ClientBridge

Return of 150,000 rubles

Group-IB together with the Ministry of Internal Affairs at the end of 2010 within investigation of a case of fraud with the remote bank service (RBS) in ClientBridge company came to the criminal network which stole more than 300 million rubles.

Frauds in the system of remote banking happen in Russia daily and bring huge damage to the companies and individuals. Swindlers devastate accounts in not dependence on a balance status on them: 10 thousand rubles or 40 million. Often as a result of fraud of the company lose all the current assets that further existence of business threatens.

Group-IB within three last years performs response to frauds in the RBS systems and monitors all changes in this direction of criminal activity. Forces of our experts revealed and investigated hundreds of incidents in RBS, on many of which we helped to return money to the injured party, and the militia made responsible organizers.

The ClientBridge company was included in the list of the affected companies, stole 150,000 rubles using the RBS system from them. The company management quickly detected the fraud fact: from bank the call with information on suspicious payment for the amount about 150,000 rubles addressed to the individual which, nevertheless, was performed arrived.

The CEO contacted the operations duty officer of Group-IB, described a situation and asked to help to return money and to investigate an incident. After the appeal to the company the group of reaction began to act according to the plan, standard for this case.

Within an hour the group on response to incidents was at office ClientBridge where collected necessary information on an incident, removed an image from a disk from the PC of the accountant which was sealed up afterwards and put in the safe before arrival of police officers for preserving of evidential base invariable.

Along with departure of group of response to incidents, the relevant divisions of the Ministry of Internal Affairs and bank in which the account of the individual into which money arrived is opened were informed on an incident. The bank blocked the account that allowed to return money quickly afterwards.

Examination of collected proofs showed that theft of user data (the login/password, bank keys) was performed using the modified Trojan like ZBot which transferred all necessary information to the server of the owner of a botnet.

Investigation, joint with the Ministry of Internal Affairs, allowed to identify the persons participating in technical implementation of crime who in an effect were delayed, and charge is brought to them. At the moment there is a development of other participants of criminal group. As it became clear during the investigation, this criminal group stole more than 300 million rubles from accounts more than 50 companies across all Russia.

The ClientBridge company received the money back in 5 days after the incident.