Men jailed following E-Crime investigation

01 November 2011

Jailed: Yuriy Konovalenko

The ring leaders of a major organised criminal network which siphoned nearly £3 million from the bank accounts of unsuspecting members of the public were yesterday (Monday 31 October) jailed following an investigation by the Met's Police Central E-Crime Unit (PCeU)

Ukrainian nationals Yuriy Konovalenko aka Pavel Klikov (3.7.82 - 29 ys), and Yevhen Kulibaba (18.3.78 - 33 ys), both of 9 Nevada Heights, Chingford Mount Road, Chingford, were each jailed for four years and eight months at Croydon Crown Court after previously pleading guilty to conspiracy to defraud.

This result is the culmination of a complex and protracted investigation by detectives from the Met's Police Central e-Crime Unit which has seen 13 people jailed for their part in a sophisticated international online fraud that attacked the heart of the UK banking industry.

The investigation, codenamed Operation Lath, focussed on the activities of a group responsible for conducting a systematic and highly sophisticated banking fraud which attacked the banking accounts of hundreds of online customers.

The fraud was perpetrated through the use of banking 'Trojans' to infect the personal computers of bank account holders and subsequently secure funds from them. The malicious software programme was able to capture confidential information, such as usernames, passwords and account numbers. These details were then used to access those accounts without the knowledge of the owners. Funds were then transferred to a large number of receiving accounts controlled by the group.

Kulibaba was the principal within this group of conspirators. He was based in the Ukraine and was responsible for obtaining and allocating accounts to be attacked, and organising the UK based conspirators to set up and operate recipient accounts and remove funds from them.

Konovolenko was Kulibaba's right hand man in the UK. He had a co-ordinating role, organising the establishment and operation of recipient accounts and instructing those with responsibility for organising the removal of the money out of the recipient accounts.

During the investigation the PCeU worked closely with UK banks and colleagues from the Crown Prosecution Service, the FBI and the US Department of Justice.

On 29 September 2011, 20 individuals were arrested at addresses in London and the Home Counties. During house searches, computers, mobile telephones, false passports, banking documents and other exhibits were seized and later examined.

Further arrests were made and additional inquiries were conducted jointly with investigators from Her Majesties Revenue and Customs (HMRC).

The total amount stolen through the operation of the fraud has not been definitively established; however the UK prosecution looked at the activities of the 13 defendants between September 2009 and March 2010 and during this period the proved loss was at least £2,884,590. The total amount which the conspirators attempted to remove was at least £4,286,559.

Detective Inspector Colin Wetherill, from the Metropolitan Police Central eCrime Unit said:

"These defendants were part of an organised network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in the UK and United States.

"The investigation involved unprecedented levels of cooperation between the Metropolitan Police, the UK banks, the FBI and other UK and international law enforcement agencies. We are working hard to reduce the harm caused by these activities, to put fear into the minds of those contemplating these conspiracies and to bring such offenders to justice."

There are several steps individuals and institutions can take in order to minimise the likelihood of their computers becoming infected with malware:

Frequently check your operating system is up-to-date to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Security 'patches' are usually free and can be downloaded from the software vendors.

Run anti-virus and anti-spyware software - always run these softwares and keep them regularly updated.

Make sure your anti-virus programme has the capability to scan e-mail and files as they are downloaded from the Internet.

Run full disk scans periodically, which will help prevent malicious programmes from reaching your computer.

Use a personal firewall - a full firewall can protect your computer from unauthorised access when configured correctly.

Disconnect your computer from the Internet when you are not using it.

Avoid opening attachments or following links in emails and on websites.

Do thorough research before downloading any new, unknown software

Comprehensive advice can be found at www.getsafeonline.com