comments_image Comments

US charges East European cyber virus gang

US law enforcement announced charges against three alleged East European cyber thieves
US law enforcement announced charges against three alleged East European cyber thieves accused of stealing banking information from computers across Europe and the United States, including at the space agency NASA.

The United States on Wednesday charged three young East European men with running an international cyber theft ring that broke into a million computers, including at the space agency NASA.

The trio used a malicious computer code or malware, dubbed the Gozi Virus, to infiltrate computers across Europe, then America, causing "millions in losses by, among other things, stealing online banking credentials," the federal prosecutor's office said.

The alleged designer and "chief architect" of the virus, Russian national Nikita Kuzmin, was detained on US soil back in 2010 and pleaded guilty the following year, pledging to cooperate with investigators.

Possibly as a result of that cooperation agreement, 25-year-old Kuzmin's alleged partners were nabbed at the end of 2012.

Deniss Calovskis, known as "Miami," 27, was arrested in his native Latvia in November, and is charged with writing some of the computer code that made the Gozi Virus so hard for authorities to detect.

Mihai Ionut Paunescu, whose nickname is "Virus," was charged with running the so-called "bulletproof hosting" service that allowed distribution of the Gozi and other viruses. Paunescu, 28, was arrested in his home country of Romania in December.

FBI Assistant Director-in-Charge George Venizelos said: "This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars."

Manhattan chief federal prosecutor Preet Bharara likened the alleged gang to the notorious American bank robber William "Willie" Sutton. But, he added, "as we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an Internet connection.

"This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon."

Prosecutors say the ultra sophisticated scam unfolded between 2005 and March 2012 and that the virus was "virtually undetectable in the computers it infected." First, it was implanted in computers across Europe "on a vast scale," then around 2010 it spread to the United States, the Calovskis indictment said.

In the United States, "more than 160 were computers belonging to the National Aeronautics and Space Administration (NASA)," the indictment said.

Financial losses caused by the Gozi Virus hit "at a minimum, millions of dollars," the indictment said.

Paunescu operated what's known as a "bulletproof hosting" service that allows cyber criminals to operate beyond the reach of law enforcement, the indictment against him says.

The Romanian would rent thieves safe IP addresses and servers which were then used to spread malware, including the Gozi Virus, the Zeus Trojan and SpyeEye Trojan, the charges said.

Collectively, these viruses "have infected millions of computers around the world, targeted numerous banks in the United States and elsewhere, including at least one major United States bank headquartered in Manhattan," the indictment said.

Kuzmin, the indictment against him says, "hired a sophisticated computer programmer to write the virus' source code" for the Gozi, so that he could embark on large-scale theft.

"After months of work, (the unnamed programmer) completed work on the source code for the Gozi Virus and provided it to Kuzmin," who in turn rented the virus out to other criminals, the indictment says.

These co-conspirators were enabled to tailor the Gozi Virus to their own goals, whether for stealing passwords or other data. Kuzmin allegedly called this business the "76 Service."

Calovskis, the Latvian, was described as having used his expertise in computer programming to create "web injects," a code that alters how banking websites appear on infected computers, prompting victims into revealing more personal information, such as social security numbers.

Today's Top Stories