MAY 11, 2010
FBI Targets Cyber 'Mules'
By SIOBHAN GORMAN
The FBI is planning a major prosecution to bust up the operations that cyber criminals use to turn funds stolen online into hard cash, a top bureau official said Tuesday.
The Federal Bureau of Investigation is targeting the end of the criminal supply chain--the "money mules" who receive transfers of stolen funds in their banks accounts--to raise public awareness and dissuade people from becoming mules, said Patrick Carney, acting chief of the FBI's Cyber Criminal Section.
"We want to start to get some attention on this issue," he said at a Federal Deposit Insurance Corp. forum on banking and cyber crime in Arlington, Va. "We think a good way to drive that home would be to prosecute them."
Mule operations are a critical node in the cyber underground. When criminals drain a bank account, they transfer the stolen funds to a mule's account, making the transaction appear legitimate. The mule will then withdraw the money and send it to criminal associates, usually overseas in countries like Ukraine, Russia and Moldova.
The prosecution is part of a yearlong effort to crack down on cyber criminals who have been preying on small businesses, churches and schools by inserting spyware on the computers they use for online banking, stealing bank-account data and draining their accounts, Mr. Carney said in an interview.
The FBI is working on more than 250 cases, involving attempts to steal hundreds of millions of dollars, he said. The thefts have prompted lawsuits around the country when some banks refused to reimburse their customers.
"We want to take out the entire criminal infrastructure," Mr. Carney said.
The criminal operations are abetted by "an army of mules," Mr. Carney said. The mule investigation is following many different players in these operations, including people recruiting and organizing the mules and those establishing front companies, as well as the mules themselves.
Mr. Carney declined to say when the FBI planned to formally prosecute people involved in mule operations, but said the bureau would charge people who it could show were knowingly involved in criminal enterprises.
Not all mules realize they are part of a criminal enterprise. Criminals often advertise for logistics positions on job-listing Web sites like Monster.com or Careerbuilder.com to appear legitimate. While the listing companies work to ferret out criminal postings, they can't catch them all, and some desperate job seekers apply for these positions.
"I find it difficult to believe there are that many people who believe it's a legitimate job," Mr. Carney said.
Bankers at Tuesday's forum also said customers have to take some responsibility for preventing these kinds of thefts.
Sam Vallandingham, chief information officer at First State Bank in West Virginia, said customer agreements determined whether the customer or the bank was liable in the instance of these online thefts.
The presumption that it is always the bank's responsibility to prevent thefts that originate from a customer's computer isn't fair, he said, adding that customers "have to have some culpability."
White House cyber chief Howard Schmidt cast a rosy picture of efforts under way to combat cyberattacks, saying that the government needs to "continue to do it right" in its efforts to protect government computer networks and to work with the private sector to guard networks across the country.
Write to Siobhan Gorman at siobhan.gorman@wsj.com