Crook Who Used His Home IP Address for Banking Fraud Gets 5 Years in Prison

A UK judge sentenced a crook part of a cybercrime operation that used banking malware to five years in prison for stealing £840,000 ($1,035,000) from victims all over the world.

According to the London Metropolitan Police, the crook, a 29-year-old man named Tomasz Skowron, was caught because he used his home IP address to move funds from hacked bank accounts to his own.

Pawn in a large cyber-crime operation that uses banking trojans
Police arrested Skowron in December 2014 after reports from the banking industry. According to the police report, Skowron was part of a cyber-crime operation that infected people’s computers with malware (banking trojans), which logged banking credentials and sent them to the crooks.

Skowron was only one of the many people that this cyber-criminal group granted access to the stolen data. His role was to transfer the funds from the compromised accounts to his own, or the accounts of other money mules, persons who’d later withdraw the funds and start the money laundering process.

Skowron’s mistake was that for a few of these operations, he didn’t use software that hides his home IP address, such as Tor, VPNs, or proxies.

When he logged into the compromised bank accounts, the bank’s servers recorded his IP address, which investigators tracked down to his home in Meredith Road, Worthing.

Skowron stole money from Australian and UK businesses
Police linked Skowron to fraudulent payments made from the Commonwealth Bank of Australia into UK bank accounts.

Additionally, the investigation also linked Skowron to two man-in-the-middle attacks against two construction firms in the UK, from where he logged banking logins, and stole £500,000 ($620,000).

Police say that £39,000 ($48,000) of the stolen funds were transferred into a bank account Skowron opened in his real name just a few days before the attack.

UK police also arrested Piotr Ptach, one of Skowron’s partners, who helped him recruit money mules that would withdraw the stolen funds. Ptach pleaded guilty and was sentenced to three years in prison.

Source:https://www.bleepingcomputer.com/news/security/crook-who-used-his-home-ip-address-for-banking-fraud-gets-5-years-in-prison/