Graphic – How a money mule operation works

Remember the ZeuS and money mule operation that the FBI, working in conjuction with authorities in the Ukraine, the Netherlands, and the UK brought down in September?

The FBI has a nice graphic that illustrates how the operation works.  Here’s a link to the image which is contained within a pdf, but I am reposting it here.  If you look at the Wanted poster that the FBI has posted, many of the suspects are quite young, probably not yet out of their thirties.  I’d wager that a good portion of them are barely even in their twenties.


The graphic illustrates that the money laundering scheme is fairly complex and that malware coding is the tip of the iceberg.  Well, maybe it’s not the tip of the iceberg because without the malware and botnets associated with this, it would be considerably more difficult to steal all of this money.  Maybe a better way of putting it is that the malware is like the tip of an inverted pyramid, and that tip is actually quite steep.  The inverted pyramid all hinges on the malware authors and their ability to steal information and transmit it all back.  Take out the malware authors (i.e., by arresting them) and the scheme starts to unravel.

Looking at this, going after the money mules is always going to be a losing proposition.  The reason is that the money mules are the ones who do the grunt work and are the most unskilled labor in this equation.  Ergo, they are taking on much of the risk but are also the most replaceable.  They are taking on the risk inasmuch as they are ones whose bank accounts the money is being deposited into, and they are the ones heading down to Western Union to transfer the money overseas to the money mules on the other side.  Then, they take the money and transfer it to the cyber criminals.  Thus, the paper trail leads back to them and they are the ones who are easily trackable (the police just need to watch a Western Union locale for suspicious activity).

On the other hand, the mules are accepting the most risk but are also replaceable.  A spammer simply needs to find someone who is willing to get “free” money and won’t rip them off.  They don’t need a specialized set of skills to do the job; by contrast, good malware writers (indeed, good programmers and designers) are more difficult to come by.  They have a set of abilities that are only attained after years of experience.

So, who does the FBI focus on?  The mules who are probably easier to trace (and educate)?  Or the malware authors whose break up will result in less crime, but whose pursual and arrest take far more resources and have a lower success rate in apprehension?

Skip to main content