Additional suspects were apparently arrested in London, with some 60 individuals reportedly targeted for prosecution as either ringleaders or "money mules."
The fraud reads like something out of the Italian Job.
A group of Russian nationals recruited students from all over the globe, who opened U.S. bank accounts using falsified passports. The crooks would then send seemingly benign emails to small businesses and municipalities here, which included malware called Zeus Trojan. This virus would embed itself in the targeted victim's computer, allowing the criminals to track every keystroke -- including those that recorded their bank account log-ins and passwords.
The crooks would then send "micro transfers" from the hijacked accounts to the accounts of the student "money mules," who received and transferred the stolen cash to the accounts of the masterminds, who lived thousands of miles away.
New York Police Department detectives stumbled on the scheme when investigating a suspicious $44,000 withdrawal from a Bronx bank. They quickly realized that the theft was the tip of the iceberg and sought help from the FBI and international crime fighting partners.
"This advanced cybercrime ring is a disturbing example of organized crime in the 21st Century," said District Attorney Cyrus Vance Jr. "The defendants indicted by our office stole from ordinary citizens and businesses using keyboards -- not a gun."
The indictments should serve as both a relief and a cautionary tale for small business owners with online accounts. Where individual bank accounts are protected by federal law that would force banks to cover any fraud losses suffered from this type of cybercrime, small business accounts do not have the same protections, leaving business owners vulnerable to huge losses.
More on MoneyWatch
Online Robbery: Hackers Steal $50,000. Bank says 'Tough Luck'
Suicide by CyberBullying: How to Protect Your Kids
Lawmakers Eye New Millionaires Tax
10 Cities With the Most Drunk Drivers