- U.S. and European prosecutors brought charges against an alleged multi-nation cybercriminal ring that sought to steal $100 million.
- The scam used malware, known as GozNym, to steal people’s online banking credentials via “phishing” attacks.
- Emails infected with the virus allowed hackers operating from Europe to record the keystrokes from victims’ computers, steal banking log-in info and siphon money from accounts.
A federal grand jury in Pittsburgh has charged 10 Eastern Europeans in connection with malware attacks that attempted to steal $100 million, U.S. and European authorities announced Thursday.
The U.S. Attorney for the Western District of Pennsylvania presented the charges, along with officials from Germany, Moldova, Ukraine, Bulgaria, Georgia, and the European Union law enforcement and justice agencies Europol and Eurojust. The charges include conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud, and conspiracy to commit money laundering.
The malware, known as GozNym, automated the process of stealing people’s online banking credentials. It infected 41,000 computers around the world using so-called phishing emails that were disguised as legitimate messages or invoices, officials said. Once opened, the emails allowed hackers operating from Europe to record the keystrokes from victims’ computers, steal banking log-in credentials and siphon money from accounts.
The leaders of the scam tried to steal $100 million, according to the indictment, although it’s unclear how much money was actually stolen. In the U.S., the scam targeted a range of companies and other organizations, including a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.
The 10 defendants include citizens of Russia, Ukraine, Moldova, Kazakhstan and Georgia. The accused ringleader of the network and his technical assistant are being prosecuted in Georgia, according to Europol. An 11th defendant in a related case was extradited to the U.S. from Bulgaria in 2016 and pleaded guilty last month in federal court in Pittsburgh, where Thursday’s case was brought.
In cases of cyber crime, attribution—figuring out who’s responsible—is often quite difficult, said CNET Senior Producer Dan Patterson. Thursday’s indictment indicates that law enforcement has gotten better at pinpointing culprits and bringing prosecutions in such cases, he said.
What makes the case unique is that some of those other countries plan to undertake the actual criminal prosecutions, if and when the relevant suspects are apprehended.
Instead of seeking the immediate extradition of all 10 defendants, which can take years of negotiations, prosecutors will first bring charges against several of them in Ukraine, Moldova and Georgia. Scott Brady, the U.S. attorney in Pittsburgh, called it “a paradigm change in how we prosecute cybercrime.”
Brady said that while prosecutors always look to recover stolen funds, that effort is especially challenging in international cybercrime cases. “Proceeds were converted to bitcoin and without the private key, it is really hard to identify and access, let alone seize, those accounts,” he said.
— The Associated Press contributed to this report.