounts in the United States under aliases to receive stolen funds transferred out of victim accounts. The mules then forwarded the funds to other bank accounts overseas or withdrew the cash at ATMs and smuggled the money out of the country.
The charges target 37 people in 21 separate cases. Nearly all of the suspects are in their 20s. Ten people were arrested in the United States in a coordinated takedown that coincided with the indictment release; 10 people were previously arrested. Another 17 (pictured above) are still at large. Those who have been arrested are mostly mules, but they also include managers and recruiters of the mules, as well as an individual, Sofia Dikova, who allegedly obtained the fake passports.
A shipment of fake passports was intercepted by authorities at Newark Liberty International Airport last January, which included a false Yugoslavian passport under the name Vesna Jelkovic, which bore Dikova’s photo.
The defendants are Lilian Adam, 21; Kasum Adigyuzelov, 25; Konstantin Akobirov, 25; Lorenzo Babbo, 20; Jamal Beyrouti, 53; Dorin Codreanu, 21; Catalina Cortac, 21; Natalia Demina, 23; Sofia Dikova, 20; Alexander Fedorov, 24; Adel Gataullin, 22; Nikolai Garifulin, 21; Kristina Izvekova, 22; Ilya Karasev, 22; Alexander Kireev, 22; Yulia Klepikova, 22; Ruslan Kovtanyuk, 24; Maxim Miroshnichenko, 22; Marina Misyura, 22; Victoria Opinca, 21; Marina Oprea, 20; Margarita Pakhomova, 21; Maxim Panferov, 23; Sabina Rafikova, 23; Almira Rakmatulina, 20; Stanislav Rastorguev, 22; Dmitry Saprunov, 22; Artem Semenov, 23; Julia Shpirko, 20; Julia Sidorenko, 22; Alexandr Sorokin, 23; Krintina Svechinskaya, 21; Alina Turuta, 21; Artem Tsygankov, 22; Vincenzo Vitello, 29; Ion Volosciuc, 19; Anton Yuferitsyn, 26.
Garifulin allegedly helped smuggle $150,000 from the United States to Russia to pay three hackers.
Adigyuzelov allegedly placed ads on Russian-language websites to recruit students who had J1 visas then obtained fake passports for the recruits.
Federov allegedly coordinated the activities of mules through Russian social networking sites.
Beyrouti, Babbo and Vitello worked with scammers who breached brokerage accounts at E-Trade and TD Ameritrade. The hackers then executed fraudulent sales of securities and transferred the proceeds from the sale to the mules’ accounts. The receiving accounts were set up in the names of shell companies and linked to the hacked accounts.
Meanwhile, the victims’ phones received a barrage of calls to prevent the brokerage firms from contacting them to confirm the legitimacy of the transactions. When the victims answered their phone, they would hear silence or a recorded message. About $1.2 million was transferred to shell accounts opened by the suspects, who then transferred the money to other accounts in Asia or withdraw the money from ATMs in the New York area.
Last May, authorities in Florida revealed a number of cases they were investigating involving similar telephony denial-of-service attacks. In one case, a Florida dentist had $400,000 taken from his Ameritrade retirement account while the thieves flooded his home, work and mobile numbers with repeated calls.
According to documents in the New York case, Semenov, Rakmatulina and Shpirko – all Russian nationals – entered the United States on J1 visas in 2009 and 2010. Semenov recruited the other two and was arrested last December in New York while attempting to open a fraudulent bank account at a Manhattan Bank of America branch.
He was released on bail and four days later opened another fraudulent bank account. Some $70,000 was wired to fake accounts he controlled from the accounts of five different victims.
Marina Oprea, Catalina Cortac, Ion Volosciuc, Lilian Adam, all citizens of Moldova entered the United States this past summer. Oprea allegedly opened six accounts that received more than $250,000 in stolen funds.
The ring is connected to another case in the United Kingdom disclosed this week. On Tuesday 20 people were seized in London for allegedly stealing more than $9 million from British banks HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB.
According to the indictment, New York investigators became involved in the international case after receiving reports of a suspicious $44,000 withdrawal from a Bronx bank in February.
The charges vary among the defendants and include bank fraud, conspiracy to commit wire fraud, money laundering, production of false identification documents and fraudulent use of
passports, conspiracy to commit bank fraud.